CVE List - 2018 / November
Showing 901 - 983 of 983 CVEs for November 2018 (Page 10 of 10)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-17930 | 2018-11-28 | A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution. |
| CVE-2018-19622 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. |
| CVE-2018-19623 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped... |
| CVE-2018-19624 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. |
| CVE-2018-19625 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. |
| CVE-2018-19626 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. |
| CVE-2018-19627 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. |
| CVE-2018-19628 | 2018-11-29 | In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. |
| CVE-2018-19654 | 2018-11-29 | An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component... |
| CVE-2018-19655 | 2018-11-29 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack,... |
| CVE-2018-19661 | 2018-11-29 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. |
| CVE-2018-19662 | 2018-11-29 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. |
| CVE-2018-19664 | 2018-11-29 | libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. |
| CVE-2018-19666 | 2018-11-29 | The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
| CVE-2018-12238 | 2018-11-29 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection... |
| CVE-2018-12239 | 2018-11-29 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection... |
| CVE-2018-12245 | 2018-11-29 | Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed... |
| CVE-2018-18649 | 2018-11-29 | An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. |
| CVE-2018-11002 | 2018-11-29 | Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. |
| CVE-2018-16859 | 2018-11-29 | Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with... |
| CVE-2018-1762 | 2018-11-29 | IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-8784 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. |
| CVE-2018-8785 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. |
| CVE-2018-8786 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote... |
| CVE-2018-8787 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote... |
| CVE-2018-8788 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. |
| CVE-2018-10851 | 2018-11-29 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing... |
| CVE-2018-14626 | 2018-11-29 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to... |
| CVE-2018-19692 | 2018-11-29 | An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type. |
| CVE-2018-19693 | 2018-11-29 | An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. |
| CVE-2018-8789 | 2018-11-29 | FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). |
| CVE-2018-15978 | 2018-11-29 | Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-15979 | 2018-11-29 | Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-15980 | 2018-11-29 | Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-15981 | 2018-11-29 | Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-15537 | 2018-11-29 | Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. |
| CVE-2018-19120 | 2018-11-29 | The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. |
| CVE-2018-19748 | 2018-11-29 | app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL... |
| CVE-2018-18619 | 2018-11-29 | internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote... |
| CVE-2018-19749 | 2018-11-29 | DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. |
| CVE-2018-19750 | 2018-11-29 | DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. |
| CVE-2018-19751 | 2018-11-29 | DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. |
| CVE-2018-19752 | 2018-11-29 | DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. |
| CVE-2018-19497 | 2018-11-29 | In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service... |
| CVE-2018-19527 | 2018-11-29 | i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. |
| CVE-2018-19758 | 2018-11-30 | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. |
| CVE-2018-19755 | 2018-11-30 | There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can... |
| CVE-2018-19756 | 2018-11-30 | There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. |
| CVE-2018-19757 | 2018-11-30 | There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. |
| CVE-2018-19759 | 2018-11-30 | There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. |
| CVE-2018-19760 | 2018-11-30 | cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. |
| CVE-2018-19761 | 2018-11-30 | There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. |
| CVE-2018-19762 | 2018-11-30 | There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. |
| CVE-2018-19763 | 2018-11-30 | There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. |
| CVE-2018-19777 | 2018-11-30 | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
| CVE-2018-14637 | 2018-11-30 | The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. |
| CVE-2018-0716 | 2018-11-30 | Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers... |
| CVE-2018-16093 | 2018-11-30 | LXCI for VMware |
| CVE-2018-16097 | 2018-11-30 | LXCI for VMware and LXCI for Microsoft System Center |
| CVE-2018-9072 | 2018-11-30 | LXCI for VMware |
| CVE-2018-1897 | 2018-11-30 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an... |
| CVE-2018-1927 | 2018-11-30 | IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force... |
| CVE-2018-1928 | 2018-11-30 | IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged... |
| CVE-2018-15767 | 2018-11-30 | Improper Authorization Vulnerability |
| CVE-2018-15768 | 2018-11-30 | Insecure MySQL Configuration Vulnerability |
| CVE-2018-3948 | 2018-11-30 | An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in... |
| CVE-2018-15835 | 2018-11-30 | Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. |
| CVE-2018-18860 | 2018-11-30 | A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute... |
| CVE-2018-18983 | 2018-11-30 | VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash... |
| CVE-2018-18987 | 2018-11-30 | VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to... |
| CVE-2018-19290 | 2018-11-30 | In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a... |
| CVE-2018-16476 | 2018-11-30 | A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give... |
| CVE-2018-16477 | 2018-11-30 | A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in... |
| CVE-2018-7806 | 2018-11-30 | Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated... |
| CVE-2018-7807 | 2018-11-30 | Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly... |
| CVE-2018-7809 | 2018-11-30 | An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the... |
| CVE-2018-7810 | 2018-11-30 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker... |
| CVE-2018-7811 | 2018-11-30 | An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the... |
| CVE-2018-7830 | 2018-11-30 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial... |
| CVE-2018-7831 | 2018-11-30 | An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing... |
| CVE-2018-15715 | 2018-11-30 | Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP... |
| CVE-2018-15716 | 2018-11-30 | NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. |
| CVE-2018-19784 | 2018-12-01 | The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. |
| CVE-2018-19785 | 2018-12-01 | PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. |
| CVE-2018-3949 | 2018-12-01 | An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive... |
| CVE-2018-3950 | 2018-12-01 | An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can... |
| CVE-2018-3951 | 2018-12-01 | An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in... |
| CVE-2018-4038 | 2018-12-01 | An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can... |
| CVE-2018-4039 | 2018-12-01 | An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution... |
| CVE-2018-4040 | 2018-12-01 | An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a... |
| CVE-2018-19787 | 2018-12-02 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as... |
| CVE-2018-19788 | 2018-12-03 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. |
| CVE-2018-19791 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body... |
| CVE-2018-19792 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through... |
| CVE-2018-19793 | 2018-12-03 | jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data. |
| CVE-2018-19794 | 2018-12-03 | Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter. |
| CVE-2018-19795 | 2018-12-03 | ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. |
| CVE-2018-19796 | 2018-12-03 | An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. |
| CVE-2018-19797 | 2018-12-03 | In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass... |
| CVE-2018-16855 | 2018-12-03 | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of... |