CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2018-10406 295 Exec Code 2018-06-13 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
602 CVE-2018-10405 295 Exec Code 2018-06-13 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
603 CVE-2018-10404 295 Exec Code 2018-06-13 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
604 CVE-2018-10403 295 Exec Code 2018-06-13 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
605 CVE-2018-10382 79 XSS 2018-06-01 2018-06-27
3.5
None Remote Medium ??? None Partial None
MODX Revolution 2.6.3 has XSS.
606 CVE-2018-10377 295 2018-06-17 2018-08-14
4.3
None Remote Medium Not required Partial None None
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
607 CVE-2018-10363 20 2018-06-13 2018-08-09
5.0
None Remote Low Not required None Partial None
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.
608 CVE-2018-10360 125 DoS 2018-06-11 2019-05-02
4.3
None Remote Medium Not required None None Partial
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
609 CVE-2018-10359 119 Exec Code Overflow 2018-06-08 2019-10-03
5.4
None Local Medium Not required None Partial Complete
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
610 CVE-2018-10358 119 Exec Code Overflow 2018-06-08 2019-10-03
5.4
None Local Medium Not required None Partial Complete
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
611 CVE-2018-10198 200 +Info 2018-06-06 2018-07-31
4.0
None Remote Low ??? Partial None None
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
612 CVE-2018-10088 119 Overflow 2018-06-08 2018-07-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
613 CVE-2018-10058 787 Exec Code Overflow 2018-06-05 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.
614 CVE-2018-10057 22 Dir. Trav. 2018-06-05 2018-07-27
4.0
None Remote Low ??? None Partial None
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
615 CVE-2018-9859 2018-06-16 2019-10-03
5.1
None Remote High Not required Partial Partial Partial
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
616 CVE-2018-9246 116 Exec Code 2018-06-08 2018-08-01
7.5
None Remote Low Not required Partial Partial Partial
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
617 CVE-2018-9182 79 XSS 2018-06-08 2018-07-31
4.3
None Remote Medium Not required None Partial None
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
618 CVE-2018-9177 79 XSS 2018-06-08 2018-07-12
4.3
None Remote Medium Not required None Partial None
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
619 CVE-2018-9036 79 +Priv XSS 2018-06-20 2018-08-10
3.5
None Remote Medium ??? None Partial None
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.
620 CVE-2018-9029 89 Sql 2018-06-18 2021-04-12
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
621 CVE-2018-9028 326 2018-06-18 2021-04-12
5.0
None Remote Low Not required Partial None None
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
622 CVE-2018-9027 79 XSS 2018-06-18 2018-08-10
4.3
None Remote Medium Not required None Partial None
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
623 CVE-2018-9026 384 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
624 CVE-2018-9025 20 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
625 CVE-2018-9024 287 2018-06-18 2021-04-12
5.0
None Remote Low Not required None Partial None
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
626 CVE-2018-9023 20 Exec Code Bypass 2018-06-18 2021-04-12
9.0
None Remote Low ??? Complete Complete Complete
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
627 CVE-2018-9022 269 Exec Code Bypass 2018-06-18 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
628 CVE-2018-9021 269 Exec Code Bypass 2018-06-18 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
629 CVE-2018-8927 863 2018-06-14 2021-05-12
4.0
None Remote Low ??? None Partial None
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
630 CVE-2018-8926 2018-06-08 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
631 CVE-2018-8925 352 CSRF 2018-06-08 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
632 CVE-2018-8924 79 XSS 2018-06-05 2019-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
633 CVE-2018-8923 79 XSS 2018-06-05 2019-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
634 CVE-2018-8922 2018-06-01 2019-10-09
4.0
None Remote Low ??? Partial None None
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
635 CVE-2018-8921 79 XSS 2018-06-01 2019-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
636 CVE-2018-8916 640 2018-06-08 2019-10-09
4.0
None Remote Low ??? Partial None None
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
637 CVE-2018-8902 287 2018-06-29 2019-10-03
4.0
None Remote Low ??? Partial None None
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.
638 CVE-2018-8901 2018-06-29 2020-08-24
2.1
None Local Low Not required Partial None None
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
639 CVE-2018-8819 611 2018-06-14 2021-07-27
5.0
None Remote Low Not required Partial None None
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
640 CVE-2018-8755 862 2018-06-25 2019-10-03
5.0
None Remote Low Not required Partial None None
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.
641 CVE-2018-8727 22 Dir. Trav. 2018-06-19 2018-08-09
5.0
None Remote Low Not required Partial None None
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
642 CVE-2018-8267 787 Exec Code Mem. Corr. 2018-06-14 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243.
643 CVE-2018-8254 79 XSS 2018-06-14 2018-08-06
3.5
None Remote Medium ??? None Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.
644 CVE-2018-8252 79 XSS 2018-06-14 2018-08-06
3.5
None Remote Medium ??? None Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.
645 CVE-2018-8251 787 Mem. Corr. 2018-06-14 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
646 CVE-2018-8249 787 Exec Code Mem. Corr. 2018-06-14 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.
647 CVE-2018-8248 Exec Code 2018-06-14 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
648 CVE-2018-8247 79 XSS 2018-06-14 2019-10-03
5.8
None Remote Medium Not required Partial Partial None
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
649 CVE-2018-8246 200 +Info 2018-06-14 2018-08-06
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
650 CVE-2018-8245 Exec Code 2018-06-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.