| CVE-2018-15397 |
Cisco Adaptive Security Appliance (ASA) Software |
primary_impact |
T1529 |
System Shutdown/Reboot |
| CVE-2018-15397 |
Cisco Adaptive Security Appliance (ASA) Software |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15401 |
Cisco Hosted Collaboration Mediation Fulfillment |
primary_impact |
T1608 |
Stage Capabilities |
| CVE-2018-15401 |
Cisco Hosted Collaboration Mediation Fulfillment |
exploitation_technique |
T1204.001 |
Malicious Link |
| CVE-2018-15466 |
Cisco Policy Suite (CPS) Software |
primary_impact |
T1608 |
Stage Capabilities |
| CVE-2018-15466 |
Cisco Policy Suite (CPS) Software |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-15393 |
Cisco Content Security Management Appliance (SMA) |
primary_impact |
T1059.007 |
JavaScript |
| CVE-2018-15393 |
Cisco Content Security Management Appliance (SMA) |
secondary_impact |
T1557 |
Man-in-the-Middle |
| CVE-2018-15393 |
Cisco Content Security Management Appliance (SMA) |
exploitation_technique |
T1204.001 |
Malicious Link |
| CVE-2018-15444 |
Cisco Energy Management Suite |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-15444 |
Cisco Energy Management Suite |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-15444 |
Cisco Energy Management Suite |
exploitation_technique |
T1133 |
External Remote Services |
| CVE-2018-15376 |
Cisco IOS Software |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-15376 |
Cisco IOS Software |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-15376 |
Cisco IOS Software |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-15376 |
Cisco IOS Software |
exploitation_technique |
T1091 |
Replication Through Removable Media |
| CVE-2018-15376 |
Cisco IOS Software |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-15392 |
Cisco Industrial Network Director |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-15392 |
Cisco Industrial Network Director |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15462 |
Cisco Firepower Threat Defense Software |
primary_impact |
T1499 |
Endpoint Denial of Service |
| CVE-2018-15462 |
Cisco Firepower Threat Defense Software |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-11048 |
Data Protection Advisor |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-11048 |
Data Protection Advisor |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-11048 |
Data Protection Advisor |
secondary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-11048 |
Data Protection Advisor |
exploitation_technique |
T1133 |
External Remote Services |
| CVE-2018-15771 |
Dell EMC RecoverPoint |
primary_impact |
T1078.001 |
Default Accounts |
| CVE-2018-15771 |
Dell EMC RecoverPoint |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-15782 |
RSA Authentication Manager |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-15782 |
RSA Authentication Manager |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-15782 |
RSA Authentication Manager |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-11045 |
Pivotal Operations Manager |
primary_impact |
T1078 |
Valid Accounts |
| CVE-2018-11045 |
Pivotal Operations Manager |
exploitation_technique |
T1110 |
Brute Force |
| CVE-2018-15795 |
CredHub Service Broker |
primary_impact |
T1078 |
Valid Accounts |
| CVE-2018-15795 |
CredHub Service Broker |
exploitation_technique |
T1110 |
Brute Force |
| CVE-2018-15776 |
iDRAC |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-15776 |
iDRAC |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15764 |
ESRS Policy Manager |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-15764 |
ESRS Policy Manager |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-11084 |
Garden-runC |
primary_impact |
T1496 |
Resource Hijacking |
| CVE-2018-15784 |
Dell Networking OS10 |
primary_impact |
T1557 |
Man-in-the-Middle |
| CVE-2018-11051 |
Certificate Manager Path Traversal Vulnerability |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-11051 |
Certificate Manager Path Traversal Vulnerability |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15800 |
Bits Service Release |
primary_impact |
T1078 |
Valid Accounts |
