| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-5765 |
312 |
|
+Info |
2019-02-19 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. |
|
2 |
CVE-2019-3816 |
200 |
|
+Info |
2019-03-14 |
2019-05-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. |
|
3 |
CVE-2018-1000122 |
125 |
|
DoS +Info |
2018-03-14 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
|
4 |
CVE-2018-1000007 |
|
|
+Info |
2018-01-24 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
|
5 |
CVE-2018-19039 |
200 |
|
+Info |
2018-12-13 |
2020-10-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. |
|
6 |
CVE-2018-18073 |
200 |
|
Bypass +Info |
2018-10-15 |
2020-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. |
|
7 |
CVE-2018-17468 |
200 |
|
+Info |
2018-11-14 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. |
|
8 |
CVE-2018-16876 |
200 |
|
+Info |
2019-01-03 |
2020-05-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. |
|
9 |
CVE-2018-16539 |
200 |
|
+Info |
2018-09-05 |
2019-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. |
|
10 |
CVE-2018-16078 |
200 |
|
+Info |
2019-01-09 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
|
11 |
CVE-2018-15967 |
200 |
|
+Info |
2018-09-25 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. |
|
12 |
CVE-2018-12397 |
200 |
|
+Info |
2019-02-28 |
2019-03-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. |
|
13 |
CVE-2018-12374 |
200 |
|
+Info |
2018-10-18 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. |
|
14 |
CVE-2018-12373 |
200 |
|
+Info |
2018-10-18 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. |
|
15 |
CVE-2018-12372 |
200 |
|
+Info |
2018-10-18 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. |
|
16 |
CVE-2018-12365 |
200 |
|
+Info |
2018-10-18 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. |
|
17 |
CVE-2018-10852 |
200 |
|
+Info |
2018-06-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. |
|
18 |
CVE-2018-10583 |
200 |
|
+Info |
2018-05-01 |
2020-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. |
|
19 |
CVE-2018-6179 |
200 |
|
+Info |
2019-01-09 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. |
|
20 |
CVE-2018-6164 |
200 |
|
+Info |
2019-01-09 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
21 |
CVE-2018-6147 |
200 |
|
+Info |
2019-01-09 |
2019-01-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. |
|
22 |
CVE-2018-6137 |
200 |
|
+Info |
2019-01-09 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
23 |
CVE-2018-6117 |
200 |
|
+Info |
2019-01-09 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
|
24 |
CVE-2018-6109 |
200 |
|
+Info |
2019-01-09 |
2019-01-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. |
|
25 |
CVE-2018-6093 |
200 |
|
+Info |
2019-01-09 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
26 |
CVE-2018-6082 |
200 |
|
+Info |
2018-11-14 |
2018-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. |
|
27 |
CVE-2018-6079 |
200 |
|
+Info |
2018-11-14 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
28 |
CVE-2018-6077 |
200 |
|
+Info |
2018-11-14 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
29 |
CVE-2018-6053 |
200 |
|
+Info |
2018-09-25 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. |
|
30 |
CVE-2018-6052 |
200 |
|
+Info |
2018-09-25 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. |
|
31 |
CVE-2018-6048 |
20 |
|
+Info |
2018-09-25 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. |
|
32 |
CVE-2018-6045 |
200 |
|
+Info |
2018-09-25 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. |
|
33 |
CVE-2018-6037 |
200 |
|
+Info |
2018-09-25 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. |
|
34 |
CVE-2018-6035 |
200 |
|
+Info |
2018-09-25 |
2018-11-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. |
|
35 |
CVE-2018-5750 |
200 |
|
+Info |
2018-01-26 |
2019-03-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. |
|
36 |
CVE-2018-5157 |
200 |
|
Bypass +Info |
2018-06-11 |
2019-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. |
|
37 |
CVE-2018-5131 |
200 |
|
+Info |
2018-06-11 |
2019-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. |
|
38 |
CVE-2018-4117 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
|
39 |
CVE-2018-3665 |
200 |
|
+Info |
2018-06-21 |
2021-06-09 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
|
40 |
CVE-2018-1118 |
200 |
|
+Info |
2018-05-10 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. |
|
41 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2019-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
|
42 |
CVE-2017-15418 |
119 |
|
Overflow +Info |
2018-08-28 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
|
43 |
CVE-2017-15275 |
119 |
|
Overflow +Info |
2017-11-27 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. |
|
44 |
CVE-2017-14494 |
200 |
|
+Info |
2017-10-03 |
2018-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. |
|
45 |
CVE-2017-12173 |
200 |
|
+Info |
2018-07-27 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. |
|
46 |
CVE-2017-12163 |
200 |
|
+Info |
2018-07-26 |
2019-10-09 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. |
|
47 |
CVE-2017-11225 |
416 |
|
Exec Code Mem. Corr. +Info |
2017-12-09 |
2017-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. |
|
48 |
CVE-2017-11215 |
416 |
|
Exec Code Mem. Corr. +Info |
2017-12-09 |
2017-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. |
|
49 |
CVE-2017-9788 |
200 |
|
DoS +Info |
2017-07-13 |
2021-06-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. |
|
50 |
CVE-2017-7847 |
200 |
|
+Info |
2018-06-11 |
2018-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. |
