CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-20020 787 Exec Code 2018-12-19 2019-08-09
7.5
None Remote Low Not required Partial Partial Partial
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
402 CVE-2018-20019 787 Exec Code 2018-12-19 2019-08-09
7.5
None Remote Low Not required Partial Partial Partial
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
403 CVE-2018-20018 89 Sql 2018-12-10 2018-12-29
5.0
None Remote Low Not required Partial None None
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
404 CVE-2018-20017 79 XSS 2018-12-10 2018-12-28
3.5
None Remote Medium Single system None Partial None
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
405 CVE-2018-20015 352 CSRF 2018-12-10 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
YzmCMS v5.2 has admin/role/add.html CSRF.
406 CVE-2018-20012 79 XSS 2018-12-10 2018-12-31
3.5
None Remote Medium Single system None Partial None
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
407 CVE-2018-20011 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
408 CVE-2018-20010 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
409 CVE-2018-20009 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
410 CVE-2018-20006 79 XSS 2018-12-10 2019-01-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
411 CVE-2018-20005 416 2018-12-10 2019-04-03
4.3
None Remote Medium Not required None None Partial
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
412 CVE-2018-20004 119 Overflow 2018-12-10 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
413 CVE-2018-20002 772 DoS 2018-12-09 2019-10-02
4.3
None Remote Medium Not required None None Partial
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
414 CVE-2018-20001 20 DoS 2018-12-09 2019-01-03
4.3
None Remote Medium Not required None None Partial
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
415 CVE-2018-20000 611 2018-12-09 2019-01-24
5.0
None Remote Low Not required Partial None None
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
416 CVE-2018-19991 Bypass 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
417 CVE-2018-19983 330 2018-12-09 2019-10-02
6.1
None Local Network Low Not required None None Complete
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
418 CVE-2018-19982 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.
419 CVE-2018-19980 20 DoS 2018-12-08 2019-01-03
7.8
None Remote Low Not required None None Complete
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
420 CVE-2018-19976 200 +Info 2018-12-17 2019-10-05
4.3
None Remote Medium Not required Partial None None
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
421 CVE-2018-19975 125 2018-12-17 2019-10-05
7.1
None Remote Medium Not required Complete None None
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
422 CVE-2018-19974 200 +Info 2018-12-17 2019-10-05
4.3
None Remote Medium Not required Partial None None
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
423 CVE-2018-19970 79 XSS 2018-12-11 2019-04-22
4.3
None Remote Medium Not required None Partial None
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
424 CVE-2018-19969 352 CSRF 2018-12-11 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
425 CVE-2018-19968 200 +Info 2018-12-11 2019-04-23
4.0
None Remote Low Single system Partial None None
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
426 CVE-2018-19967 20 DoS 2018-12-07 2019-04-17
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
427 CVE-2018-19966 436 DoS +Priv 2018-12-07 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
428 CVE-2018-19965 DoS 2018-12-07 2019-10-02
4.7
None Local Medium Not required None None Complete
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
429 CVE-2018-19964 388 DoS 2018-12-07 2018-12-28
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
430 CVE-2018-19963 617 DoS +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
431 CVE-2018-19962 200 +Priv +Info 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
432 CVE-2018-19961 459 +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
433 CVE-2018-19960 +Info 2018-12-07 2018-12-07
0.0
None ??? ??? ??? ??? ??? ???
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
434 CVE-2018-19939 476 2018-12-07 2019-05-17
5.0
None Remote Low Not required None None Partial
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
435 CVE-2018-19937 287 Bypass 2018-12-31 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
436 CVE-2018-19936 20 2018-12-17 2019-01-04
5.5
None Remote Low Single system None Partial Partial
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
437 CVE-2018-19935 476 DoS 2018-12-07 2019-06-18
5.0
None Remote Low Not required None None Partial
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
438 CVE-2018-19933 79 XSS 2018-12-17 2019-01-07
4.3
None Remote Medium Not required None Partial None
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
439 CVE-2018-19932 190 Overflow 2018-12-07 2019-08-03
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
440 CVE-2018-19931 119 Overflow 2018-12-07 2019-08-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
441 CVE-2018-19927 79 XSS 2018-12-06 2019-01-02
3.5
None Remote Medium Single system None Partial None
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
442 CVE-2018-19926 79 XSS 2018-12-06 2019-01-02
4.3
None Remote Medium Not required None Partial None
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
443 CVE-2018-19925 89 Sql 2018-12-06 2019-01-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
444 CVE-2018-19924 79 XSS 2018-12-06 2019-01-11
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
445 CVE-2018-19923 352 CSRF 2018-12-06 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
446 CVE-2018-19922 XSS 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.
447 CVE-2018-19921 79 XSS 2018-12-06 2018-12-10
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
448 CVE-2018-19919 79 XSS 2018-12-06 2018-12-31
3.5
None Remote Medium Single system None Partial None
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.
449 CVE-2018-19918 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
450 CVE-2018-19915 79 XSS 2018-12-06 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
Total number of vulnerabilities : 1160   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.