# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1951 |
CVE-2018-5068 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1952 |
CVE-2018-5066 |
125 |
|
|
2018-07-20 |
2018-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1953 |
CVE-2018-5062 |
125 |
|
|
2018-07-20 |
2018-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1954 |
CVE-2018-5026 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1955 |
CVE-2018-5025 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1956 |
CVE-2018-5024 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1957 |
CVE-2018-5023 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1958 |
CVE-2018-5022 |
125 |
|
|
2018-07-20 |
2018-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1959 |
CVE-2018-5010 |
125 |
|
|
2018-07-20 |
2018-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1960 |
CVE-2018-5008 |
125 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1961 |
CVE-2018-5006 |
918 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
1962 |
CVE-2018-5004 |
918 |
|
|
2018-07-20 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
1963 |
CVE-2018-4994 |
200 |
|
Bypass +Info |
2018-05-19 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. |
1964 |
CVE-2018-4993 |
200 |
|
+Info |
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure. |
1965 |
CVE-2018-4986 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1966 |
CVE-2018-4985 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1967 |
CVE-2018-4981 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1968 |
CVE-2018-4976 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1969 |
CVE-2018-4975 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1970 |
CVE-2018-4973 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1971 |
CVE-2018-4970 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1972 |
CVE-2018-4969 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1973 |
CVE-2018-4967 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1974 |
CVE-2018-4965 |
119 |
|
Overflow Mem. Corr. |
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure. |
1975 |
CVE-2018-4964 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1976 |
CVE-2018-4963 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1977 |
CVE-2018-4962 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1978 |
CVE-2018-4960 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1979 |
CVE-2018-4957 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1980 |
CVE-2018-4956 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1981 |
CVE-2018-4955 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1982 |
CVE-2018-4949 |
125 |
|
|
2018-07-09 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1983 |
CVE-2018-4942 |
611 |
|
|
2018-05-19 |
2018-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. |
1984 |
CVE-2018-4936 |
119 |
|
Overflow |
2018-05-19 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. |
1985 |
CVE-2018-4934 |
125 |
|
|
2018-05-19 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1986 |
CVE-2018-4925 |
125 |
|
|
2018-05-19 |
2018-06-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
1987 |
CVE-2018-4871 |
125 |
|
|
2018-01-09 |
2018-01-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
1988 |
CVE-2018-4850 |
19 |
|
|
2018-05-16 |
2018-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. |
1989 |
CVE-2018-4849 |
295 |
|
|
2018-05-03 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. |
1990 |
CVE-2018-4840 |
284 |
|
|
2018-03-08 |
2018-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. |
1991 |
CVE-2018-4838 |
284 |
|
|
2018-03-08 |
2018-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. |
1992 |
CVE-2018-4837 |
|
|
|
2018-01-25 |
2018-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. |
1993 |
CVE-2018-4835 |
200 |
|
Bypass +Info |
2018-01-25 |
2018-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. |
1994 |
CVE-2018-4833 |
20 |
|
Exec Code +Priv |
2018-06-14 |
2018-08-13 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. |
1995 |
CVE-2018-4832 |
20 |
|
|
2018-04-24 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions < V8.2 SP1), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < SIMATIC BATCH V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < SIMATIC BATCH V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 SP1), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions < V8.2 SP1), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd4). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. |
1996 |
CVE-2018-4277 |
20 |
|
|
2019-01-11 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. |
1997 |
CVE-2018-4227 |
310 |
|
|
2018-06-08 |
2018-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. |
1998 |
CVE-2018-4221 |
200 |
|
+Info |
2018-06-08 |
2018-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. |
1999 |
CVE-2018-4217 |
254 |
|
|
2019-01-11 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. |
2000 |
CVE-2018-4192 |
362 |
|
Exec Code |
2018-06-08 |
2018-10-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. |