| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2018-12498 |
89 |
|
Sql |
2018-06-15 |
2018-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. |
|
252 |
CVE-2018-12495 |
125 |
|
DoS |
2018-06-15 |
2019-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. |
|
253 |
CVE-2018-12494 |
22 |
|
Dir. Trav. |
2018-06-15 |
2019-03-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. |
|
254 |
CVE-2018-12493 |
22 |
|
Dir. Trav. |
2018-06-15 |
2019-05-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. |
|
255 |
CVE-2018-12492 |
20 |
|
|
2018-06-15 |
2018-07-27 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. |
|
256 |
CVE-2018-12491 |
434 |
|
|
2018-06-15 |
2018-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. |
|
257 |
CVE-2018-12481 |
200 |
|
+Info |
2018-06-15 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. |
|
258 |
CVE-2018-12465 |
78 |
|
Exec Code |
2018-06-29 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). |
|
259 |
CVE-2018-12464 |
89 |
|
Exec Code Sql |
2018-06-29 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). |
|
260 |
CVE-2018-12460 |
476 |
|
DoS |
2018-06-15 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. |
|
261 |
CVE-2018-12459 |
20 |
|
DoS |
2018-06-15 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
262 |
CVE-2018-12458 |
20 |
|
DoS |
2018-06-15 |
2021-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
263 |
CVE-2018-12457 |
732 |
|
|
2018-06-15 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. |
|
264 |
CVE-2018-12454 |
338 |
|
|
2018-06-17 |
2018-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards. |
|
265 |
CVE-2018-12453 |
704 |
|
|
2018-06-16 |
2018-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. |
|
266 |
CVE-2018-12447 |
787 |
|
Exec Code Overflow |
2018-06-15 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. |
|
267 |
CVE-2018-12446 |
287 |
|
Bypass |
2018-06-20 |
2018-08-23 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred. |
|
268 |
CVE-2018-12445 |
287 |
|
Bypass |
2018-06-20 |
2018-08-23 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred. |
|
269 |
CVE-2018-12440 |
200 |
|
+Info |
2018-06-15 |
2018-08-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
270 |
CVE-2018-12439 |
200 |
|
XSS +Info |
2018-06-15 |
2018-08-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
271 |
CVE-2018-12438 |
200 |
|
+Info |
2018-06-15 |
2021-03-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
272 |
CVE-2018-12437 |
200 |
|
+Info |
2018-06-15 |
2021-06-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
273 |
CVE-2018-12436 |
200 |
|
+Info |
2018-06-15 |
2018-08-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
274 |
CVE-2018-12435 |
200 |
|
+Info |
2018-06-15 |
2018-08-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
275 |
CVE-2018-12434 |
200 |
|
+Info |
2018-06-15 |
2018-08-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
276 |
CVE-2018-12433 |
200 |
|
+Info |
2018-06-15 |
2021-03-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. |
|
277 |
CVE-2018-12432 |
79 |
|
XSS |
2018-06-14 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. |
|
278 |
CVE-2018-12431 |
79 |
|
XSS |
2018-06-14 |
2018-08-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). |
|
279 |
CVE-2018-12423 |
|
|
|
2018-06-14 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. |
|
280 |
CVE-2018-12422 |
119 |
|
Overflow |
2018-06-15 |
2018-08-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap." |
|
281 |
CVE-2018-12421 |
640 |
|
|
2018-06-14 |
2018-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. |
|
282 |
CVE-2018-12420 |
327 |
|
|
2018-06-14 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. |
|
283 |
CVE-2018-12418 |
835 |
|
DoS |
2018-06-14 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. |
|
284 |
CVE-2018-12356 |
347 |
|
Exec Code |
2018-06-15 |
2019-05-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution. |
|
285 |
CVE-2018-12355 |
79 |
|
XSS |
2018-06-13 |
2020-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. |
|
286 |
CVE-2018-12354 |
352 |
|
CSRF |
2018-06-13 |
2018-07-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. |
|
287 |
CVE-2018-12353 |
79 |
|
XSS |
2018-06-13 |
2018-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. |
|
288 |
CVE-2018-12339 |
79 |
|
XSS |
2018-06-13 |
2018-08-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
ArticleCMS through 2017-02-19 has XSS via an "add an article" action. |
|
289 |
CVE-2018-12338 |
|
|
|
2018-06-17 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access. |
|
290 |
CVE-2018-12337 |
200 |
|
+Info |
2018-06-17 |
2018-08-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. |
|
291 |
CVE-2018-12336 |
200 |
|
+Info |
2018-06-17 |
2018-08-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. |
|
292 |
CVE-2018-12335 |
732 |
|
|
2018-06-17 |
2019-10-03 |
4.1 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
None |
|
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. |
|
293 |
CVE-2018-12334 |
|
|
|
2018-06-17 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. |
|
294 |
CVE-2018-12333 |
345 |
|
Exec Code |
2018-06-17 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. |
|
295 |
CVE-2018-12332 |
459 |
|
|
2018-06-17 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. |
|
296 |
CVE-2018-12331 |
290 |
|
Bypass |
2018-06-17 |
2020-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." |
|
297 |
CVE-2018-12330 |
|
|
|
2018-06-17 |
2019-10-03 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
|
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. |
|
298 |
CVE-2018-12329 |
200 |
|
+Info |
2018-06-17 |
2018-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. |
|
299 |
CVE-2018-12327 |
787 |
|
Exec Code Overflow |
2018-06-20 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. |
|
300 |
CVE-2018-12326 |
119 |
|
Exec Code Overflow |
2018-06-17 |
2019-01-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. |