| CVE-2018-15800 |
Bits Service Release |
exploitation_technique |
T1110 |
Brute Force |
| CVE-2018-11059 |
RSA Archer |
primary_impact |
T1059.007 |
JavaScript |
| CVE-2018-11059 |
RSA Archer |
secondary_impact |
T1185 |
Man in the Browser |
| CVE-2018-11059 |
RSA Archer |
exploitation_technique |
T1189 |
Drive-by Compromise |
| CVE-2018-11075 |
Authentication Manager |
primary_impact |
T1059.007 |
JavaScript |
| CVE-2018-11075 |
Authentication Manager |
secondary_impact |
T1185 |
Man in the Browser |
| CVE-2018-11075 |
Authentication Manager |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-15761 |
UAA |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-15761 |
UAA |
exploitation_technique |
T1078 |
Valid Accounts |
| CVE-2018-15797 |
NFS Volume Release |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-15797 |
NFS Volume Release |
exploitation_technique |
T1552 |
Unsecured Credentials |
| CVE-2018-15772 |
Dell EMC RecoverPoint |
primary_impact |
T1499 |
Endpoint Denial of Service |
| CVE-2018-11088 |
Application Service |
primary_impact |
T1552 |
Unsecured Credentials |
| CVE-2018-11088 |
Application Service |
secondary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-11062 |
Integrated Data Protection Appliance |
primary_impact |
T1078.001 |
Default Accounts |
| CVE-2018-15758 |
Spring Security OAuth |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-15758 |
Spring Security OAuth |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-11060 |
RSA Archer |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-11067 |
Avamar |
secondary_impact |
T1036 |
Masquerading |
| CVE-2018-11067 |
Avamar |
exploitation_technique |
T1566.002 |
Spearphishing Link |
| CVE-2018-11049 |
Pivotal Operations Manager |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-15801 |
Spring Security |
secondary_impact |
T1550.001 |
Application Access Token |
| CVE-2018-15774 |
iDRAC |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-15780 |
RSA Archer |
primary_impact |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15780 |
RSA Archer |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-11072 |
Dell Digital Delivery |
primary_impact |
T1055.001 |
Dynamic-link Library Injection |
| CVE-2018-11073 |
Authentication Manager |
primary_impact |
T1059.007 |
JavaScript |
| CVE-2018-11073 |
Authentication Manager |
secondary_impact |
T1185 |
Man in the Browser |
| CVE-2018-11073 |
Authentication Manager |
exploitation_technique |
T1189 |
Drive-by Compromise |
| CVE-2018-11087 |
Spring AMQP |
primary_impact |
T1557 |
Man-in-the-Middle |
| CVE-2018-15767 |
OpenManage Network Manager |
primary_impact |
T1548.003 |
Sudo and Sudo Caching |
| CVE-2018-11069 |
RSA BSAFE SSL-J |
primary_impact |
T1600 |
Weaken Encryption |
| CVE-2018-11069 |
RSA BSAFE SSL-J |
exploitation_technique |
T1110 |
Brute Force |
| CVE-2018-17934 |
NUUO CMS |
secondary_impact |
T1036 |
Masquerading |
| CVE-2018-17934 |
NUUO CMS |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-17934 |
NUUO CMS |
secondary_impact |
T1203 |
Exploitation for Client Execution |
| CVE-2018-17934 |
NUUO CMS |
exploitation_technique |
T1202 |
Indirect Command Execution |
| CVE-2018-7520 |
Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware |
primary_impact |
T1552.001 |
Credentials In Files |
| CVE-2018-7499 |
WebAccess |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-7499 |
WebAccess |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-7526 |
n/a |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-5445 |
Advantech WebAccess/SCADA |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-5454 |
Philips IntelliSpace Portal |
primary_impact |
T1203 |
Exploitation for Client Execution |
| CVE-2018-14819 |
V-Server |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-19007 |
Geutebrück GmbH E2 Camera Series versions prior to 1.12.0.25 |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-19007 |
Geutebrück GmbH E2 Camera Series versions prior to 1.12.0.25 |
exploitation_technique |
T1133 |
External Remote Services |
| CVE-2018-18990 |
LCDS Laquis SCADA |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-14781 |
