|
|
Security Vulnerabilities Published
In November 2018 (CVSS score >= 5)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2018-8609 |
116 |
|
Exec Code |
2018-11-14 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. |
|
452 |
CVE-2018-8592 |
|
|
|
2018-11-14 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019. |
|
453 |
CVE-2018-8589 |
|
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. |
|
454 |
CVE-2018-8588 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. |
|
455 |
CVE-2018-8584 |
367 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. |
|
456 |
CVE-2018-8582 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576. |
|
457 |
CVE-2018-8581 |
|
|
|
2018-11-14 |
2020-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. |
|
458 |
CVE-2018-8577 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574. |
|
459 |
CVE-2018-8576 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582. |
|
460 |
CVE-2018-8575 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server. |
|
461 |
CVE-2018-8574 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577. |
|
462 |
CVE-2018-8573 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539. |
|
463 |
CVE-2018-8570 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-09-28 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. |
|
464 |
CVE-2018-8567 |
|
|
|
2018-11-14 |
2019-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. |
|
465 |
CVE-2018-8562 |
404 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
466 |
CVE-2018-8561 |
404 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554. |
|
467 |
CVE-2018-8557 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. |
|
468 |
CVE-2018-8556 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. |
|
469 |
CVE-2018-8555 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. |
|
470 |
CVE-2018-8554 |
404 |
|
|
2018-11-14 |
2022-05-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561. |
|
471 |
CVE-2018-8553 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. |
|
472 |
CVE-2018-8552 |
119 |
|
Overflow Mem. Corr. |
2018-11-14 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. |
|
473 |
CVE-2018-8551 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. |
|
474 |
CVE-2018-8544 |
416 |
|
Exec Code |
2018-11-14 |
2018-12-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
475 |
CVE-2018-8543 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. |
|
476 |
CVE-2018-8542 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. |
|
477 |
CVE-2018-8541 |
787 |
|
Exec Code Mem. Corr. |
2018-11-14 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. |
|
478 |
CVE-2018-8539 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573. |
|
479 |
CVE-2018-8529 |
|
|
Exec Code |
2018-11-15 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team. |
|
480 |
CVE-2018-8524 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582. |
|
481 |
CVE-2018-8522 |
|
|
Exec Code |
2018-11-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582. |
|
482 |
CVE-2018-8485 |
404 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561. |
|
483 |
CVE-2018-8476 |
119 |
|
Exec Code Overflow |
2018-11-14 |
2020-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. |
|
484 |
CVE-2018-8471 |
404 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019. |
|
485 |
CVE-2018-8450 |
404 |
|
Exec Code |
2018-11-14 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
486 |
CVE-2018-8256 |
|
|
Exec Code |
2018-11-14 |
2021-09-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. |
|
487 |
CVE-2018-8021 |
502 |
|
Exec Code |
2018-11-07 |
2019-01-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. |
|
488 |
CVE-2018-8009 |
22 |
|
Dir. Trav. |
2018-11-13 |
2020-10-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. |
|
489 |
CVE-2018-7977 |
200 |
|
+Info |
2018-11-27 |
2018-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage. |
|
490 |
CVE-2018-7960 |
319 |
|
+Info |
2018-11-27 |
2019-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak. |
|
491 |
CVE-2018-7958 |
287 |
|
|
2018-11-27 |
2018-12-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. |
|
492 |
CVE-2018-7830 |
113 |
|
DoS Http R.Spl. |
2018-11-30 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. |
|
493 |
CVE-2018-7811 |
640 |
|
|
2018-11-30 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server |
|
494 |
CVE-2018-7809 |
640 |
|
|
2018-11-30 |
2018-12-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. |
|
495 |
CVE-2018-7807 |
22 |
|
Dir. Trav. |
2018-11-30 |
2018-12-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. |
|
496 |
CVE-2018-7806 |
22 |
|
Dir. Trav. |
2018-11-30 |
2018-12-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. |
|
497 |
CVE-2018-7799 |
427 |
|
Exec Code |
2018-11-02 |
2018-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. |
|
498 |
CVE-2018-7798 |
345 |
|
|
2018-11-02 |
2022-01-31 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. |
|
499 |
CVE-2018-7362 |
284 |
|
|
2018-11-16 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. |
|
500 |
CVE-2018-7359 |
787 |
|
Exec Code Overflow |
2018-11-16 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. |
Total number of vulnerabilities : 595
Page :
1
2
3
4
5
6
7
8
9
10
(This Page) 11
12
|
|
