CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2018-19497 125 DoS 2018-11-29 2022-06-20
4.3
None Remote Medium Not required None None Partial
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
902 CVE-2018-19499 502 Exec Code 2018-11-23 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
903 CVE-2018-19502 787 Overflow 2018-11-23 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.
904 CVE-2018-19503 787 Overflow 2018-11-23 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.
905 CVE-2018-19504 125 2018-11-23 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
906 CVE-2018-19517 125 2018-11-24 2018-12-19
4.3
None Remote Medium Not required None None Partial
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.
907 CVE-2018-19518 88 Exec Code 2018-11-25 2022-04-18
8.5
None Remote Medium ??? Complete Complete Complete
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
908 CVE-2018-19519 125 2018-11-25 2020-08-24
4.3
None Remote Medium Not required Partial None None
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
909 CVE-2018-19520 94 Exec Code 2018-11-25 2019-02-04
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
910 CVE-2018-19527 79 XSS 2018-11-29 2018-12-26
4.3
None Remote Medium Not required None Partial None
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
911 CVE-2018-19528 119 DoS Overflow 2018-11-26 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
912 CVE-2018-19530 20 Exec Code 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.
913 CVE-2018-19531 20 Exec Code 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
914 CVE-2018-19532 476 DoS 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
915 CVE-2018-19535 125 DoS 2018-11-26 2019-07-15
4.3
None Remote Medium Not required None None Partial
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
916 CVE-2018-19537 434 Exec Code 2018-11-26 2018-12-28
9.0
None Remote Low ??? Complete Complete Complete
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
917 CVE-2018-19539 617 DoS 2018-11-26 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
918 CVE-2018-19540 787 Overflow 2018-11-26 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
919 CVE-2018-19541 125 2018-11-26 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
920 CVE-2018-19542 476 DoS 2018-11-26 2020-04-15
4.3
None Remote Medium Not required None None Partial
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
921 CVE-2018-19543 125 2018-11-26 2020-09-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
922 CVE-2018-19544 352 CSRF 2018-11-26 2018-12-19
4.3
None Remote Medium Not required None Partial None
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
923 CVE-2018-19545 352 CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
924 CVE-2018-19546 352 XSS CSRF 2018-11-26 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
925 CVE-2018-19547 79 XSS 2018-11-26 2018-12-19
4.3
None Remote Medium Not required None Partial None
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.
926 CVE-2018-19548 307 2018-11-26 2020-08-24
5.0
None Remote Low Not required Partial None None
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
927 CVE-2018-19549 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low ??? Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
928 CVE-2018-19550 434 2018-11-26 2019-05-23
6.5
None Remote Low ??? Partial Partial Partial
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
929 CVE-2018-19551 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low ??? Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
930 CVE-2018-19552 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low ??? Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
931 CVE-2018-19553 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low ??? Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
932 CVE-2018-19554 79 XSS 2018-11-26 2019-03-06
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.
933 CVE-2018-19555 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
934 CVE-2018-19556 20 2018-11-26 2019-04-16
4.3
None Remote Medium Not required None Partial None
** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability.
935 CVE-2018-19557 89 Sql 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.
936 CVE-2018-19558 89 Sql 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
937 CVE-2018-19559 89 Sql 2018-11-26 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
938 CVE-2018-19560 352 CSRF 2018-11-26 2018-12-31
9.3
None Remote Medium Not required Complete Complete Complete
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
939 CVE-2018-19561 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
940 CVE-2018-19562 434 Exec Code 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
941 CVE-2018-19564 79 XSS 2018-11-26 2018-12-18
4.3
None Remote Medium Not required None Partial None
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
942 CVE-2018-19565 125 +Info 2018-11-26 2018-12-19
5.8
None Remote Medium Not required Partial None Partial
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
943 CVE-2018-19566 125 +Info 2018-11-26 2018-12-19
5.8
None Remote Medium Not required Partial None Partial
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.
944 CVE-2018-19567 119 Overflow 2018-11-26 2018-12-19
4.3
None Remote Medium Not required None None Partial
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
945 CVE-2018-19568 119 Overflow 2018-11-26 2018-12-19
4.3
None Remote Medium Not required None None Partial
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
946 CVE-2018-19587 119 Overflow 2018-11-27 2019-01-31
4.3
None Remote Medium Not required None None Partial
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
947 CVE-2018-19595 94 Exec Code 2018-11-27 2019-04-17
7.5
None Remote Low Not required Partial Partial Partial
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
948 CVE-2018-19607 476 DoS 2018-11-27 2019-08-06
4.3
None Remote Medium Not required None None Partial
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
949 CVE-2018-19609 200 +Info 2018-11-27 2018-12-21
4.0
None Remote Low ??? Partial None None
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
950 CVE-2018-19620 425 2018-11-28 2019-10-03
4.0
None Remote Low ??? None Partial None
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
Total number of vulnerabilities : 984   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.