Medtronic insulin pump |
primary_impact |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-14781 |
Medtronic insulin pump |
exploitation_technique |
T1040 |
Network Sniffing |
| CVE-2018-10633 |
Universal Robots Robot Controller version CB 3.1, SW Version 3.4.5-100 |
primary_impact |
T1078.001 |
Default Accounts |
| CVE-2018-10610 |
LeviStudioU |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-10610 |
LeviStudioU |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-10610 |
LeviStudioU |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-10610 |
LeviStudioU |
primary_impact |
T1557 |
Man-in-the-Middle |
| CVE-2018-14809 |
V-Server |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-14809 |
V-Server |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-14809 |
V-Server |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-14809 |
V-Server |
primary_impact |
T1557 |
Man-in-the-Middle |
| CVE-2018-18995 |
ABB GATE-E1 and GATE-E2 |
secondary_impact |
T0816 |
Device Restart/Shutdown |
| CVE-2018-18995 |
ABB GATE-E1 and GATE-E2 |
secondary_impact |
T1529 |
System Shutdown/Reboot |
| CVE-2018-18995 |
ABB GATE-E1 and GATE-E2 |
secondary_impact |
T0855 |
Unauthorized Command Message |
| CVE-2018-18995 |
ABB GATE-E1 and GATE-E2 |
secondary_impact |
T0836 |
Modify Parameter |
| CVE-2018-18995 |
ABB GATE-E1 and GATE-E2 |
secondary_impact |
T1213 |
Data from Information Repositories |
| CVE-2018-5459 |
WAGO PFC200 Series |
primary_impact |
T0855 |
Unauthorized Command Message |
| CVE-2018-5459 |
WAGO PFC200 Series |
secondary_impact |
T0833 |
|
| CVE-2018-5459 |
WAGO PFC200 Series |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-5459 |
WAGO PFC200 Series |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-5459 |
WAGO PFC200 Series |
secondary_impact |
T1565.001 |
Stored Data Manipulation |
| CVE-2018-8852 |
e-Alert Unit (non-medical device) |
primary_impact |
T1563 |
Remote Service Session Hijacking |
| CVE-2018-10590 |
WebAccess |
primary_impact |
T1083 |
File and Directory Discovery |
| CVE-2018-10590 |
WebAccess |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-10636 |
CNCSoft with ScreenEditor |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-10636 |
CNCSoft with ScreenEditor |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-10636 |
CNCSoft with ScreenEditor |
secondary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-19010 |
Dräger Infinity Delta |
primary_impact |
T1499 |
Endpoint Denial of Service |
| CVE-2018-19010 |
Dräger Infinity Delta |
exploitation_technique |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-7500 |
OSIsoft PI Web API |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-7494 |
Delta Electronics WPLSoft |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-7494 |
Delta Electronics WPLSoft |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-5451 |
Philips Alice 6 System |
primary_impact |
T1036 |
Masquerading |
| CVE-2018-17889 |
PI Studio HMI |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-17924 |
Rockwell Automation |
primary_impact |
T0875 |
|
| CVE-2018-17924 |
Rockwell Automation |
secondary_impact |
T0803 |
Block Command Message |
| CVE-2018-17924 |
Rockwell Automation |
secondary_impact |
T0804 |
Block Reporting Message |
| CVE-2018-17924 |
Rockwell Automation |
exploitation_technique |
T0855 |
Unauthorized Command Message |
| CVE-2018-17910 |
WebAccess Versions 8.3.2 and prior. |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-10589 |
WebAccess |
primary_impact |
T1202 |
Indirect Command Execution |
| CVE-2018-8835 |
Advantech WebAccess HMI Designer |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8835 |
Advantech WebAccess HMI Designer |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-17908 |
WebAccess Versions 8.3.2 and prior. |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-17908 |
WebAccess Versions 8.3.2 and prior. |
exploitation_technique |
T1562 |
Impair Defenses |
| CVE-2018-17900 |
STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
primary_impact |
T1552 |
Unsecured Credentials |
| CVE-2018-17900 |
STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
secondary_impact |
T1078 |
Valid Accounts |
| CVE-2018-10620 |
InduSoft Web Studio |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-17911 |
LAquis SCADA |
primary_impact |
T1575 |
Native Code |
| CVE-2018-17892 |
NUUO CMS |
primary_impact |
T1562 |
Impair Defenses |
| CVE-2018-14802 |
FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace |
primary_impact |
T1575 |
Native Code |
| CVE-2018-18987 |
n/a |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-18987 |
n/a |
secondary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-18987 |
n/a |
secondary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8355 |
ChakraCore |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8355 |
ChakraCore |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8355 |
ChakraCore |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8355 |
ChakraCore |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8355 |
ChakraCore |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8355 |
ChakraCore |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8355 |
ChakraCore |
exploitation_technique |
T1189 |
Drive-by Compromise |
| CVE-2018-8355 |
ChakraCore |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8248 |
Microsoft Office |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8248 |
Microsoft Office |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8248 |
Microsoft Office |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8248 |
Microsoft Office |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8248 |
Microsoft Office |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8248 |
Microsoft Office |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8248 |
Microsoft Office |
exploitation_technique |
T1189 |
Drive-by Compromise |
| CVE-2018-8248 |
Microsoft Office |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8111 |
Microsoft Edge |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8111 |
Microsoft Edge |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8111 |
Microsoft Edge |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8111 |
Microsoft Edge |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8111 |
Microsoft Edge |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8111 |
Microsoft Edge |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8111 |
Microsoft Edge |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8111 |
Microsoft Edge |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
primary_impact |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
secondary_impact |
T1478 |
Install Insecure or Malicious Configuration |
| CVE-2018-8607 |
Microsoft Dynamics 365 |
secondary_impact |
T1036 |
Masquerading |
| CVE-2018-8353 |
n/a |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8353 |
n/a |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8353 |
n/a |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8353 |
n/a |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8353 |
n/a |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8353 |
n/a |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8353 |
n/a |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8353 |
n/a |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-8110 |
Microsoft Edge |
primary_impact |
T1574 |
Hijack Execution Flow |
| CVE-2018-8110 |
Microsoft Edge |
primary_impact |
T1499.004 |
Application or System Exploitation |
| CVE-2018-8110 |
Microsoft Edge |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8110 |
Microsoft Edge |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8110 |
Microsoft Edge |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8110 |
Microsoft Edge |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8110 |
Microsoft Edge |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8110 |
Microsoft Edge |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-8575 |
Microsoft Project |
primary_impact |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-8575 |
Microsoft Project |
secondary_impact |
T1005 |
Data from Local System |
| CVE-2018-8575 |
