Total
323222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11750 | 1 Puppet | 1 Cisco Ios Module | 2024-11-21 | N/A |
| Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | ||||
| CVE-2018-11749 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | N/A |
| When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. | ||||
| CVE-2018-11748 | 1 Puppet | 1 Device Manager | 2024-11-21 | N/A |
| Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. | ||||
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2024-11-21 | N/A |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | ||||
| CVE-2018-11746 | 1 Puppet | 1 Discovery | 2024-11-21 | N/A |
| In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. | ||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | N/A |
| Cloudera Manager through 5.15 has Incorrect Access Control. | ||||
| CVE-2018-11743 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-11-21 | 9.8 Critical |
| The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | ||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | ||||
| CVE-2018-11740 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11739 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11738 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11737 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11736 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 5.5 Medium |
| The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||