| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2018-10406 |
295 |
|
Exec Code |
2018-06-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. |
|
602 |
CVE-2018-10405 |
295 |
|
Exec Code |
2018-06-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. |
|
603 |
CVE-2018-10404 |
295 |
|
Exec Code |
2018-06-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. |
|
604 |
CVE-2018-10403 |
295 |
|
Exec Code |
2018-06-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. |
|
605 |
CVE-2018-10382 |
79 |
|
XSS |
2018-06-01 |
2018-06-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
MODX Revolution 2.6.3 has XSS. |
|
606 |
CVE-2018-10377 |
295 |
|
|
2018-06-17 |
2018-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. |
|
607 |
CVE-2018-10363 |
20 |
|
|
2018-06-13 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. |
|
608 |
CVE-2018-10360 |
125 |
|
DoS |
2018-06-11 |
2019-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
|
609 |
CVE-2018-10359 |
119 |
|
Exec Code Overflow |
2018-06-08 |
2019-10-03 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
610 |
CVE-2018-10358 |
119 |
|
Exec Code Overflow |
2018-06-08 |
2019-10-03 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
611 |
CVE-2018-10198 |
200 |
|
+Info |
2018-06-06 |
2018-07-31 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. |
|
612 |
CVE-2018-10088 |
119 |
|
Overflow |
2018-06-08 |
2018-07-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. |
|
613 |
CVE-2018-10058 |
787 |
|
Exec Code Overflow |
2018-06-05 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers. |
|
614 |
CVE-2018-10057 |
22 |
|
Dir. Trav. |
2018-06-05 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal). |
|
615 |
CVE-2018-9859 |
|
|
|
2018-06-16 |
2019-10-03 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. |
|
616 |
CVE-2018-9246 |
116 |
|
Exec Code |
2018-06-08 |
2018-08-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. |
|
617 |
CVE-2018-9182 |
79 |
|
XSS |
2018-06-08 |
2018-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. |
|
618 |
CVE-2018-9177 |
79 |
|
XSS |
2018-06-08 |
2018-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. |
|
619 |
CVE-2018-9036 |
79 |
|
+Priv XSS |
2018-06-20 |
2018-08-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. |
|
620 |
CVE-2018-9029 |
89 |
|
Sql |
2018-06-18 |
2021-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. |
|
621 |
CVE-2018-9028 |
326 |
|
|
2018-06-18 |
2021-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. |
|
622 |
CVE-2018-9027 |
79 |
|
XSS |
2018-06-18 |
2018-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. |
|
623 |
CVE-2018-9026 |
384 |
|
|
2018-06-18 |
2021-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. |
|
624 |
CVE-2018-9025 |
20 |
|
|
2018-06-18 |
2021-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. |
|
625 |
CVE-2018-9024 |
287 |
|
|
2018-06-18 |
2021-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. |
|
626 |
CVE-2018-9023 |
20 |
|
Exec Code Bypass |
2018-06-18 |
2021-04-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. |
|
627 |
CVE-2018-9022 |
269 |
|
Exec Code Bypass |
2018-06-18 |
2021-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. |
|
628 |
CVE-2018-9021 |
269 |
|
Exec Code Bypass |
2018-06-18 |
2021-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. |
|
629 |
CVE-2018-8927 |
863 |
|
|
2018-06-14 |
2021-05-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. |
|
630 |
CVE-2018-8926 |
|
|
|
2018-06-08 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. |
|
631 |
CVE-2018-8925 |
352 |
|
CSRF |
2018-06-08 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. |
|
632 |
CVE-2018-8924 |
79 |
|
XSS |
2018-06-05 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. |
|
633 |
CVE-2018-8923 |
79 |
|
XSS |
2018-06-05 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. |
|
634 |
CVE-2018-8922 |
|
|
|
2018-06-01 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. |
|
635 |
CVE-2018-8921 |
79 |
|
XSS |
2018-06-01 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. |
|
636 |
CVE-2018-8916 |
640 |
|
|
2018-06-08 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. |
|
637 |
CVE-2018-8902 |
287 |
|
|
2018-06-29 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. |
|
638 |
CVE-2018-8901 |
|
|
|
2018-06-29 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration. |
|
639 |
CVE-2018-8819 |
611 |
|
|
2018-06-14 |
2021-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. |
|
640 |
CVE-2018-8755 |
862 |
|
|
2018-06-25 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. |
|
641 |
CVE-2018-8727 |
22 |
|
Dir. Trav. |
2018-06-19 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. |
|
642 |
CVE-2018-8267 |
787 |
|
Exec Code Mem. Corr. |
2018-06-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243. |
|
643 |
CVE-2018-8254 |
79 |
|
XSS |
2018-06-14 |
2018-08-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. |
|
644 |
CVE-2018-8252 |
79 |
|
XSS |
2018-06-14 |
2018-08-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254. |
|
645 |
CVE-2018-8251 |
787 |
|
Mem. Corr. |
2018-06-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
646 |
CVE-2018-8249 |
787 |
|
Exec Code Mem. Corr. |
2018-06-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978. |
|
647 |
CVE-2018-8248 |
|
|
Exec Code |
2018-06-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. |
|
648 |
CVE-2018-8247 |
79 |
|
XSS |
2018-06-14 |
2019-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. |
|
649 |
CVE-2018-8246 |
200 |
|
+Info |
2018-06-14 |
2018-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. |
|
650 |
CVE-2018-8245 |
|
|
Exec Code |
2018-06-14 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher. |
