| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
951 |
CVE-2018-3724 |
22 |
|
Dir. Trav. |
2018-06-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. |
|
952 |
CVE-2018-3723 |
20 |
|
|
2018-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. |
|
953 |
CVE-2018-3722 |
|
|
|
2018-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. |
|
954 |
CVE-2018-3721 |
|
|
|
2018-06-07 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. |
|
955 |
CVE-2018-3720 |
|
|
|
2018-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. |
|
956 |
CVE-2018-3719 |
20 |
|
|
2018-06-07 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. |
|
957 |
CVE-2018-3718 |
|
|
|
2018-06-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. |
|
958 |
CVE-2018-3717 |
79 |
|
XSS |
2018-06-07 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. |
|
959 |
CVE-2018-3716 |
79 |
|
XSS |
2018-06-07 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. |
|
960 |
CVE-2018-3715 |
22 |
|
Dir. Trav. |
2018-06-07 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. |
|
961 |
CVE-2018-3714 |
22 |
|
Dir. Trav. |
2018-06-07 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. |
|
962 |
CVE-2018-3713 |
22 |
|
Dir. Trav. |
2018-06-07 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. |
|
963 |
CVE-2018-3712 |
22 |
|
Dir. Trav. |
2018-06-07 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. |
|
964 |
CVE-2018-3711 |
770 |
|
|
2018-06-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. |
|
965 |
CVE-2018-3691 |
|
|
|
2018-06-05 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. |
|
966 |
CVE-2018-3665 |
200 |
|
+Info |
2018-06-21 |
2021-06-09 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
|
967 |
CVE-2018-3582 |
119 |
|
Overflow |
2018-06-12 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
968 |
CVE-2018-3581 |
119 |
|
Overflow |
2018-06-12 |
2018-08-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid. |
|
969 |
CVE-2018-3580 |
787 |
|
Overflow |
2018-06-06 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
970 |
CVE-2018-3579 |
125 |
|
|
2018-06-12 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read |
|
971 |
CVE-2018-3578 |
119 |
|
Overflow |
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
972 |
CVE-2018-3576 |
129 |
|
|
2018-06-12 |
2018-08-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
973 |
CVE-2018-3572 |
119 |
|
Overflow |
2018-06-12 |
2018-08-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
974 |
CVE-2018-3571 |
416 |
|
|
2018-06-12 |
2018-08-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations |
|
975 |
CVE-2018-3565 |
119 |
|
Overflow |
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur. |
|
976 |
CVE-2018-3562 |
119 |
|
Overflow |
2018-06-06 |
2018-07-17 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
977 |
CVE-2018-2428 |
|
|
|
2018-06-12 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. |
|
978 |
CVE-2018-2425 |
|
|
|
2018-06-12 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. |
|
979 |
CVE-2018-2424 |
20 |
|
|
2018-06-12 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 |
|
980 |
CVE-2018-1655 |
200 |
|
+Info |
2018-06-22 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. |
|
981 |
CVE-2018-1614 |
200 |
|
+Info |
2018-06-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. |
|
982 |
CVE-2018-1600 |
319 |
|
|
2018-06-04 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. |
|
983 |
CVE-2018-1553 |
200 |
|
+Info |
2018-06-27 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. |
|
984 |
CVE-2018-1547 |
|
|
Exec Code |
2018-06-07 |
2019-10-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651. |
|
985 |
CVE-2018-1543 |
295 |
|
+Info |
2018-06-27 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. |
|
986 |
CVE-2018-1514 |
352 |
|
CSRF |
2018-06-07 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. |
|
987 |
CVE-2018-1507 |
79 |
|
XSS |
2018-06-27 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415. |
|
988 |
CVE-2018-1460 |
269 |
|
Exec Code |
2018-06-15 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211. |
|
989 |
CVE-2018-1457 |
|
|
+Priv |
2018-06-27 |
2021-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208. |
|
990 |
CVE-2018-1456 |
611 |
|
|
2018-06-06 |
2018-07-24 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091. |
|
991 |
CVE-2018-1454 |
319 |
|
+Info |
2018-06-05 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. |
|
992 |
CVE-2018-1453 |
434 |
|
|
2018-06-08 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055. |
|
993 |
CVE-2018-1432 |
352 |
|
XSS CSRF |
2018-06-05 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. |
|
994 |
CVE-2018-1431 |
|
|
|
2018-06-13 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240. |
|
995 |
CVE-2018-1419 |
|
|
DoS |
2018-06-15 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949. |
|
996 |
CVE-2018-1393 |
200 |
|
Exec Code +Info |
2018-06-13 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. |
|
997 |
CVE-2018-1374 |
20 |
|
|
2018-06-26 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775. |
|
998 |
CVE-2018-1355 |
601 |
|
|
2018-06-27 |
2019-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. |
|
999 |
CVE-2018-1354 |
732 |
|
|
2018-06-27 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. |
|
1000 |
CVE-2018-1351 |
79 |
|
Exec Code XSS |
2018-06-28 |
2020-01-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. |
