CVE List - 2018 / December
Showing 301 - 400 of 1163 CVEs for December 2018 (Page 4 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-9576 | 2018-12-07 | In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2018-9577 | 2018-12-07 | In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2018-9578 | 2018-12-07 | In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2018-19961 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after... |
| CVE-2018-19962 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into... |
| CVE-2018-19963 | 2018-12-08 | An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ... |
| CVE-2018-19964 | 2018-12-08 | An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain... |
| CVE-2018-19965 | 2018-12-08 | An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical... |
| CVE-2018-19966 | 2018-12-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because... |
| CVE-2018-19967 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work... |
| CVE-2018-19980 | 2018-12-08 | Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to... |
| CVE-2018-19653 | 2018-12-09 | HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a... |
| CVE-2018-19982 | 2018-12-09 | An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products... |
| CVE-2018-19983 | 2018-12-09 | An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker... |
| CVE-2018-19991 | 2018-12-10 | VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230. |
| CVE-2018-20002 | 2018-12-10 | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading... |
| CVE-2018-20000 | 2018-12-10 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. |
| CVE-2018-20001 | 2018-12-10 | In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. |
| CVE-2018-20004 | 2018-12-10 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the... |
| CVE-2018-20005 | 2018-12-10 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. |
| CVE-2018-20006 | 2018-12-10 | An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). |
| CVE-2018-20009 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. |
| CVE-2018-20010 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. |
| CVE-2018-20011 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. |
| CVE-2018-20012 | 2018-12-10 | PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. |
| CVE-2018-20015 | 2018-12-10 | YzmCMS v5.2 has admin/role/add.html CSRF. |
| CVE-2018-20017 | 2018-12-10 | SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. |
| CVE-2018-20018 | 2018-12-10 | S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. |
| CVE-2018-1000862 | 2018-12-10 | An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file... |
| CVE-2018-1000863 | 2018-12-10 | A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper... |
| CVE-2018-1000864 | 2018-12-10 | A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter... |
| CVE-2018-1000865 | 2018-12-10 | A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if... |
| CVE-2018-1000866 | 2018-12-10 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding... |
| CVE-2018-1671 | 2018-12-10 | IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser... |
| CVE-2018-1000861 | 2018-12-10 | A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on... |
| CVE-2018-1957 | 2018-12-10 | IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when... |
| CVE-2016-10502 | 2018-12-10 | While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD... |
| CVE-2018-3988 | 2018-12-10 | Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave... |
| CVE-2018-15805 | 2018-12-10 | Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). |
| CVE-2018-16635 | 2018-12-10 | Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. |
| CVE-2018-16636 | 2018-12-10 | Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. |
| CVE-2018-1279 | 2018-12-10 | RabbitMQ cluster compromise due to deterministically generated cookie |
| CVE-2018-15800 | 2018-12-10 | Timing attack allows extraction of signing key in Bits Service |
| CVE-2018-20029 | 2018-12-10 | The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be... |
| CVE-2018-20050 | 2018-12-10 | Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri... |
| CVE-2018-20051 | 2018-12-10 | Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as... |
| CVE-2018-20056 | 2018-12-11 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without... |
| CVE-2018-20057 | 2018-12-11 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST... |
| CVE-2018-20058 | 2018-12-11 | In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. |
| CVE-2018-20059 | 2018-12-11 | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. |
| CVE-2018-17481 | 2018-12-11 | Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2018-18335 | 2018-12-11 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-18336 | 2018-12-11 | Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2018-18337 | 2018-12-11 | Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted... |
| CVE-2018-18338 | 2018-12-11 | Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-18339 | 2018-12-11 | Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-18340 | 2018-12-11 | Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-18341 | 2018-12-11 | An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... |
| CVE-2018-18342 | 2018-12-11 | Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote... |
| CVE-2018-18343 | 2018-12-11 | Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted... |
| CVE-2018-18344 | 2018-12-11 | Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on... |
| CVE-2018-18345 | 2018-12-11 | Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via... |
| CVE-2018-18346 | 2018-12-11 | Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. |
| CVE-2018-18347 | 2018-12-11 | Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary... |
| CVE-2018-18348 | 2018-12-11 | Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar)... |
| CVE-2018-18349 | 2018-12-11 | Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to... |
| CVE-2018-18350 | 2018-12-11 | Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2018-18351 | 2018-12-11 | Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via... |
| CVE-2018-18352 | 2018-12-11 | Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content... |
| CVE-2018-18353 | 2018-12-11 | Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin... |
| CVE-2018-18354 | 2018-12-11 | Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. |
| CVE-2018-18355 | 2018-12-11 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2018-18356 | 2018-12-11 | An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via... |
| CVE-2018-18357 | 2018-12-11 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2018-18358 | 2018-12-11 | Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a... |
| CVE-2018-18359 | 2018-12-11 | Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
| CVE-2018-17480 | 2018-12-11 | Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary... |
| CVE-2018-1652 | 2018-12-11 | IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and... |
| CVE-2018-1654 | 2018-12-11 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to... |
| CVE-2018-1900 | 2018-12-11 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2018-1904 | 2018-12-11 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources.... |
| CVE-2018-19968 | 2018-12-11 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the... |
| CVE-2018-19969 | 2018-12-11 | phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to... |
| CVE-2018-19970 | 2018-12-11 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. |
| CVE-2018-20060 | 2018-12-11 | urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for... |
| CVE-2018-20061 | 2018-12-11 | A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via... |
| CVE-2018-20062 | 2018-12-11 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. |
| CVE-2018-20064 | 2018-12-11 | doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. |
| CVE-2018-18810 | 2018-12-11 | TIBCO Managed File Transfer Credentials Disclosure |
| CVE-2018-2486 | 2018-12-11 | SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2492 | 2018-12-11 | SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. |
| CVE-2018-2494 | 2018-12-11 | Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered... |
| CVE-2018-2497 | 2018-12-11 | The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name>... |
| CVE-2018-2500 | 2018-12-11 | Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. |
| CVE-2018-2502 | 2018-12-11 | TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS... |
| CVE-2018-2503 | 2018-12-11 | By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java... |
| CVE-2018-2504 | 2018-12-11 | SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This... |
| CVE-2018-2505 | 2018-12-11 | SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2,... |
| CVE-2018-6703 | 2018-12-11 | Remote Logging functionality had a use after free vulnerability in McAfee Agent |
| CVE-2018-10143 | 2018-12-12 | The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. |