The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-19281 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | HIGH | Nov 14, 2018 |
| CVE-2018-3621 | Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | LOW | Nov 14, 2018 |
| CVE-2018-3635 | Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | MEDIUM | Nov 14, 2018 |
| CVE-2018-3696 | Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | LOW | Nov 14, 2018 |
| CVE-2018-3697 | Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. | MEDIUM | Nov 14, 2018 |
| CVE-2018-3698 | Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | MEDIUM | Nov 14, 2018 |
| CVE-2018-3699 | Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. | MEDIUM | Nov 14, 2018 |
| CVE-2018-5495 | All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. | HIGH | Nov 14, 2018 |
| CVE-2018-6057 | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6060 | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6061 | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6062 | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6063 | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6064 | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6065 | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6066 | Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6067 | Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6068 | Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6069 | Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6070 | Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6071 | An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6072 | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6073 | A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6074 | Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6075 | Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6076 | Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6077 | Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6078 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6079 | Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6080 | Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | MEDIUM | Nov 14, 2018 |
| CVE-2018-6081 | XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6082 | Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-6083 | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | MEDIUM | Nov 14, 2018 |
| CVE-2018-7357 | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | LOW | Nov 14, 2018 |
| CVE-2018-7358 | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | MEDIUM | Nov 14, 2018 |
| CVE-2018-9347 | In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9457 | In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | LOW | Nov 14, 2018 |
| CVE-2018-9521 | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331 | HIGH | Nov 14, 2018 |
| CVE-2018-9522 | In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251 | HIGH | Nov 14, 2018 |
| CVE-2018-9523 | In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 | HIGH | Nov 14, 2018 |
| CVE-2018-9524 | In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9525 | In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | HIGH | Nov 14, 2018 |
| CVE-2018-9526 | In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9527 | In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 | HIGH | Nov 14, 2018 |
| CVE-2018-9528 | In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9529 | In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9530 | In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9531 | In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 | HIGH | Nov 14, 2018 |
| CVE-2018-9532 | In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917 | MEDIUM | Nov 14, 2018 |
| CVE-2018-9533 | In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 | MEDIUM | Nov 14, 2018 |
