SB18-323: Vulnerability Summary for the Week of November 12, 2018

Original release date: November 19, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
amazon — payfortThe Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.2018-11-14not yet calculatedCVE-2018-19187
BID
MISC
amazon — payfortThe Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter.2018-11-14not yet calculatedCVE-2018-19188
BID
MISC
MISC
amazon — payfortThe Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.2018-11-14not yet calculatedCVE-2018-19189
BID
MISC
amazon — payfortThe Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.2018-11-14not yet calculatedCVE-2018-19190
BID
MISC
amazon — payfort
 
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.2018-11-14not yet calculatedCVE-2018-19186
MISC
apache — hadoop
 
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.2018-11-13not yet calculatedCVE-2018-8009
BID
MISC
apache — qpid_proton-j
 
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the ‘transport.ssl(…)’ methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.2018-11-13not yet calculatedCVE-2018-17187
BID
MISC
MISC
MISC
baidu — baidu_browser
 
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-11-15not yet calculatedCVE-2018-0692
JVN
bakeshop_inventory_system_web_application — bakeshop_inventory_system_web_applicationBakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.2018-11-16not yet calculatedCVE-2018-18804
MISC
EXPLOIT-DB
bluestacks — bluestacks_app_player_for_windows_and_bluestacks_app_player_for_macos
 
BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.2018-11-15not yet calculatedCVE-2018-0701
JVN
MISC
bsen_ordering_software_web_application — bsen_ordering_software_web_applicationThe BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].2018-11-16not yet calculatedCVE-2018-18801
MISC
EXPLOIT-DB
centreon — centreonCentreon 3.4.x allows SNMP trap SQL Injection.2018-11-14not yet calculatedCVE-2018-19281
MISC
centreon — centreonCentreon 3.4.x has XSS via the resource name or macro expression of a poller macro.2018-11-14not yet calculatedCVE-2018-19280
MISC
centreon — centreon
 
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.2018-11-16not yet calculatedCVE-2018-19312
MISC
centreon — centreon
 
Centreon 3.4.x allows SQL Injection via the main.php searchH parameter.2018-11-14not yet calculatedCVE-2018-19271
MISC
MISC
centreon — centreon
 
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the “Monitoring > Status Details > Services” screen.2018-11-16not yet calculatedCVE-2018-19311
MISC
charles — charles
 
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a “Charles Settings.xml” file from an attacker, an intranet network may be accessed and information may be leaked.2018-11-13not yet calculatedCVE-2018-19244
MISC
cisco — advanced_malware_protection_for_endpoints_on_windows
 
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system’s scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability.2018-11-13not yet calculatedCVE-2018-15452
BID
CISCO
ckeditor — ckeditor
 
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.2018-11-14not yet calculatedCVE-2018-17960
MISC
MISC
clippercms — clippercms
 
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the “/assets/files” directory.2018-11-10not yet calculatedCVE-2018-19135
MISC
EXPLOIT-DB

curriculum_evaluation_system_web_application — curriculum_evaluation_system_web_application

Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.2018-11-16not yet calculatedCVE-2018-18803
MISC
EXPLOIT-DB
cybozu — garoon
 
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.2018-11-15not yet calculatedCVE-2018-0673
JVN
MISC
dell_emc — recoverpointDell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.2018-11-13not yet calculatedCVE-2018-15771
BID
SECTRACK
FULLDISC
dell_emc — recoverpoint
 
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.2018-11-13not yet calculatedCVE-2018-15772
BID
SECTRACK
FULLDISC
dell_emc — rsa_bsafe_micro_edition_suiteRSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.2018-11-16not yet calculatedCVE-2018-15769
BID
SECTRACK
FULLDISC
digium — asterisk
 
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.2018-11-14not yet calculatedCVE-2018-19278
MISC
MISC
dilicms — dilicms
 
An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.2018-11-15not yet calculatedCVE-2018-19291
MISC
domainmod — domainmod
 
