CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2018-11902 129 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
702 CVE-2018-11898 125 2018-09-19 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.
703 CVE-2018-11897 125 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.
704 CVE-2018-11895 119 Overflow 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.
705 CVE-2018-11894 190 Overflow 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.
706 CVE-2018-11893 119 Overflow 2018-09-19 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.
707 CVE-2018-11891 129 2018-09-19 2019-04-18
8.3
None Local Network Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.
708 CVE-2018-11889 119 Overflow 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.
709 CVE-2018-11886 190 Overflow 2018-09-19 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.
710 CVE-2018-11883 129 2018-09-19 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.
711 CVE-2018-11878 119 Overflow 2018-09-19 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.
712 CVE-2018-11869 119 Overflow 2018-09-18 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
713 CVE-2018-11868 119 Overflow 2018-09-18 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.
714 CVE-2018-11863 119 Overflow 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.
715 CVE-2018-11860 119 Overflow 2018-09-18 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.
716 CVE-2018-11852 787 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.
717 CVE-2018-11851 787 2018-09-18 2019-04-18
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
718 CVE-2018-11843 416 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.
719 CVE-2018-11842 119 Overflow 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.
720 CVE-2018-11840 415 2018-09-18 2019-04-05
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
721 CVE-2018-11836 119 Overflow 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.
722 CVE-2018-11832 119 Overflow 2018-09-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.
723 CVE-2018-11827 129 2018-09-18 2019-04-05
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.
724 CVE-2018-11826 190 Overflow 2018-09-18 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.
725 CVE-2018-11818 416 2018-09-18 2018-11-09
4.4
None Local Medium Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.
726 CVE-2018-11787 287 2018-09-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.
727 CVE-2018-11786 269 2018-09-18 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.
728 CVE-2018-11781 94 2018-09-17 2019-08-06
4.6
None Local Low Not required Partial Partial Partial
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
729 CVE-2018-11780 94 Exec Code 2018-09-17 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
730 CVE-2018-11775 295 2018-09-10 2019-10-02
5.8
None Remote Medium Not required Partial Partial None
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
731 CVE-2018-11763 20 2018-09-25 2019-06-11
4.3
None Remote Medium Not required None None Partial
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
732 CVE-2018-11762 22 Dir. Trav. 2018-09-19 2018-11-20
5.8
None Remote Medium Not required None Partial Partial
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
733 CVE-2018-11761 611 DoS 2018-09-19 2019-04-26
5.0
None Remote Low Not required None None Partial
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
734 CVE-2018-11614 Exec Code 2018-09-24 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.
735 CVE-2018-11352 79 XSS 2018-09-21 2018-11-09
2.1
None Remote High Single system None Partial None
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.
736 CVE-2018-11302 20 Overflow 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN.
737 CVE-2018-11301 191 Overflow 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.
738 CVE-2018-11300 416 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.
739 CVE-2018-11299 129 2018-09-18 2019-04-05
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.
740 CVE-2018-11298 119 Overflow 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.
741 CVE-2018-11297 125 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.
742 CVE-2018-11296 787 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.
743 CVE-2018-11295 787 2018-09-18 2018-11-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen.
744 CVE-2018-11294 20 2018-09-18 2019-04-05
5.8
None Local Network Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories.
745 CVE-2018-11293 125 2018-09-18 2018-11-09
3.3
None Local Network Low Not required Partial None None
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.
746 CVE-2018-11292 119 Overflow 2018-09-20 2018-11-23
7.2
None Local Low Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.
747 CVE-2018-11291 338 2018-09-20 2019-10-02
5.0
None Remote Low Not required None Partial None
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.
748 CVE-2018-11290 338 2018-09-20 2019-10-02
5.0
None Remote Low Not required None Partial None
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.
749 CVE-2018-11287 20 2018-09-20 2018-11-23
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.
750 CVE-2018-11286 416 2018-09-18 2018-11-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs
Total number of vulnerabilities : 1171   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.