CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2018 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2018-17474 787 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
252 CVE-2018-17472 20 2018-11-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
253 CVE-2018-17469 125 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
254 CVE-2018-17466 125 2018-11-14 2019-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
255 CVE-2018-17465 416 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
256 CVE-2018-17463 Exec Code 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
257 CVE-2018-17462 416 2018-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
258 CVE-2018-17190 Exec Code 2018-11-19 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
259 CVE-2018-17187 295 2018-11-13 2019-01-31
5.8
None Remote Medium Not required Partial Partial None
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.
260 CVE-2018-17186 611 Exec Code 2018-11-06 2019-01-31
6.5
None Remote Low ??? Partial Partial Partial
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
261 CVE-2018-16986 787 Exec Code Overflow 2018-11-06 2020-08-24
5.8
None Local Network Low Not required Partial Partial Partial
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
262 CVE-2018-16854 352 CSRF 2018-11-26 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
263 CVE-2018-16850 89 Sql 2018-11-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
264 CVE-2018-16849 200 +Info 2018-11-02 2019-10-09
5.0
None Remote Low Not required Partial None None
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
265 CVE-2018-16845 400 2018-11-07 2022-02-22
5.8
None Remote Medium Not required Partial None Partial
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
266 CVE-2018-16844 400 2018-11-07 2022-02-22
7.8
None Remote Low Not required None None Complete
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
267 CVE-2018-16843 400 2018-11-07 2022-02-22
7.8
None Remote Low Not required None None Complete
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
268 CVE-2018-16621 917 2018-11-15 2021-03-04
6.5
None Remote Low ??? Partial Partial Partial
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
269 CVE-2018-16620 863 2018-11-15 2020-08-24
5.0
None Remote Low Not required Partial None None
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
270 CVE-2018-16476 502 2018-11-30 2019-10-09
5.0
None Remote Low Not required Partial None None
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
271 CVE-2018-16475 22 Dir. Trav. 2018-11-06 2019-10-09
5.0
None Remote Low Not required Partial None None
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
272 CVE-2018-16473 22 Dir. Trav. 2018-11-06 2019-10-09
5.0
None Remote Low Not required Partial None None
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
273 CVE-2018-16472 20 2018-11-06 2019-10-09
5.0
None Remote Low Not required None None Partial
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
274 CVE-2018-16470 400 2018-11-13 2019-10-09
5.0
None Remote Low Not required None None Partial
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
275 CVE-2018-16396 2018-11-16 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
276 CVE-2018-16395 2018-11-16 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
277 CVE-2018-16224 200 +Info 2018-11-20 2018-12-20
5.0
None Remote Low Not required Partial None None
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
278 CVE-2018-16223 522 2018-11-20 2019-10-03
5.0
None Remote Low Not required Partial None None
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
279 CVE-2018-16163 Bypass 2018-11-15 2020-08-24
5.5
None Remote Low ??? None Partial Partial
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.
280 CVE-2018-16161 +Priv 2018-11-15 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
281 CVE-2018-16130 78 Exec Code 2018-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
282 CVE-2018-16094 119 Overflow 2018-11-27 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
283 CVE-2018-16091 119 Overflow 2018-11-27 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
284 CVE-2018-16090 78 2018-11-27 2019-10-03
6.0
None Remote Medium ??? Partial Partial Partial
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
285 CVE-2018-16089 78 2018-11-27 2019-10-03
8.5
None Remote Medium ??? Complete Complete Complete
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
286 CVE-2018-15981 704 Exec Code 2018-11-29 2018-12-28
10.0
None Remote Low Not required Complete Complete Complete
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
287 CVE-2018-15980 125 2018-11-29 2018-12-04
5.0
None Remote Low Not required Partial None None
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
288 CVE-2018-15979 200 +Info 2018-11-29 2019-08-21
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.
289 CVE-2018-15978 125 2018-11-29 2018-12-28
5.0
None Remote Low Not required Partial None None
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
290 CVE-2018-15835 732 2018-11-30 2020-08-24
5.0
None Remote Low Not required Partial None None
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
291 CVE-2018-15796 326 2018-11-09 2020-08-24
5.5
None Remote Low ??? Partial Partial None
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
292 CVE-2018-15795 338 2018-11-13 2019-10-09
5.5
None Remote Low ??? Partial Partial None
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
293 CVE-2018-15769 DoS 2018-11-16 2022-04-18
5.0
None Remote Low Not required None None Partial
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
294 CVE-2018-15767 863 2018-11-30 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
295 CVE-2018-15762 269 2018-11-02 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
296 CVE-2018-15761 +Priv 2018-11-19 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
297 CVE-2018-15759 307 2018-11-19 2019-10-09
5.0
None Remote Low Not required Partial None None
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.
298 CVE-2018-15716 78 Exec Code 2018-11-30 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
299 CVE-2018-15715 20 2018-11-30 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
300 CVE-2018-15711 78 2018-11-14 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
Total number of vulnerabilities : 595   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.