| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
851 |
CVE-2018-6062 |
787 |
|
Overflow |
2018-11-14 |
2018-12-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
|
852 |
CVE-2018-6061 |
362 |
|
|
2018-11-14 |
2018-12-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
853 |
CVE-2018-6060 |
416 |
|
|
2018-11-14 |
2018-12-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
854 |
CVE-2018-6057 |
732 |
|
Bypass |
2018-11-14 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. |
|
855 |
CVE-2018-6012 |
94 |
|
|
2018-11-01 |
2019-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. |
|
856 |
CVE-2018-6011 |
287 |
|
|
2018-11-01 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. |
|
857 |
CVE-2018-5919 |
416 |
|
|
2018-11-27 |
2018-12-21 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot. |
|
858 |
CVE-2018-5918 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. |
|
859 |
CVE-2018-5917 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. |
|
860 |
CVE-2018-5916 |
125 |
|
|
2018-11-28 |
2018-12-26 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. |
|
861 |
CVE-2018-5912 |
119 |
|
Overflow |
2018-11-28 |
2019-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 |
|
862 |
CVE-2018-5910 |
119 |
|
Overflow Mem. Corr. |
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers. |
|
863 |
CVE-2018-5909 |
119 |
|
Overflow Mem. Corr. |
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption. |
|
864 |
CVE-2018-5908 |
119 |
|
Overflow |
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying. |
|
865 |
CVE-2018-5906 |
119 |
|
Overflow |
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer. |
|
866 |
CVE-2018-5904 |
416 |
|
|
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur. |
|
867 |
CVE-2018-5877 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20. |
|
868 |
CVE-2018-5870 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. |
|
869 |
CVE-2018-5861 |
704 |
|
|
2018-11-27 |
2018-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader. |
|
870 |
CVE-2018-5856 |
416 |
|
|
2018-11-27 |
2018-12-21 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. |
|
871 |
CVE-2018-5559 |
312 |
|
|
2018-11-28 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. |
|
872 |
CVE-2018-5495 |
|
|
|
2018-11-14 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. |
|
873 |
CVE-2018-5407 |
203 |
|
|
2018-11-15 |
2020-09-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. |
|
874 |
CVE-2018-3977 |
787 |
|
Exec Code Overflow |
2018-11-01 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. |
|
875 |
CVE-2018-3948 |
20 |
|
|
2018-11-30 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. |
|
876 |
CVE-2018-3947 |
200 |
|
+Info |
2018-11-01 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. |
|
877 |
CVE-2018-3935 |
400 |
|
DoS Exec Code |
2018-11-02 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. |
|
878 |
CVE-2018-3934 |
|
|
Exec Code Bypass |
2018-11-02 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. |
|
879 |
CVE-2018-3928 |
200 |
|
DoS Exec Code +Info |
2018-11-01 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. |
|
880 |
CVE-2018-3920 |
20 |
|
Exec Code |
2018-11-02 |
2022-04-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. |
|
881 |
CVE-2018-3910 |
78 |
|
Exec Code |
2018-11-01 |
2022-04-19 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. |
|
882 |
CVE-2018-3900 |
119 |
|
Exec Code Overflow |
2018-11-01 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. |
|
883 |
CVE-2018-3899 |
119 |
|
Exec Code Overflow |
2018-11-02 |
2022-04-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field |
|
884 |
CVE-2018-3898 |
119 |
|
Exec Code Overflow |
2018-11-02 |
2022-04-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field. |
|
885 |
CVE-2018-3892 |
119 |
|
Exec Code Overflow |
2018-11-02 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability. |
|
886 |
CVE-2018-3891 |
20 |
|
|
2018-11-02 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. |
|
887 |
CVE-2018-3890 |
78 |
|
Exec Code |
2018-11-02 |
2022-04-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. |
|
888 |
CVE-2018-3699 |
79 |
|
XSS |
2018-11-14 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. |
|
889 |
CVE-2018-3698 |
|
|
+Priv |
2018-11-14 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. |
|
890 |
CVE-2018-3697 |
732 |
|
|
2018-11-14 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. |
|
891 |
CVE-2018-3696 |
287 |
|
+Priv Bypass |
2018-11-14 |
2018-12-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. |
|
892 |
CVE-2018-3635 |
269 |
|
DoS |
2018-11-14 |
2021-03-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. |
|
893 |
CVE-2018-3621 |
200 |
|
+Info |
2018-11-14 |
2018-12-13 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
|
894 |
CVE-2018-2491 |
94 |
|
|
2018-11-13 |
2019-02-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
|
895 |
CVE-2018-2490 |
732 |
|
|
2018-11-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
|
896 |
CVE-2018-2489 |
732 |
|
|
2018-11-13 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
|
897 |
CVE-2018-2488 |
|
|
|
2018-11-13 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
|
898 |
CVE-2018-2487 |
|
|
|
2018-11-13 |
2020-08-24 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. |
|
899 |
CVE-2018-2485 |
|
|
|
2018-11-13 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
|
900 |
CVE-2018-2483 |
287 |
|
|
2018-11-13 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. |