Microsoft Project |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8575 |
Microsoft Project |
secondary_impact |
T1485 |
Data Destruction |
| CVE-2018-8575 |
Microsoft Project |
secondary_impact |
T1136 |
Create Account |
| CVE-2018-8575 |
Microsoft Project |
exploitation_technique |
T1204.002 |
Malicious File |
| CVE-2018-8575 |
Microsoft Project |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-8160 |
Word |
primary_impact |
T1005 |
Data from Local System |
| CVE-2018-8160 |
Word |
secondary_impact |
T1110 |
Brute Force |
| CVE-2018-8160 |
Word |
exploitation_technique |
T1566 |
Phishing |
| CVE-2018-8431 |
Microsoft SharePoint Server |
primary_impact |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-8431 |
Microsoft SharePoint Server |
secondary_impact |
T1565 |
Data Manipulation |
| CVE-2018-8489 |
Windows 7 |
primary_impact |
T1497 |
Virtualization/Sandbox Evasion |
| CVE-2018-15869 |
n/a |
uncategorized |
T1036. |
|
| CVE-2018-15869 |
n/a |
uncategorized |
T1525 |
Implant Internal Image |
| CVE-2018-11749 |
Puppet Enterprise |
uncategorized |
T1040 |
Network Sniffing |
| CVE-2018-11749 |
Puppet Enterprise |
uncategorized |
T1552 |
Unsecured Credentials |
| CVE-2018-9862 |
n/a |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-9488 |
Android |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-8599 |
Microsoft Visual Studio |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-5463 |
LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-11776 |
Apache Struts |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-1956 |
Security Identity Manager |
uncategorized |
T1110 |
Brute Force |
| CVE-2018-12520 |
n/a |
uncategorized |
T1110 |
Brute Force |
| CVE-2018-7506 |
Moxa MXview |
uncategorized |
T1133 |
External Remote Services |
| CVE-2018-7506 |
Moxa MXview |
uncategorized |
T1552.004 |
Private Keys |
| CVE-2018-9206 |
Blueimp jQuery-File-Upload |
uncategorized |
T1189 |
Drive-by Compromise |
| CVE-2018-9206 |
Blueimp jQuery-File-Upload |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-8174 |
Windows 7 |
uncategorized |
T1189 |
Drive-by Compromise |
| CVE-2018-8174 |
Windows 7 |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-8120 |
Windows Server 2008 |
uncategorized |
T1189 |
Drive-by Compromise |
| CVE-2018-8120 |
Windows Server 2008 |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-0798 |
Equation Editor |
uncategorized |
T1189 |
Drive-by Compromise |
| CVE-2018-0798 |
Equation Editor |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-0802 |
Equation Editor |
uncategorized |
T1189 |
Drive-by Compromise |
| CVE-2018-8611 |
Windows 7 |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-7602 |
core |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-7600 |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-2893 |
WebLogic Server |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-2628 |
WebLogic Server |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-1000861 |
n/a |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-0101 |
Cisco Adaptive Security Appliance |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-10611 |
MDS PulseNET and MDS PulseNET Enterprise |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-10611 |
MDS PulseNET and MDS PulseNET Enterprise |
uncategorized |
T1059 |
Command and Scripting Interpreter |
| CVE-2018-7496 |
OSIsoft PI Vision |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-7496 |
OSIsoft PI Vision |
uncategorized |
T1211 |
Exploitation for Defense Evasion |
| CVE-2018-19207 |
n/a |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-19207 |
n/a |
uncategorized |
T1499.004 |
Application or System Exploitation |
| CVE-2018-2894 |
WebLogic Server |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-2894 |
WebLogic Server |
uncategorized |
T1505.003 |
Web Shell |
| CVE-2018-15961 |
ColdFusion |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-15961 |
ColdFusion |
uncategorized |
T1505.003 |
Web Shell |
| CVE-2018-15961 |
ColdFusion |
uncategorized |
T1491 |
Defacement |
| CVE-2018-8833 |
Advantech WebAccess HMI Designer |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-8589 |
