An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.
Max CVSS
4.3
EPSS Score
0.10%
Published
2018-12-10
Updated
2019-05-08
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
Max CVSS
8.8
EPSS Score
0.25%
Published
2018-12-20
Updated
2019-02-13
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.
Max CVSS
5.3
EPSS Score
0.18%
Published
2018-12-30
Updated
2019-01-09
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
Max CVSS
7.5
EPSS Score
1.11%
Published
2018-12-30
Updated
2019-01-09
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.
Max CVSS
5.3
EPSS Score
0.18%
Published
2018-12-30
Updated
2019-01-09
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-12-30
Updated
2019-01-09
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-12-30
Updated
2019-01-10
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-12-28
Updated
2019-01-11
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-12-27
Updated
2019-04-01
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-12-26
Updated
2020-08-24
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.
Max CVSS
7.5
EPSS Score
0.59%
Published
2018-12-26
Updated
2019-01-17
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.
Max CVSS
9.8
EPSS Score
0.49%
Published
2018-12-23
Updated
2020-08-24
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.
Max CVSS
4.3
EPSS Score
0.08%
Published
2018-12-20
Updated
2020-07-14
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
Max CVSS
5.3
EPSS Score
0.13%
Published
2018-12-17
Updated
2024-03-21
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
Max CVSS
4.3
EPSS Score
0.09%
Published
2018-12-14
Updated
2019-01-07
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
Max CVSS
7.5
EPSS Score
1.03%
Published
2018-12-14
Updated
2019-03-04
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
Max CVSS
7.5
EPSS Score
0.81%
Published
2018-12-19
Updated
2020-10-23
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
Max CVSS
7.5
EPSS Score
0.83%
Published
2018-12-19
Updated
2020-10-23
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
Max CVSS
5.5
EPSS Score
0.12%
Published
2018-12-17
Updated
2019-10-06
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
Max CVSS
6.5
EPSS Score
45.37%
Published
2018-12-11
Updated
2019-04-23
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-12-08
Updated
2019-10-03
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
Max CVSS
4.7
EPSS Score
0.11%
Published
2018-12-04
Updated
2019-11-06
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
Max CVSS
4.3
EPSS Score
0.05%
Published
2018-12-14
Updated
2019-01-03
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Max CVSS
6.5
EPSS Score
3.53%
Published
2018-12-13
Updated
2020-10-04
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.
Max CVSS
7.5
EPSS Score
0.26%
Published
2018-12-04
Updated
2018-12-21
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!