Vulnerabilities (CVE)

CWE filter

CWE-200

Filter

5732 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18710 1 Linux 1 Linux Kernel 2018-12-07 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with...
CVE-2018-16668 1 Circontrol 1 Circarlife Firmware 2018-12-07 5.0
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVE-2018-14642 1 Redhat 1 Undertow 2018-12-07 5.0
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may...
CVE-2018-15661 1 Olacabs 1 Olamoney 2018-12-07 2.6
** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password...
CVE-2017-5754 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2018-12-07 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2018-6559 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 2.1
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2018-17780 1 Telegram 2 Telegram Desktop, Telegram Messenger 2018-12-06 4.0
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My...
CVE-2018-18566 1 Polycom 3 Uc Software, Vvx 500 Firmware, Vvx 601 Firmware 2018-12-06 5.0
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVE-2013-0637 1 Adobe 4 Adobe Air, Flash Player For Android, Adobe Air Sdk and 1 more 2018-12-06 5.0
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and...
CVE-2018-18778 2018-12-06 4.0
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
CVE-2018-17622 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 4.3
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
CVE-2018-18657 1 Arcserve 1 Udp 2018-12-06 5.0
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVE-2018-18658 1 Arcserve 1 Udp 2018-12-06 5.0
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
CVE-2018-18289 2018-12-06 5.0
The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.
CVE-2018-16959 1 Oracle 1 Webcenter Interaction 2018-12-06 5.0
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users...
CVE-2018-8292 1 Microsoft 2 Asp.net Core, Powershell Core 2018-12-06 5.0
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1,...
CVE-2018-12358 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2018-12-06 4.3
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.
CVE-2018-18376 1 Orange 1 Airbox Firmware 2018-12-06 5.0
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
CVE-2018-7924 1 Huawei 1 Anne-al00 Firmware 2018-12-06 2.1
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit...
CVE-2018-8506 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2018-12-06 1.9
An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10,...