SB18-323: Vulnerability Summary for the Week of November 12, 2018
Original release date: November 19, 2018
Back to top
Back to top
Back to top
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | 2018-11-14 | not yet calculated | CVE-2018-19187 BID MISC |
| amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | 2018-11-14 | not yet calculated | CVE-2018-19188 BID MISC MISC |
| amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | 2018-11-14 | not yet calculated | CVE-2018-19189 BID MISC |
| amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | 2018-11-14 | not yet calculated | CVE-2018-19190 BID MISC |
| amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | 2018-11-14 | not yet calculated | CVE-2018-19186 MISC |
| apache -- hadoop | Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 2018-11-13 | not yet calculated | CVE-2018-8009 BID MISC |
| apache -- qpid_proton-j | The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise. | 2018-11-13 | not yet calculated | CVE-2018-17187 BID MISC MISC MISC |
| baidu -- baidu_browser | Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-11-15 | not yet calculated | CVE-2018-0692 JVN |
| bakeshop_inventory_system_web_application -- bakeshop_inventory_system_web_application | Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | 2018-11-16 | not yet calculated | CVE-2018-18804 MISC EXPLOIT-DB |
| bluestacks -- bluestacks_app_player_for_windows_and_bluestacks_app_player_for_macos | BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. | 2018-11-15 | not yet calculated | CVE-2018-0701 JVN MISC |
| bsen_ordering_software_web_application -- bsen_ordering_software_web_application | The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | 2018-11-16 | not yet calculated | CVE-2018-18801 MISC EXPLOIT-DB |
| centreon -- centreon | Centreon 3.4.x allows SNMP trap SQL Injection. | 2018-11-14 | not yet calculated | CVE-2018-19281 MISC |
| centreon -- centreon | Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro. | 2018-11-14 | not yet calculated | CVE-2018-19280 MISC |
| centreon -- centreon | Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | 2018-11-16 | not yet calculated | CVE-2018-19312 MISC |
| centreon -- centreon | Centreon 3.4.x allows SQL Injection via the main.php searchH parameter. | 2018-11-14 | not yet calculated | CVE-2018-19271 MISC MISC |
| centreon -- centreon | Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | 2018-11-16 | not yet calculated | CVE-2018-19311 MISC |
| charles -- charles | An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked. | 2018-11-13 | not yet calculated | CVE-2018-19244 MISC |
| cisco -- advanced_malware_protection_for_endpoints_on_windows | A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability. | 2018-11-13 | not yet calculated | CVE-2018-15452 BID CISCO |
| ckeditor -- ckeditor | CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | 2018-11-14 | not yet calculated | CVE-2018-17960 MISC MISC |
| clippercms -- clippercms | ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | 2018-11-10 | not yet calculated | CVE-2018-19135 MISC EXPLOIT-DB |
curriculum_evaluation_system_web_application -- curriculum_evaluation_system_web_application | Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | 2018-11-16 | not yet calculated | CVE-2018-18803 MISC EXPLOIT-DB |
| cybozu -- garoon | Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0673 JVN MISC |
| dell_emc -- recoverpoint | Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. | 2018-11-13 | not yet calculated | CVE-2018-15771 BID SECTRACK FULLDISC |
| dell_emc -- recoverpoint | Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. | 2018-11-13 | not yet calculated | CVE-2018-15772 BID SECTRACK FULLDISC |
| dell_emc -- rsa_bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. | 2018-11-16 | not yet calculated | CVE-2018-15769 BID SECTRACK FULLDISC |
| digium -- asterisk | Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. | 2018-11-14 | not yet calculated | CVE-2018-19278 MISC MISC |
| dilicms -- dilicms | An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | 2018-11-15 | not yet calculated | CVE-2018-19291 MISC |
| domainmod -- domainmod | DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | 2018-11-09 | not yet calculated | CVE-2018-19136 MISC EXPLOIT-DB |
| eclipse -- mosquitto | In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit. | 2018-11-15 | not yet calculated | CVE-2018-12543 CONFIRM |
| ethereum -- go-ethereum | cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | 2018-11-11 | not yet calculated | CVE-2018-19184 MISC |
| ethereum -- py-evm | Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." | 2018-11-11 | not yet calculated | CVE-2018-18920 MISC MISC MISC MISC |
| ethereumjs -- ethereumjs-vm | ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. | 2018-11-11 | not yet calculated | CVE-2018-19183 MISC |
| feitian_japan -- securecore_standard_edition | SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | 2018-11-15 | not yet calculated | CVE-2018-16160 JVN |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue. | 2018-11-17 | not yet calculated | CVE-2018-19347 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5" issue. | 2018-11-17 | not yet calculated | CVE-2018-19348 MISC MISC MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue. | 2018-11-17 | not yet calculated | CVE-2018-19341 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue. | 2018-11-17 | not yet calculated | CVE-2018-19343 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75" issue. | 2018-11-17 | not yet calculated | CVE-2018-19344 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b" issue. | 2018-11-17 | not yet calculated | CVE-2018-19345 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue. | 2018-11-17 | not yet calculated | CVE-2018-19346 MISC MISC |
| foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x000000000000347a" issue. | 2018-11-17 | not yet calculated | CVE-2018-19342 MISC MISC MISC MISC |
