IDCVSSSummaryLast (major) updatePublished
CVE-2018-12635 None
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
21-06-2018 - 20:29 21-06-2018 - 20:29
CVE-2018-12634 None
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
21-06-2018 - 20:29 21-06-2018 - 20:29
CVE-2018-12633 None
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious us
21-06-2018 - 20:29 21-06-2018 - 20:29
CVE-2018-12632 None
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
21-06-2018 - 18:29 21-06-2018 - 18:29
CVE-2018-12631 None
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
21-06-2018 - 18:29 21-06-2018 - 18:29
CVE-2018-12630 None
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
21-06-2018 - 18:29 21-06-2018 - 18:29
CVE-2018-3665 None
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-12613 None
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-12581 None
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Design
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-7683 None
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
21-06-2018 - 15:29 21-06-2018 - 15:29
CVE-2018-7681 None
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
21-06-2018 - 15:29 21-06-2018 - 15:29
CVE-2018-7680 None
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
21-06-2018 - 15:29 21-06-2018 - 15:29
CVE-2018-7679 None
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
21-06-2018 - 15:29 21-06-2018 - 15:29
CVE-2018-12617 None
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. Th
21-06-2018 - 14:29 21-06-2018 - 14:29
CVE-2018-12615 None
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups ar
21-06-2018 - 11:29 21-06-2018 - 11:29
CVE-2018-1254 None
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console ad
21-06-2018 - 11:29 21-06-2018 - 11:29
CVE-2018-1253 None
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or Java
21-06-2018 - 11:29 21-06-2018 - 11:29
CVE-2018-12526 None
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
21-06-2018 - 11:29 21-06-2018 - 11:29
CVE-2018-0712 None
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2017-2672 None
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those sy
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2017-2669 None
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending speci
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2017-13072 None
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2016-10723 None
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU res
21-06-2018 - 09:29 21-06-2018 - 09:29
CVE-2018-0373 None
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affe
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0371 None
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0365 None
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0364 None
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected de
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0363 None
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbi
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0362 None
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute a
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0359 None
A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0358 None
A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0337 None
A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0331 None
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS)
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0313 None
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0311 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists becaus
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0310 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the aff
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0309 None
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, rem
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0306 None
A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An att
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0305 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists becau
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0303 None
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0302 None
A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0300 None
A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path travers
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0299 None
A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0298 None
A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web
21-06-2018 - 07:29 21-06-2018 - 07:29
CVE-2018-0330 None
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is du
20-06-2018 - 17:29 20-06-2018 - 17:29
CVE-2018-0314 None
A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affecte
20-06-2018 - 17:29 20-06-2018 - 17:29
CVE-2018-0312 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The v
20-06-2018 - 17:29 20-06-2018 - 17:29
CVE-2018-0308 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists be
20-06-2018 - 17:29 20-06-2018 - 17:29
CVE-2018-0307 None
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker c
20-06-2018 - 17:29 20-06-2018 - 17:29
CVE-2018-0304 None
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary
20-06-2018 - 17:29 20-06-2018 - 17:29
Back to Top Mark selected
Back to Top