CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-17909 416 Exec Code 2018-11-05 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
402 CVE-2018-17907 200 +Info 2018-11-05 2019-10-09
4.3
None Remote Medium Not required Partial None None
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
403 CVE-2018-17906 255 2018-11-19 2019-10-09
3.3
None Local Network Low Not required Partial None None
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
404 CVE-2018-17905 119 Overflow Mem. Corr. 2018-11-05 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
405 CVE-2018-17614 119 Exec Code Overflow 2018-11-13 2019-10-09
5.8
None Local Network Low Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436.
406 CVE-2018-17612 295 2018-11-09 2019-05-15
5.0
None Remote Low Not required None Partial None
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
407 CVE-2018-17477 20 2018-11-14 2018-12-21
4.3
None Remote Medium Not required None Partial None
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
408 CVE-2018-17476 20 2018-11-14 2018-12-21
4.3
None Remote Medium Not required None Partial None
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
409 CVE-2018-17475 20 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
410 CVE-2018-17474 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
411 CVE-2018-17473 20 2018-11-14 2018-12-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
412 CVE-2018-17472 20 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
413 CVE-2018-17471 20 2018-11-14 2018-12-21
4.3
None Remote Medium Not required None Partial None
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
414 CVE-2018-17469 125 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
415 CVE-2018-17468 200 +Info 2018-11-14 2018-12-19
4.3
None Remote Medium Not required Partial None None
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
416 CVE-2018-17467 20 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
417 CVE-2018-17466 125 2018-11-14 2019-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
418 CVE-2018-17465 416 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
419 CVE-2018-17464 20 2018-11-14 2018-12-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
420 CVE-2018-17463 20 Exec Code 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
421 CVE-2018-17462 20 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
422 CVE-2018-17256 79 XSS 2018-11-27 2018-12-31
3.5
None Remote Medium Single system None Partial None
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
423 CVE-2018-17190 287 Exec Code 2018-11-19 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
424 CVE-2018-17187 2018-11-13 2018-11-16
0.0
None ??? ??? ??? ??? ??? ???
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.
425 CVE-2018-17186 Exec Code 2018-11-06 2018-11-06
0.0
None ??? ??? ??? ??? ??? ???
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
426 CVE-2018-17184 79 Exec Code XSS 2018-11-06 2018-12-13
3.5
None Remote Medium Single system None Partial None
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.
427 CVE-2018-17156 787 2018-11-28 2019-10-02
4.3
None Remote Medium Not required None None Partial
In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.
428 CVE-2018-16986 Exec Code Overflow 2018-11-06 2018-11-07
0.0
None ??? ??? ??? ??? ??? ???
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
429 CVE-2018-16862 200 +Info 2018-11-26 2019-04-01
2.1
None Local Low Not required Partial None None
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
430 CVE-2018-16859 532 2018-11-29 2019-04-03
2.1
None Local Low Not required Partial None None
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
431 CVE-2018-16857 358 2018-11-28 2019-10-09
4.3
None Remote Medium Not required None Partial None
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.
432 CVE-2018-16854 352 CSRF 2018-11-26 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
433 CVE-2018-16853 400 2018-11-28 2019-10-09
4.3
None Remote Medium Not required None None Partial
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.
434 CVE-2018-16852 476 DoS 2018-11-28 2019-10-09
3.5
None Remote Medium Single system None None Partial
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
435 CVE-2018-16851 476 DoS 2018-11-28 2019-10-09
4.0
None Remote Low Single system None None Partial
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.
436 CVE-2018-16850 89 Sql 2018-11-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
437 CVE-2018-16849 200 +Info 2018-11-02 2019-10-09
5.0
None Remote Low Not required Partial None None
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
438 CVE-2018-16847 125 2018-11-02 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
439 CVE-2018-16845 835 2018-11-07 2019-10-02
5.8
None Remote Medium Not required Partial None Partial
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
440 CVE-2018-16844 400 2018-11-07 2019-09-10
7.8
None Remote Low Not required None None Complete
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
441 CVE-2018-16843 400 2018-11-07 2019-09-10
7.8
None Remote Low Not required None None Complete
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
442 CVE-2018-16841 415 DoS Mem. Corr. 2018-11-28 2019-10-09
4.0
None Remote Low Single system None None Partial
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
443 CVE-2018-16621 94 2018-11-15 2019-01-24
6.5
None Remote Low Single system Partial Partial Partial
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
444 CVE-2018-16620 200 +Info 2018-11-15 2019-10-02
5.0
None Remote Low Not required Partial None None
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
445 CVE-2018-16619 79 XSS 2018-11-15 2018-12-17
4.3
None Remote Medium Not required None Partial None
Sonatype Nexus Repository Manager before 3.14 allows XSS.
446 CVE-2018-16477 Bypass 2018-11-30 2019-10-09
4.3
None Remote Medium Not required None Partial None
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.
447 CVE-2018-16476 502 2018-11-30 2019-10-09
5.0
None Remote Low Not required Partial None None
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
448 CVE-2018-16475 22 Dir. Trav. 2018-11-06 2019-10-09
5.0
None Remote Low Not required Partial None None
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
449 CVE-2018-16474 79 XSS 2018-11-06 2019-10-09
4.3
None Remote Medium Not required None Partial None
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.
450 CVE-2018-16473 22 Dir. Trav. 2018-11-06 2019-10-09
5.0
None Remote Low Not required Partial None None
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
Total number of vulnerabilities : 982   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.