CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2018-4221 200 +Info 2018-06-08 2019-03-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
902 CVE-2018-4220 732 Exec Code 2018-06-08 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.
903 CVE-2018-4219 704 +Priv 2018-06-08 2018-07-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.
904 CVE-2018-4218 416 DoS Exec Code Mem. Corr. 2018-06-08 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
905 CVE-2018-4215 119 DoS Overflow +Priv 2018-06-08 2018-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app.
906 CVE-2018-4214 119 DoS Overflow Mem. Corr. 2018-06-08 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.
907 CVE-2018-4211 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2018-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
908 CVE-2018-4206 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2018-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
909 CVE-2018-4205 20 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
910 CVE-2018-4204 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
911 CVE-2018-4202 20 2018-06-08 2019-10-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
912 CVE-2018-4201 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
913 CVE-2018-4200 416 DoS Exec Code Mem. Corr. 2018-06-08 2019-03-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
914 CVE-2018-4199 119 DoS Exec Code Overflow 2018-06-08 2019-03-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
915 CVE-2018-4198 20 DoS 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
916 CVE-2018-4196 200 Exec Code +Info 2018-06-08 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.
917 CVE-2018-4193 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
918 CVE-2018-4192 362 Exec Code 2018-06-08 2019-03-07
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.
919 CVE-2018-4190 522 +Info 2018-06-08 2019-10-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.
920 CVE-2018-4188 20 2018-06-08 2018-07-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
921 CVE-2018-4187 20 2018-06-08 2019-04-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
922 CVE-2018-4184 Bypass 2018-06-08 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
923 CVE-2018-4171 200 +Info 2018-06-08 2018-07-13
7.1
None Remote Medium Not required Complete None None
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.
924 CVE-2018-4159 200 Bypass +Info 2018-06-08 2018-07-13
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
925 CVE-2018-4141 200 Bypass +Info 2018-06-08 2018-07-13
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
926 CVE-2018-3853 416 Exec Code 2018-06-04 2018-07-31
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
927 CVE-2018-3852 20 DoS 2018-06-06 2018-07-23
5.0
None Remote Low Not required None None Partial
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.
928 CVE-2018-3841 476 2018-06-26 2019-10-03
5.0
None Remote Low Not required None None Partial
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.
929 CVE-2018-3840 20 2018-06-26 2018-08-31
5.0
None Remote Low Not required None None Partial
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.
930 CVE-2018-3809 200 +Info 2018-06-01 2018-07-17
5.0
None Remote Low Not required Partial None None
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
931 CVE-2018-3760 200 +Info 2018-06-26 2019-10-09
5.0
None Remote Low Not required Partial None None
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
932 CVE-2018-3759 362 2018-06-13 2019-10-09
4.3
None Remote Medium Not required Partial None None
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
933 CVE-2018-3758 434 +Priv 2018-06-07 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
934 CVE-2018-3757 78 2018-06-01 2020-03-13
10.0
None Remote Low Not required Complete Complete Complete
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
935 CVE-2018-3756 347 Bypass 2018-06-01 2018-07-18
5.0
None Remote Low Not required None Partial None
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
936 CVE-2018-3755 79 XSS 2018-06-01 2019-10-09
4.3
None Remote Medium Not required None Partial None
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
937 CVE-2018-3746 78 Exec Code 2018-06-01 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
938 CVE-2018-3743 601 2018-06-01 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.
939 CVE-2018-3739 125 2018-06-07 2019-10-09
6.4
None Remote Low Not required Partial None Partial
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
940 CVE-2018-3738 185 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None None Partial
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
941 CVE-2018-3737 185 2018-06-07 2019-10-09
5.0
None Remote Low Not required None None Partial
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
942 CVE-2018-3736 399 2018-06-06 2018-07-20
6.4
None Remote Low Not required Partial None Partial
https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak.
943 CVE-2018-3735 79 XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
944 CVE-2018-3732 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
945 CVE-2018-3731 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
946 CVE-2018-3730 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
947 CVE-2018-3729 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
948 CVE-2018-3727 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
949 CVE-2018-3726 79 XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
950 CVE-2018-3725 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.