| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000504 |
601 |
|
File Inclusion |
2018-06-26 |
2018-09-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. |
|
2 |
CVE-2018-13021 |
434 |
|
Exec Code |
2018-06-29 |
2018-08-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. |
|
3 |
CVE-2018-12925 |
521 |
|
|
2018-06-28 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Baseon Lantronix MSS devices do not require a password for TELNET access. |
|
4 |
CVE-2018-12924 |
798 |
|
|
2018-06-28 |
2018-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. |
|
5 |
CVE-2018-12714 |
787 |
|
DoS |
2018-06-24 |
2018-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. |
|
6 |
CVE-2018-12591 |
78 |
|
Exec Code |
2018-06-20 |
2018-08-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions. |
|
7 |
CVE-2018-12590 |
134 |
|
Exec Code |
2018-06-20 |
2020-02-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. |
|
8 |
CVE-2018-12526 |
798 |
|
|
2018-06-21 |
2018-08-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. |
|
9 |
CVE-2018-12465 |
78 |
|
Exec Code |
2018-06-29 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). |
|
10 |
CVE-2018-12338 |
|
|
|
2018-06-17 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access. |
|
11 |
CVE-2018-12336 |
200 |
|
+Info |
2018-06-17 |
2018-08-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. |
|
12 |
CVE-2018-12330 |
|
|
|
2018-06-17 |
2019-10-03 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
|
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. |
|
13 |
CVE-2018-12072 |
|
|
|
2018-06-17 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it. |
|
14 |
CVE-2018-12049 |
287 |
|
Bypass |
2018-06-08 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. |
|
15 |
CVE-2018-12048 |
287 |
|
Bypass |
2018-06-08 |
2018-08-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. |
|
16 |
CVE-2018-11808 |
20 |
|
|
2018-06-06 |
2018-08-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server. |
|
17 |
CVE-2018-11714 |
384 |
|
|
2018-06-04 |
2018-07-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. |
|
18 |
CVE-2018-11711 |
287 |
|
Bypass |
2018-06-04 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. |
|
19 |
CVE-2018-11692 |
287 |
|
Bypass |
2018-06-04 |
2018-07-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. |
|
20 |
CVE-2018-11682 |
798 |
|
Exec Code |
2018-06-02 |
2019-06-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. |
|
21 |
CVE-2018-11681 |
798 |
|
Exec Code |
2018-06-02 |
2019-06-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. |
|
22 |
CVE-2018-11652 |
1236 |
|
|
2018-06-01 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. |
|
23 |
CVE-2018-11629 |
798 |
|
Exec Code |
2018-06-02 |
2019-06-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. |
|
24 |
CVE-2018-11551 |
426 |
|
Exec Code |
2018-06-01 |
2018-07-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. |
|
25 |
CVE-2018-11228 |
94 |
|
Exec Code |
2018-06-08 |
2019-05-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). |
|
26 |
CVE-2018-11194 |
732 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). |
|
27 |
CVE-2018-11193 |
732 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). |
|
28 |
CVE-2018-11192 |
732 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). |
|
29 |
CVE-2018-11191 |
732 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). |
|
30 |
CVE-2018-11190 |
269 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). |
|
31 |
CVE-2018-11189 |
78 |
|
|
2018-06-02 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). |
|
32 |
CVE-2018-10997 |
89 |
|
Sql |
2018-06-17 |
2018-08-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. |
|
33 |
CVE-2018-10662 |
|
|
|
2018-06-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. |
|
34 |
CVE-2018-10661 |
|
|
Bypass |
2018-06-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. |
|
35 |
CVE-2018-10660 |
78 |
|
|
2018-06-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. |
|
36 |
CVE-2018-10088 |
119 |
|
Overflow |
2018-06-08 |
2018-07-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. |
|
37 |
CVE-2018-9023 |
20 |
|
Exec Code Bypass |
2018-06-18 |
2021-04-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. |
|
38 |
CVE-2018-8248 |
|
|
Exec Code |
2018-06-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. |
|
39 |
CVE-2018-8231 |
|
|
Exec Code |
2018-06-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
|
40 |
CVE-2018-8225 |
|
|
Exec Code |
2018-06-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
41 |
CVE-2018-7951 |
94 |
|
|
2018-06-01 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. |
|
42 |
CVE-2018-7950 |
94 |
|
|
2018-06-01 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. |
|
43 |
CVE-2018-7884 |
426 |
|
|
2018-06-05 |
2018-08-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. |
|
44 |
CVE-2018-6213 |
798 |
|
|
2018-06-20 |
2018-08-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. |
|
45 |
CVE-2018-6211 |
78 |
|
|
2018-06-20 |
2018-08-11 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. |
|
46 |
CVE-2018-6210 |
798 |
|
|
2018-06-19 |
2021-04-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. |
|
47 |
CVE-2018-5850 |
191 |
|
Overflow |
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
48 |
CVE-2018-5846 |
416 |
|
|
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
49 |
CVE-2018-5841 |
1188 |
|
|
2018-06-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
50 |
CVE-2018-5840 |
120 |
|
|
2018-06-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
