| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-10849 |
|
|
2018-06-25 |
N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12533. Reason: This candidate is a reservation duplicate of CVE-2018-12533. Notes: All CVE users should reference CVE-2018-12533 instead of this candidate. All references and... |
| CVE-2018-10848 |
|
|
2018-06-25 |
N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12532. Reason: This candidate is a reservation duplicate of CVE-2018-12532. Notes: All CVE users should reference CVE-2018-12532 instead of this candidate. All references and... |
| CVE-2018-12716 |
|
|
2018-06-25 |
N/A |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by... |
| CVE-2018-6672 |
|
|
2018-06-25 |
N/A |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. |
| CVE-2018-6671 |
|
|
2018-06-25 |
N/A |
| Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a... |
| CVE-2018-12617 |
|
|
2018-06-25 |
N/A |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory... |
| CVE-2018-12613 |
|
|
2018-06-25 |
N/A |
| An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin,... |
| CVE-2018-12604 |
|
|
2018-06-25 |
N/A |
| GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. |
| CVE-2018-12714 |
|
|
2018-06-24 |
N/A |
| An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1... |
| CVE-2018-12706 |
|
|
2018-06-24 |
N/A |
| DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. |
| CVE-2018-12705 |
|
|
2018-06-24 |
N/A |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). |
| CVE-2018-12713 |
|
|
2018-06-24 |
N/A |
| GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by... |
| CVE-2018-8214 |
1 Microsoft |
2 Windows 10, Windows Server 2016 |
2018-06-24 |
6.9 |
| An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows... |
| CVE-2018-8208 |
1 Microsoft |
2 Windows 10, Windows Server 2016 |
2018-06-24 |
6.9 |
| An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows... |
| CVE-2018-5428 |
|
|
2018-06-24 |
N/A |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. |
| CVE-2018-3665 |
|
|
2018-06-24 |
N/A |
| System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
| CVE-2018-2815 |
2 Oracle, Redhat |
6 Jdk, Jre, Jrockit and 3 more |
2018-06-24 |
5.0 |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily... |
| CVE-2018-2814 |
2 Oracle, Redhat |
5 Jdk, Jre, Enterprise Linux Desktop and 2 more |
2018-06-24 |
5.1 |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows... |
| CVE-2018-2800 |
2 Oracle, Redhat |
6 Jdk, Jre, Jrockit and 3 more |
2018-06-24 |
4.0 |
| Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2018-2799 |
2 Oracle, Redhat |
6 Jdk, Jre, Jrockit and 3 more |
2018-06-24 |
5.0 |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable... |
