CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2018-3724 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
952 CVE-2018-3723 20 2018-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
953 CVE-2018-3722 2018-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
954 CVE-2018-3721 2018-06-07 2019-10-03
4.0
None Remote Low ??? None Partial None
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
955 CVE-2018-3720 2018-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
956 CVE-2018-3719 20 2018-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
957 CVE-2018-3718 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
958 CVE-2018-3717 79 XSS 2018-06-07 2019-10-09
3.5
None Remote Medium ??? None Partial None
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
959 CVE-2018-3716 79 XSS 2018-06-07 2019-10-09
3.5
None Remote Medium ??? None Partial None
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
960 CVE-2018-3715 22 Dir. Trav. 2018-06-07 2019-10-09
4.0
None Remote Low ??? Partial None None
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
961 CVE-2018-3714 22 Dir. Trav. 2018-06-07 2019-10-09
4.0
None Remote Low ??? Partial None None
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
962 CVE-2018-3713 22 Dir. Trav. 2018-06-07 2019-10-09
4.0
None Remote Low ??? Partial None None
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
963 CVE-2018-3712 22 Dir. Trav. 2018-06-07 2019-10-09
4.0
None Remote Low ??? Partial None None
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
964 CVE-2018-3711 770 2018-06-07 2019-10-09
5.0
None Remote Low Not required None None Partial
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.
965 CVE-2018-3691 2018-06-05 2019-10-03
1.9
None Local Medium Not required Partial None None
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
966 CVE-2018-3665 200 +Info 2018-06-21 2021-06-09
4.7
None Local Medium Not required Complete None None
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
967 CVE-2018-3582 119 Overflow 2018-06-12 2018-08-06
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
968 CVE-2018-3581 119 Overflow 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.
969 CVE-2018-3580 787 Overflow 2018-06-06 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
970 CVE-2018-3579 125 2018-06-12 2019-10-03
2.1
None Local Low Not required Partial None None
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read
971 CVE-2018-3578 119 Overflow 2018-06-06 2018-07-17
9.3
None Remote Medium Not required Complete Complete Complete
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
972 CVE-2018-3576 129 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
973 CVE-2018-3572 119 Overflow 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
974 CVE-2018-3571 416 2018-06-12 2018-08-02
4.6
None Local Low Not required Partial Partial Partial
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations
975 CVE-2018-3565 119 Overflow 2018-06-06 2018-07-17
9.3
None Remote Medium Not required Complete Complete Complete
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.
976 CVE-2018-3562 119 Overflow 2018-06-06 2018-07-17
7.1
None Remote Medium Not required None None Complete
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
977 CVE-2018-2428 2018-06-12 2020-08-24
5.0
None Remote Low Not required Partial None None
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
978 CVE-2018-2425 2018-06-12 2020-08-24
2.1
None Local Low Not required Partial None None
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
979 CVE-2018-2424 20 2018-06-12 2019-10-09
5.0
None Remote Low Not required Partial None None
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
980 CVE-2018-1655 200 +Info 2018-06-22 2019-10-09
2.1
None Local Low Not required Partial None None
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
981 CVE-2018-1614 200 +Info 2018-06-26 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.
982 CVE-2018-1600 319 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.
983 CVE-2018-1553 200 +Info 2018-06-27 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.
984 CVE-2018-1547 Exec Code 2018-06-07 2019-10-09
5.1
None Remote High Not required Partial Partial Partial
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.
985 CVE-2018-1543 295 +Info 2018-06-27 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.
986 CVE-2018-1514 352 CSRF 2018-06-07 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.
987 CVE-2018-1507 79 XSS 2018-06-27 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.
988 CVE-2018-1460 269 Exec Code 2018-06-15 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.
989 CVE-2018-1457 +Priv 2018-06-27 2021-04-22
7.5
None Remote Low Not required Partial Partial Partial
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
990 CVE-2018-1456 611 2018-06-06 2018-07-24
5.5
None Remote Low ??? Partial None Partial
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.
991 CVE-2018-1454 319 +Info 2018-06-05 2020-08-24
4.3
None Remote Medium Not required Partial None None
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.
992 CVE-2018-1453 434 2018-06-08 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
993 CVE-2018-1432 352 XSS CSRF 2018-06-05 2020-08-24
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.
994 CVE-2018-1431 2018-06-13 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
995 CVE-2018-1419 DoS 2018-06-15 2019-10-09
3.5
None Remote Medium ??? None None Partial
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
996 CVE-2018-1393 200 Exec Code +Info 2018-06-13 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.
997 CVE-2018-1374 20 2018-06-26 2019-10-09
4.0
None Remote Low ??? None None Partial
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
998 CVE-2018-1355 601 2018-06-27 2019-03-08
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
999 CVE-2018-1354 732 2018-06-27 2019-10-03
4.0
None Remote Low ??? None Partial None
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
1000 CVE-2018-1351 79 Exec Code XSS 2018-06-28 2020-01-22
3.5
None Remote Medium ??? None Partial None
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.