Windows Server 2008 |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-7513 |
Omron CX-Supervisor |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-20838 |
n/a |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-18956 |
n/a |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-10376 |
n/a |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-20062 |
n/a |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-20062 |
n/a |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-20250 |
WinRAR |
uncategorized |
T1203 |
Exploitation for Client Execution |
| CVE-2018-20250 |
WinRAR |
uncategorized |
T1204.002 |
Malicious File |
| CVE-2018-8414 |
Windows 10 Servers |
uncategorized |
T1210 |
Exploitation of Remote Services |
| CVE-2018-8414 |
Windows 10 Servers |
uncategorized |
T1190 |
Exploit Public-Facing Application |
| CVE-2018-8414 |
Windows 10 Servers |
uncategorized |
T1499.004 |
Application or System Exploitation |
| CVE-2018-6112 |
Chrome |
uncategorized |
T1211 |
Exploitation for Defense Evasion |
| CVE-2018-0560 |
Hatena Bookmark App for iOS |
uncategorized |
T1211 |
Exploitation for Defense Evasion |
| CVE-2018-0560 |
Hatena Bookmark App for iOS |
uncategorized |
T1036 |
Masquerading |
| CVE-2018-8337 |
Windows 10 |
uncategorized |
T1211 |
Exploitation for Defense Evasion |
| CVE-2018-8337 |
Windows 10 |
uncategorized |
T1565 |
Data Manipulation |
| CVE-2018-8337 |
Windows 10 |
uncategorized |
T1485 |
Data Destruction |
| CVE-2018-20753 |
n/a |
uncategorized |
T1212 |
Exploitation for Credential Access |
| CVE-2018-13379 |
Fortinet FortiOS, FortiProxy |
uncategorized |
T1212 |
Exploitation for Credential Access |
| CVE-2018-21091 |
n/a |
uncategorized |
T1499.004 |
Application or System Exploitation |
| CVE-2018-15454 |
Cisco Adaptive Security Appliance (ASA) Software |
uncategorized |
T1499.004 |
Application or System Exploitation |
| CVE-2018-14679 |
n/a |
uncategorized |
T1499.004 |
Application or System Exploitation |
| CVE-2018-7259 |
n/a |
uncategorized |
T1552 |
Unsecured Credentials |
| CVE-2018-7259 |
n/a |
uncategorized |
T1040 |
Network Sniffing |
| CVE-2018-18641 |
n/a |
uncategorized |
T1552 |
Unsecured Credentials |
| CVE-2018-18641 |
n/a |
uncategorized |
T1528 |
Steal Application Access Token |
| CVE-2018-0622 |
DHC Online Shop App for Android |
uncategorized |
T1557 |
Man-in-the-Middle |
| CVE-2018-16179 |
Mizuho Direct App for Android |
uncategorized |
T1557 |
Man-in-the-Middle |
| CVE-2018-16179 |
Mizuho Direct App for Android |
uncategorized |
T1211 |
Exploitation for Defense Evasion |
| CVE-2018-10299 |
n/a |
uncategorized |
T1565.003 |
Runtime Data Manipulation |
| CVE-2018-10657 |
n/a |
uncategorized |
T1574.001 |
DLL Search Order Hijacking |
| CVE-2018-11049 |
Pivotal Operations Manager |
uncategorized |
T1574.008 |
Path Interception by Search Order Hijacking |
| CVE-2018-8453 |
Windows 7 |
uncategorized |
T1608 |
Stage Capabilities |
| CVE-2018-8440 |
Windows 7 |
uncategorized |
T1608 |
Stage Capabilities |
| CVE-2018-19320 |
n/a |
uncategorized |
T1608 |
Stage Capabilities |
| CVE-2018-14847 |
n/a |
uncategorized |
T0812 |
Default Credentials |
| CVE-2018-14847 |
n/a |
uncategorized |
T1078 |
Valid Accounts |
| CVE-2018-18665 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-18667 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-18667 |
n/a |
uncategorized |
T1565 |
Data Manipulation |
| CVE-2018-17877 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-17877 |
n/a |
uncategorized |
T1565 |
Data Manipulation |
| CVE-2018-19831 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-19831 |
n/a |
uncategorized |
T1565 |
Data Manipulation |
| CVE-2018-19831 |
n/a |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-19830 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-19830 |
n/a |
uncategorized |
T1565 |
Data Manipulation |
| CVE-2018-19830 |
n/a |
uncategorized |
T1068 |
Exploitation for Privilege Escalation |
| CVE-2018-19833 |
n/a |
uncategorized |
T0828 |
Loss of Productivity and Revenue |
| CVE-2018-19833 |
n/a |
uncategorized |
T1565.001 |
Stored Data Manipulation |
