CVE-2018-9859 — The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
Published: June 15, 2018; 09:29:09 PM -04:00

V3: 8.1 HIGH
V2: 5.1 MEDIUM

CVE-2018-8927 — Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Published: June 14, 2018; 10:29:00 AM -04:00

V3: 6.5 MEDIUM
V2: 4.0 MEDIUM

CVE-2018-6496 — Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
Published: June 15, 2018; 09:29:06 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-5718 — Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a... read CVE-2018-5718
Published: June 12, 2018; 12:29:00 PM -04:00

V3: 7.1 HIGH
V2: 5.6 MEDIUM

CVE-2018-5242 — Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain devic... read CVE-2018-5242
Published: June 13, 2018; 12:29:01 PM -04:00

V3: 6.2 MEDIUM
V2: 7.2 HIGH

CVE-2018-5185 — Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Published: June 11, 2018; 05:29:16 PM -04:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-5170 — It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 a... read CVE-2018-5170
Published: June 11, 2018; 05:29:15 PM -04:00

V3: 4.3 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-5162 — Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Published: June 11, 2018; 05:29:15 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-5161 — Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Published: June 11, 2018; 05:29:15 PM -04:00

V3: 4.3 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-5157 — Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website.... read CVE-2018-5157
Published: June 11, 2018; 05:29:15 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-5153 — If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox &... read CVE-2018-5153
Published: June 11, 2018; 05:29:15 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-5147 — The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
Published: June 11, 2018; 05:29:14 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2018-5136 — A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.
Published: June 11, 2018; 05:29:14 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-4848 — A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspec... read CVE-2018-4848
Published: June 14, 2018; 12:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-12696 — mao10cms 6 allows XSS via the article page.
Published: June 23, 2018; 05:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-12695 — mao10cms 6 allows XSS via the m=bbs&a=index page.
Published: June 23, 2018; 05:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-12648 — The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
Published: June 22, 2018; 09:29:00 AM -04:00

V3: 7.5 HIGH
V2: 4.3 MEDIUM

CVE-2018-12526 — Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
Published: June 21, 2018; 11:29:00 AM -04:00

V3: 9.8 CRITICAL
V2: 10.0 HIGH

CVE-2018-12454 — The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be re... read CVE-2018-12454
Published: June 17, 2018; 08:29:00 AM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-12453 — Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
Published: June 16, 2018; 01:29:00 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM