| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2018-12634 |
200 |
|
+Info |
2018-06-22 |
2021-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. |
|
202 |
CVE-2018-12633 |
362 |
|
DoS +Info |
2018-06-22 |
2018-08-21 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
None |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. |
|
203 |
CVE-2018-12632 |
200 |
|
+Info |
2018-06-21 |
2018-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. |
|
204 |
CVE-2018-12631 |
22 |
|
Dir. Trav. |
2018-06-21 |
2018-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. |
|
205 |
CVE-2018-12630 |
89 |
|
Sql |
2018-06-21 |
2018-08-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. |
|
206 |
CVE-2018-12617 |
190 |
|
Overflow |
2018-06-21 |
2020-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. |
|
207 |
CVE-2018-12615 |
732 |
|
|
2018-06-21 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. |
|
208 |
CVE-2018-12613 |
287 |
|
Exec Code Bypass |
2018-06-21 |
2021-11-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). |
|
209 |
CVE-2018-12604 |
532 |
|
+Info |
2018-06-20 |
2018-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. |
|
210 |
CVE-2018-12603 |
352 |
|
CSRF |
2018-06-25 |
2018-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. |
|
211 |
CVE-2018-12602 |
352 |
|
CSRF |
2018-06-25 |
2018-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. |
|
212 |
CVE-2018-12601 |
787 |
|
DoS Overflow |
2018-06-20 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. |
|
213 |
CVE-2018-12600 |
787 |
|
|
2018-06-20 |
2018-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. |
|
214 |
CVE-2018-12599 |
787 |
|
|
2018-06-20 |
2018-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. |
|
215 |
CVE-2018-12594 |
200 |
|
+Info |
2018-06-20 |
2018-08-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. |
|
216 |
CVE-2018-12592 |
200 |
|
+Info |
2018-06-20 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. |
|
217 |
CVE-2018-12591 |
78 |
|
Exec Code |
2018-06-20 |
2018-08-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions. |
|
218 |
CVE-2018-12590 |
134 |
|
Exec Code |
2018-06-20 |
2020-02-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. |
|
219 |
CVE-2018-12589 |
426 |
|
Exec Code |
2018-06-28 |
2018-08-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. |
|
220 |
CVE-2018-12588 |
79 |
|
XSS |
2018-06-19 |
2018-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). |
|
221 |
CVE-2018-12583 |
352 |
|
CSRF |
2018-06-19 |
2018-08-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. |
|
222 |
CVE-2018-12582 |
352 |
|
CSRF |
2018-06-19 |
2018-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. |
|
223 |
CVE-2018-12581 |
79 |
|
XSS |
2018-06-21 |
2018-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. |
|
224 |
CVE-2018-12580 |
79 |
|
XSS |
2018-06-19 |
2018-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. |
|
225 |
CVE-2018-12578 |
787 |
|
DoS Overflow |
2018-06-19 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. |
|
226 |
CVE-2018-12565 |
20 |
|
Exec Code |
2018-06-19 |
2019-09-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. |
|
227 |
CVE-2018-12564 |
20 |
|
|
2018-06-19 |
2018-08-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. |
|
228 |
CVE-2018-12563 |
20 |
|
|
2018-06-19 |
2018-08-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. |
|
229 |
CVE-2018-12562 |
20 |
|
|
2018-06-19 |
2018-08-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string). |
|
230 |
CVE-2018-12561 |
20 |
|
|
2018-06-19 |
2018-08-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL. |
|
231 |
CVE-2018-12560 |
22 |
|
Dir. Trav. |
2018-06-19 |
2018-08-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. |
|
232 |
CVE-2018-12559 |
22 |
|
Dir. Trav. Bypass |
2018-06-19 |
2018-08-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. |
|
233 |
CVE-2018-12558 |
407 |
|
DoS |
2018-06-20 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f"). |
|
234 |
CVE-2018-12557 |
200 |
|
+Info |
2018-06-19 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. |
|
235 |
CVE-2018-12538 |
384 |
|
|
2018-06-22 |
2020-10-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. |
|
236 |
CVE-2018-12536 |
|
|
|
2018-06-27 |
2021-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. |
|
237 |
CVE-2018-12534 |
89 |
|
Sql |
2018-06-18 |
2018-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. |
|
238 |
CVE-2018-12533 |
917 |
|
Exec Code |
2018-06-18 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. |
|
239 |
CVE-2018-12532 |
917 |
|
Exec Code |
2018-06-18 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. |
|
240 |
CVE-2018-12531 |
94 |
|
|
2018-06-18 |
2018-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. |
|
241 |
CVE-2018-12530 |
22 |
|
Dir. Trav. CSRF |
2018-06-18 |
2020-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. |
|
242 |
CVE-2018-12526 |
798 |
|
|
2018-06-21 |
2018-08-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. |
|
243 |
CVE-2018-12525 |
200 |
|
+Info |
2018-06-18 |
2018-07-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. |
|
244 |
CVE-2018-12524 |
200 |
|
+Info |
2018-06-18 |
2018-07-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. |
|
245 |
CVE-2018-12523 |
200 |
|
+Info |
2018-06-18 |
2018-07-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. |
|
246 |
CVE-2018-12522 |
200 |
|
+Info |
2018-06-18 |
2018-07-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. |
|
247 |
CVE-2018-12519 |
434 |
|
|
2018-06-19 |
2018-08-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. |
|
248 |
CVE-2018-12504 |
617 |
|
|
2018-06-16 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. |
|
249 |
CVE-2018-12503 |
125 |
|
|
2018-06-16 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. |
|
250 |
CVE-2018-12501 |
79 |
|
XSS |
2018-06-16 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. |
