Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
Max CVSS
7.5
EPSS Score
0.30%
Published
2018-09-29
Updated
2018-11-19
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.
Max CVSS
6.5
EPSS Score
0.10%
Published
2018-09-29
Updated
2018-12-06
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
Max CVSS
7.5
EPSS Score
0.26%
Published
2018-09-26
Updated
2021-09-13
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-09-23
Updated
2018-11-27
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots
Max CVSS
5.3
EPSS Score
0.16%
Published
2018-09-23
Updated
2024-03-21
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).
Max CVSS
8.1
EPSS Score
0.25%
Published
2018-09-26
Updated
2024-02-01
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-09-28
Updated
2018-11-23
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.
Max CVSS
5.5
EPSS Score
0.10%
Published
2018-09-16
Updated
2018-11-01
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
Max CVSS
5.3
EPSS Score
0.09%
Published
2018-09-12
Updated
2018-10-31
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
Max CVSS
4.3
EPSS Score
0.05%
Published
2018-09-26
Updated
2018-11-23
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
Max CVSS
5.3
EPSS Score
0.06%
Published
2018-09-18
Updated
2018-12-06
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
Max CVSS
7.5
EPSS Score
0.43%
Published
2018-09-12
Updated
2018-11-19
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.
Max CVSS
6.8
EPSS Score
0.08%
Published
2018-09-26
Updated
2018-12-27
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.
Max CVSS
9.1
EPSS Score
0.31%
Published
2018-09-07
Updated
2024-03-21
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
Max CVSS
9.8
EPSS Score
1.54%
Published
2018-09-10
Updated
2019-10-03
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
Max CVSS
6.5
EPSS Score
0.12%
Published
2018-09-26
Updated
2021-07-08
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
Max CVSS
5.3
EPSS Score
0.19%
Published
2018-09-18
Updated
2018-11-07
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
Max CVSS
6.1
EPSS Score
0.04%
Published
2018-09-07
Updated
2019-08-06
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
Max CVSS
5.5
EPSS Score
0.19%
Published
2018-09-05
Updated
2019-03-07
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Max CVSS
6.5
EPSS Score
31.20%
Published
2018-09-01
Updated
2021-04-28
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
Max CVSS
7.5
EPSS Score
0.83%
Published
2018-09-05
Updated
2018-11-14
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Max CVSS
8.6
EPSS Score
12.06%
Published
2018-09-14
Updated
2018-11-07
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
Max CVSS
7.5
EPSS Score
0.44%
Published
2018-09-25
Updated
2019-10-03
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
Max CVSS
7.5
EPSS Score
0.45%
Published
2018-09-25
Updated
2020-09-04
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
Max CVSS
5.3
EPSS Score
0.29%
Published
2018-09-25
Updated
2020-09-04
85 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!