Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-1505 | Information Exposure vulnerability in IBM I2 Enterprise Insight Analysis 2.1.7/2.1.8 IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2018-12-05 | CVE-2018-1568 | Information Exposure vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-10 | CVE-2018-19148 | Information Exposure vulnerability in Caddyserver Caddy Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. | 3.7 |
| 2018-11-09 | CVE-2018-1842 | Improper Verification of Cryptographic Signature vulnerability in multiple products IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. | 3.6 |
| 2018-11-09 | CVE-2016-9749 | Improper Input Validation vulnerability in IBM Campaign IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. | 3.3 |
| 2018-11-05 | CVE-2018-17907 | Information Exposure vulnerability in Omron Cx-Supervisor When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | 3.3 |
| 2018-10-30 | CVE-2018-16463 | Session Fixation vulnerability in Nextcloud Server A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | 3.1 |
| 2018-10-26 | CVE-2018-6559 | Information Exposure vulnerability in multiple products The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | 3.3 |