CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2018-12833 119 Exec Code Overflow 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
752 CVE-2018-12832 119 Exec Code Overflow 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
753 CVE-2018-12831 416 Exec Code 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
754 CVE-2018-12823 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
755 CVE-2018-12822 416 Exec Code 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
756 CVE-2018-12821 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
757 CVE-2018-12820 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
758 CVE-2018-12819 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
759 CVE-2018-12818 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
760 CVE-2018-12816 125 2018-10-17 2018-11-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
761 CVE-2018-12814 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
762 CVE-2018-12813 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
763 CVE-2018-12769 416 Exec Code 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
764 CVE-2018-12759 787 Exec Code 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
765 CVE-2018-12675 601 2018-10-19 2019-01-11
5.8
None Remote Medium Not required Partial Partial None
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.
766 CVE-2018-12674 319 2018-10-19 2019-10-02
2.9
None Local Network Medium Not required Partial None None
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account.
767 CVE-2018-12673 200 +Info 2018-10-19 2019-01-11
5.0
None Remote Low Not required Partial None None
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information.
768 CVE-2018-12672 79 XSS 2018-10-19 2019-01-11
3.5
None Remote Medium Single system None Partial None
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.
769 CVE-2018-12671 200 +Info 2018-10-19 2019-01-11
5.0
None Remote Low Not required Partial None None
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface.
770 CVE-2018-12670 78 2018-10-19 2019-01-09
10.0
None Remote Low Not required Complete Complete Complete
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.
771 CVE-2018-12669 2018-10-19 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi.
772 CVE-2018-12668 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.
773 CVE-2018-12667 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions.
774 CVE-2018-12666 Bypass 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.
775 CVE-2018-12650 79 XSS 2018-10-24 2018-12-04
4.3
None Remote Medium Not required None Partial None
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
776 CVE-2018-12596 269 2018-10-10 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
777 CVE-2018-12544 611 2018-10-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
778 CVE-2018-12542 2018-10-10 2018-10-10
0.0
None ??? ??? ??? ??? ??? ???
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
779 CVE-2018-12541 119 Overflow 2018-10-10 2019-10-09
4.0
None Remote Low Single system None None Partial
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
780 CVE-2018-12479 20 2018-10-09 2019-10-09
5.0
None Remote Low Not required None None Partial
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.
781 CVE-2018-12478 20 2018-10-09 2019-10-09
4.3
None Remote Medium Not required Partial None None
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.
782 CVE-2018-12477 93 2018-10-09 2019-10-09
6.4
None Remote Low Not required None Partial Partial
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
783 CVE-2018-12474 20 2018-10-09 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.
784 CVE-2018-12473 22 Dir. Trav. 2018-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.
785 CVE-2018-12472 287 2018-10-04 2019-10-09
6.4
None Remote Low Not required Partial Partial None
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
786 CVE-2018-12471 611 2018-10-04 2019-10-09
6.4
None Remote Low Not required Partial None Partial
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
787 CVE-2018-12470 89 Sql 2018-10-04 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
788 CVE-2018-12469 476 DoS 2018-10-12 2019-10-09
5.0
None Remote Low Not required None None Partial
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
789 CVE-2018-12456 352 CSRF 2018-10-10 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
790 CVE-2018-12455 287 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
791 CVE-2018-12449 426 2018-10-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
792 CVE-2018-12441 275 Exec Code 2018-10-11 2019-01-17
7.2
None Local Low Not required Complete Complete Complete
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.
793 CVE-2018-12410 Exec Code 2018-10-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
794 CVE-2018-12387 20 2018-10-18 2018-12-06
6.4
None Remote Low Not required Partial None Partial
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
795 CVE-2018-12386 704 Exec Code 2018-10-18 2018-12-06
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
796 CVE-2018-12385 20 2018-10-18 2018-12-06
4.4
None Local Medium Not required Partial Partial Partial
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
797 CVE-2018-12383 522 2018-10-18 2019-10-02
2.1
None Local Low Not required Partial None None
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
798 CVE-2018-12382 20 2018-10-18 2018-12-06
5.0
None Remote Low Not required None Partial None
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*
799 CVE-2018-12381 610 2018-10-18 2019-10-02
5.0
None Remote Low Not required None Partial None
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.
800 CVE-2018-12379 787 2018-10-18 2018-12-06
4.6
None Local Low Not required Partial Partial Partial
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Total number of vulnerabilities : 1473   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.