| fxc -- multiple products | Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page. | 2018-11-15 | not yet calculated | CVE-2018-0679 JVN MISC |
| google -- android | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417 | 2018-11-14 | not yet calculated | CVE-2018-9540 BID CONFIRM |
| google -- android | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331 | 2018-11-14 | not yet calculated | CVE-2018-9521 BID CONFIRM |
| google -- android | In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 | 2018-11-14 | not yet calculated | CVE-2018-9539 BID CONFIRM |
| google -- android | In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251 | 2018-11-14 | not yet calculated | CVE-2018-9522 BID CONFIRM |
| google -- android | In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721 | 2018-11-14 | not yet calculated | CVE-2018-9528 CONFIRM |
| google -- android | In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 | 2018-11-14 | not yet calculated | CVE-2018-9527 BID CONFIRM |
| google -- android | In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | 2018-11-14 | not yet calculated | CVE-2018-9457 BID CONFIRM |
| google -- android | In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784 | 2018-11-14 | not yet calculated | CVE-2018-9545 BID CONFIRM |
| google -- android | In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564 | 2018-11-14 | not yet calculated | CVE-2018-9537 BID CONFIRM |
| google -- android | In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531 | 2018-11-14 | not yet calculated | CVE-2018-9541 BID CONFIRM |
| google -- android | In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | 2018-11-14 | not yet calculated | CVE-2018-9525 BID CONFIRM |
| google -- android | In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917 | 2018-11-14 | not yet calculated | CVE-2018-9532 CONFIRM |
| google -- android | In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359 | 2018-11-14 | not yet calculated | CVE-2018-9347 BID CONFIRM |
| google -- android | In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 | 2018-11-14 | not yet calculated | CVE-2018-9536 BID CONFIRM |
| google -- android | In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 | 2018-11-14 | not yet calculated | CVE-2018-9533 CONFIRM |
| google -- android | In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 | 2018-11-14 | not yet calculated | CVE-2018-9531 BID CONFIRM |
| google -- android | In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941 | 2018-11-14 | not yet calculated | CVE-2018-9534 CONFIRM |
| google -- android | In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 | 2018-11-14 | not yet calculated | CVE-2018-9524 BID CONFIRM |
| google -- android | A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | 2018-11-14 | not yet calculated | CVE-2018-9580 CONFIRM |
| google -- android | In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | 2018-11-14 | not yet calculated | CVE-2018-9526 BID CONFIRM |
| google -- android | In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 | 2018-11-14 | not yet calculated | CVE-2018-9523 BID CONFIRM |
| google -- android | In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715 | 2018-11-14 | not yet calculated | CVE-2018-9530 CONFIRM |
| google -- android | In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220 | 2018-11-14 | not yet calculated | CVE-2018-9544 BID CONFIRM |
| google -- android | In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861 | 2018-11-14 | not yet calculated | CVE-2018-9542 BID CONFIRM |
| google -- android | In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874 | 2018-11-14 | not yet calculated | CVE-2018-9529 CONFIRM |
| google -- android | In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010 | 2018-11-14 | not yet calculated | CVE-2018-9535 CONFIRM |
| google -- android | In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112868088 | 2018-11-14 | not yet calculated | CVE-2018-9543 BID CONFIRM |
google -- chrome | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6063 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6067 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6065 BID REDHAT CONFIRM MISC DEBIAN EXPLOIT-DB |
google -- chrome | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6064 BID REDHAT CONFIRM MISC DEBIAN EXPLOIT-DB |
google -- chrome | Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17474 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 2018-11-14 | not yet calculated | CVE-2018-6080 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6082 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6061 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17475 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6057 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17468 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6066 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17462 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17467 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17466 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17465 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6062 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2018-11-14 | not yet calculated | CVE-2018-17473 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17477 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17464 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17463 BID REDHAT CONFIRM MISC DEBIAN |
| google -- chrome | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2018-11-14 | not yet calculated | CVE-2018-6072 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17476 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6083 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6060 BID REDHAT CONFIRM MISC DEBIAN |
| google -- chrome | Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the |