CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2018-17191 Exec Code 2018-12-31 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.
702 CVE-2018-17160 20 Exec Code 2018-12-04 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
703 CVE-2018-17159 400 2018-12-04 2018-12-31
7.8
None Remote Low Not required None None Complete
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.
704 CVE-2018-17158 190 Overflow 2018-12-04 2018-12-31
7.8
None Remote Low Not required None None Complete
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
705 CVE-2018-17157 190 Exec Code Overflow Mem. Corr. 2018-12-04 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
706 CVE-2018-16884 416 Mem. Corr. 2018-12-18 2019-05-28
6.7
None Local Network Low Single system Partial Partial Complete
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
707 CVE-2018-16883 200 +Info 2018-12-19 2019-10-09
2.1
None Local Low Not required Partial None None
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
708 CVE-2018-16875 295 DoS 2018-12-14 2019-06-03
7.8
None Remote Low Not required None None Complete
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
709 CVE-2018-16874 22 Exec Code Dir. Trav. 2018-12-14 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
710 CVE-2018-16873 20 Exec Code 2018-12-14 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u".
711 CVE-2018-16872 20 2018-12-13 2019-05-31
3.5
None Remote Medium Single system Partial None None
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
712 CVE-2018-16869 310 2018-12-03 2019-10-09
3.3
None Local Medium Not required Partial Partial None
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
713 CVE-2018-16868 310 2018-12-03 2019-05-30
3.3
None Local Medium Not required Partial Partial None
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
714 CVE-2018-16867 22 Exec Code Dir. Trav. 2018-12-12 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
715 CVE-2018-16863 78 Exec Code Bypass 2018-12-03 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
716 CVE-2018-16861 79 Exec Code +Priv XSS CSRF 2018-12-07 2019-05-14
3.5
None Remote Medium Single system None Partial None
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
717 CVE-2018-16855 125 2018-12-03 2019-10-09
5.0
None Remote Low Not required None None Partial
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
718 CVE-2018-16792 611 2018-12-05 2018-12-31
6.4
None Remote Low Not required Partial Partial None
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
719 CVE-2018-16791 522 2018-12-05 2019-10-02
5.0
None Remote Low Not required Partial None None
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
720 CVE-2018-16778 79 XSS 2018-12-21 2019-01-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
721 CVE-2018-16638 79 XSS 2018-12-28 2019-01-06
3.5
None Remote Medium Single system None Partial None
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
722 CVE-2018-16637 79 XSS 2018-12-28 2019-01-06
3.5
None Remote Medium Single system None Partial None
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
723 CVE-2018-16636 79 XSS 2018-12-10 2019-10-02
4.0
None Remote Low Single system None Partial None
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
724 CVE-2018-16635 79 XSS 2018-12-10 2018-12-28
3.5
None Remote Medium Single system None Partial None
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
725 CVE-2018-16634 352 CSRF 2018-12-04 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
726 CVE-2018-16633 79 XSS 2018-12-04 2018-12-27
3.5
None Remote Medium Single system None Partial None
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
727 CVE-2018-16632 79 XSS 2018-12-28 2019-01-09
3.5
None Remote Medium Single system None Partial None
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
728 CVE-2018-16631 79 XSS 2018-12-04 2018-12-27
3.5
None Remote Medium Single system None Partial None
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
729 CVE-2018-16630 79 XSS 2018-12-28 2019-01-09
3.5
None Remote Medium Single system None Partial None
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
730 CVE-2018-16629 79 XSS 2018-12-04 2018-12-27
4.3
None Remote Medium Not required None Partial None
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
731 CVE-2018-16628 79 XSS 2018-12-04 2018-12-27
3.5
None Remote Medium Single system None Partial None
panel/login in Kirby v2.5.12 allows XSS via a blog name.
732 CVE-2018-16627 74 2018-12-20 2019-01-09
5.8
None Remote Medium Not required Partial Partial None
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
733 CVE-2018-16603 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
734 CVE-2018-16602 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
735 CVE-2018-16601 191 DoS Exec Code 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
736 CVE-2018-16600 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.
737 CVE-2018-16599 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.
738 CVE-2018-16598 441 2018-12-06 2019-01-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.
739 CVE-2018-16596 Exec Code Overflow 2018-12-17 2018-12-17
0.0
None ??? ??? ??? ??? ??? ???
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.
740 CVE-2018-16557 20 2018-12-13 2019-05-14
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
741 CVE-2018-16556 20 2018-12-13 2019-05-14
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
742 CVE-2018-16555 79 XSS 2018-12-13 2019-10-09
3.5
None Remote Medium Single system None Partial None
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
743 CVE-2018-16528 Exec Code 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
744 CVE-2018-16527 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
745 CVE-2018-16526 Exec Code Overflow +Info 2018-12-06 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
746 CVE-2018-16525 Exec Code Overflow +Info 2018-12-06 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
747 CVE-2018-16524 200 +Info 2018-12-06 2019-01-03
4.3
None Remote Medium Not required Partial None None
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
748 CVE-2018-16523 369 2018-12-06 2019-01-03
5.8
None Remote Medium Not required Partial None Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
749 CVE-2018-16522 416 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
750 CVE-2018-16478 22 Dir. Trav. 2018-12-04 2019-10-09
5.0
None Remote Low Not required Partial None None
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.
Total number of vulnerabilities : 1160   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.