CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2018 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-18318 20 2018-11-28 2018-12-26
10.0
None Remote Low Not required Complete Complete Complete
Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A.
2 CVE-2018-0692 426 +Priv 2018-11-15 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
3 CVE-2018-0694 78 Exec Code 2018-11-15 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
4 CVE-2018-0721 119 Overflow 2018-11-27 2020-01-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
5 CVE-2018-1552 434 Exec Code 2018-11-02 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.
6 CVE-2018-7362 284 2018-11-16 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
7 CVE-2018-7799 427 Exec Code 2018-11-02 2018-12-27
9.3
None Remote Medium Not required Complete Complete Complete
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.
8 CVE-2018-8256 Exec Code 2018-11-14 2021-09-30
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1.
9 CVE-2018-8450 404 Exec Code 2018-11-14 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
10 CVE-2018-8476 119 Exec Code Overflow 2018-11-14 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.
11 CVE-2018-8522 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.
12 CVE-2018-8524 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.
13 CVE-2018-8539 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.
14 CVE-2018-8544 416 Exec Code 2018-11-14 2018-12-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
15 CVE-2018-8553 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
16 CVE-2018-8573 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.
17 CVE-2018-8574 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577.
18 CVE-2018-8575 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.
19 CVE-2018-8576 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.
20 CVE-2018-8577 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.
21 CVE-2018-8582 Exec Code 2018-11-14 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
22 CVE-2018-9083 798 2018-11-27 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
23 CVE-2018-9355 787 Exec Code 2018-11-06 2018-12-14
10.0
None Remote Low Not required Complete Complete Complete
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921.
24 CVE-2018-9356 415 Exec Code 2018-11-06 2018-12-14
10.0
None Remote Low Not required Complete Complete Complete
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.
25 CVE-2018-9427 787 Exec Code 2018-11-06 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.
26 CVE-2018-9446 787 Exec Code Mem. Corr. 2018-11-06 2018-12-12
10.0
None Remote Low Not required Complete Complete Complete
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.
27 CVE-2018-9450 787 Exec Code 2018-11-06 2018-12-12
9.0
None Remote Low ??? Complete Complete Complete
In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.
28 CVE-2018-9521 787 Exec Code 2018-11-14 2018-12-27
9.3
None Remote Medium Not required Complete Complete Complete
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331
29 CVE-2018-9527 787 Exec Code 2018-11-14 2018-12-14
9.3
None Remote Medium Not required Complete Complete Complete
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345
30 CVE-2018-9531 787 Exec Code 2018-11-14 2018-12-14
9.3
None Remote Medium Not required Complete Complete Complete
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641
31 CVE-2018-9536 787 Exec Code 2018-11-14 2018-12-14
9.3
None Remote Medium Not required Complete Complete Complete
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184
32 CVE-2018-9537 787 Exec Code 2018-11-14 2018-12-27
9.3
None Remote Medium Not required Complete Complete Complete
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564
33 CVE-2018-10587 78 Exec Code 2018-11-01 2018-12-12
9.0
None Remote Low ??? Complete Complete Complete
NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.
34 CVE-2018-11062 798 +Priv 2018-11-02 2019-01-30
9.0
None Remote Low ??? Complete Complete Complete
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
35 CVE-2018-11066 Exec Code 2018-11-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
36 CVE-2018-11766 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
37 CVE-2018-13023 78 Exec Code 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
38 CVE-2018-13306 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
39 CVE-2018-13307 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
40 CVE-2018-13311 78 Exec Code 2018-11-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
41 CVE-2018-13314 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
42 CVE-2018-13316 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
43 CVE-2018-13330 78 Exec Code 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
44 CVE-2018-13336 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
45 CVE-2018-13338 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
46 CVE-2018-13353 78 Exec Code 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
47 CVE-2018-13354 78 Exec Code 2018-11-27 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
48 CVE-2018-13356 863 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
49 CVE-2018-13358 78 Exec Code 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
50 CVE-2018-13396 Exec Code 2018-11-05 2020-05-11
9.0
None Remote Low ??? Complete Complete Complete
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Total number of vulnerabilities : 81   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.