| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2018-7755 |
200 |
|
Bypass +Info |
2018-03-08 |
2018-10-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. |
|
202 |
CVE-2018-7754 |
534 |
|
+Info |
2018-08-10 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. |
|
203 |
CVE-2018-7661 |
200 |
|
+Info |
2018-03-04 |
2018-03-29 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257. |
|
204 |
CVE-2018-7250 |
200 |
|
+Info |
2018-02-26 |
2018-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. |
|
205 |
CVE-2018-7100 |
200 |
|
+Info |
2018-08-14 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. |
|
206 |
CVE-2018-7099 |
200 |
|
+Info |
2018-08-14 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. |
|
207 |
CVE-2018-7094 |
200 |
|
+Info |
2018-08-14 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. |
|
208 |
CVE-2018-7073 |
284 |
|
|
2018-08-06 |
2018-10-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. |
|
209 |
CVE-2018-6975 |
310 |
|
|
2018-09-11 |
2018-12-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. |
|
210 |
CVE-2018-6971 |
255 |
|
|
2018-07-25 |
2018-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation. |
|
211 |
CVE-2018-6963 |
476 |
|
|
2018-05-22 |
2018-06-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. |
|
212 |
CVE-2018-6921 |
200 |
|
+Info |
2018-05-08 |
2018-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. |
|
213 |
CVE-2018-6920 |
200 |
|
+Info |
2018-05-08 |
2018-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. |
|
214 |
CVE-2018-6674 |
264 |
|
|
2018-05-25 |
2018-06-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands. |
|
215 |
CVE-2018-6619 |
327 |
|
|
2018-05-11 |
2018-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt. |
|
216 |
CVE-2018-6618 |
255 |
|
+Info |
2018-05-11 |
2018-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. |
|
217 |
CVE-2018-6617 |
255 |
|
|
2018-05-11 |
2018-06-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. |
|
218 |
CVE-2018-6599 |
532 |
|
+Info |
2018-08-29 |
2018-10-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. |
|
219 |
CVE-2018-6559 |
200 |
|
+Info |
2018-10-26 |
2018-12-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. |
|
220 |
CVE-2018-6556 |
417 |
|
|
2018-08-10 |
2018-10-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. |
|
221 |
CVE-2018-6433 |
20 |
|
Bypass |
2018-11-08 |
2018-12-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. |
|
222 |
CVE-2018-6266 |
200 |
|
+Info |
2018-11-27 |
2018-12-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. |
|
223 |
CVE-2018-6260 |
200 |
|
+Info |
2018-11-13 |
2018-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. |
|
224 |
CVE-2018-6254 |
125 |
|
|
2018-05-10 |
2018-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. |
|
225 |
CVE-2018-6234 |
125 |
|
Exec Code +Info |
2018-05-25 |
2018-06-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
226 |
CVE-2018-6193 |
79 |
|
XSS |
2018-01-24 |
2018-03-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. |
|
227 |
CVE-2018-5995 |
200 |
|
+Info |
2018-08-07 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. |
|
228 |
CVE-2018-5953 |
200 |
|
+Info |
2018-08-07 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. |
|
229 |
CVE-2018-5895 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
230 |
CVE-2018-5865 |
191 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. |
|
231 |
CVE-2018-5864 |
119 |
|
Overflow +Info |
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. |
|
232 |
CVE-2018-5836 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. |
|
233 |
CVE-2018-5790 |
119 |
|
DoS Overflow |
2018-02-04 |
2018-02-22 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets. |
|
234 |
CVE-2018-5750 |
200 |
|
+Info |
2018-01-26 |
2018-10-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. |
|
235 |
CVE-2018-5693 |
532 |
|
|
2018-01-13 |
2018-09-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. |
|
236 |
CVE-2018-5683 |
125 |
|
DoS |
2018-01-23 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. |
|
237 |
CVE-2018-5552 |
798 |
|
|
2018-03-19 |
2018-04-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "[email protected]+&pepper". |
|
238 |
CVE-2018-5540 |
264 |
|
|
2018-07-19 |
2018-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. |
|
239 |
CVE-2018-5537 |
20 |
|
|
2018-07-25 |
2018-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. |
|
240 |
CVE-2018-5518 |
284 |
|
|
2018-05-02 |
2018-06-13 |
2.3 |
None |
Local Network |
Medium |
Single system |
None |
None |
Partial |
|
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. |
|
241 |
CVE-2018-5448 |
22 |
|
Dir. Trav. |
2018-05-04 |
2018-06-07 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. |
|
242 |
CVE-2018-5446 |
255 |
|
|
2018-05-04 |
2018-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network. |
|
243 |
CVE-2018-5252 |
20 |
|
|
2018-01-05 |
2018-01-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. |
|
244 |
CVE-2018-4863 |
254 |
|
Bypass |
2018-04-05 |
2018-05-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. |
|
245 |
CVE-2018-4847 |
200 |
|
+Info |
2018-04-23 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. |
|
246 |
CVE-2018-4256 |
125 |
|
|
2019-01-11 |
2019-01-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
|
247 |
CVE-2018-4255 |
125 |
|
|
2019-01-11 |
2019-01-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
|
248 |
CVE-2018-4252 |
200 |
|
Bypass +Info |
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri. |
|
249 |
CVE-2018-4244 |
200 |
|
+Info |
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri. |
|
250 |
CVE-2018-4239 |
200 |
|
Bypass +Info |
2018-06-08 |
2018-07-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image. |