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.2018-11-09not yet calculatedCVE-2018-19136
MISC
EXPLOIT-DB
eclipse — mosquitto
 
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.2018-11-15not yet calculatedCVE-2018-12543
CONFIRM
ethereum — go-ethereumcmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.2018-11-11not yet calculatedCVE-2018-19184
MISC
ethereum — py-evmPy-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with ‘”stack”: [100, 100, 0]’ where b’x’ was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to “smart contracts can be executed indefinitely without gas being paid.”2018-11-11not yet calculatedCVE-2018-18920
MISC
MISC
MISC
MISC
ethereumjs — ethereumjs-vm
 
ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a “code: Buffer.from(my_code, ‘hex’)” attribute.2018-11-11not yet calculatedCVE-2018-19183
MISC
feitian_japan — securecore_standard_edition
 
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product ‘s authentication to log in to a Windows PC.2018-11-15not yet calculatedCVE-2018-16160
JVN
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb” issue.2018-11-17not yet calculatedCVE-2018-19347
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5” issue.2018-11-17not yet calculatedCVE-2018-19348
MISC
MISC
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue.2018-11-17not yet calculatedCVE-2018-19341
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a “Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff” issue.2018-11-17not yet calculatedCVE-2018-19343
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75” issue.2018-11-17not yet calculatedCVE-2018-19344
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b” issue.2018-11-17not yet calculatedCVE-2018-19345
MISC
MISC
foxit_software — foxit_readerThe u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea” issue.2018-11-17not yet calculatedCVE-2018-19346
MISC
MISC
foxit_software — foxit_reader
 
The u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a “Read Access Violation starting at U3DBrowser+0x000000000000347a” issue.2018-11-17not yet calculatedCVE-2018-19342
MISC
MISC
MISC
MISC
fxc — multiple products
 
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.2018-11-15not yet calculatedCVE-2018-0679
JVN
MISC
google — androidIn avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1114504172018-11-14not yet calculatedCVE-2018-9540
BID
CONFIRM
google — androidIn parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1118743312018-11-14not yet calculatedCVE-2018-9521
BID
CONFIRM
google — androidIn the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-1130273832018-11-14not yet calculatedCVE-2018-9539
BID
CONFIRM
google — androidIn the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1125502512018-11-14not yet calculatedCVE-2018-9522
BID
CONFIRM
google — androidIn ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1125517212018-11-14not yet calculatedCVE-2018-9528
CONFIRM
google — androidIn vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1121593452018-11-14not yet calculatedCVE-2018-9527
BID
CONFIRM
google — androidIn onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-728723762018-11-14not yet calculatedCVE-2018-9457
BID
CONFIRM
google — androidIn BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1131117842018-11-14not yet calculatedCVE-2018-9545
BID
CONFIRM
google — androidIn CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1128915642018-11-14not yet calculatedCVE-2018-9537
BID
CONFIRM
google — androidIn avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1114505312018-11-14not yet calculatedCVE-2018-9541
BID
CONFIRM
google — androidIn the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1113306412018-11-14not yet calculatedCVE-2018-9525
BID
CONFIRM
google — androidIn ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1127659172018-11-14not yet calculatedCVE-2018-9532
CONFIRM
google — androidIn function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-686643592018-11-14not yet calculatedCVE-2018-9347
BID
CONFIRM
google — androidIn numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1126621842018-11-14not yet calculatedCVE-2018-9536
BID
CONFIRM
google — androidIn ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1127665202018-11-14not yet calculatedCVE-2018-9533
CONFIRM
google — androidIn AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1126616412018-11-14not yet calculatedCVE-2018-9531
BID
CONFIRM
google — androidIn ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1128579412018-11-14not yet calculatedCVE-2018-9534
CONFIRM
google — androidIn functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-341708702018-11-14not yet calculatedCVE-2018-9524
BID
CONFIRM
google — androidA Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.2018-11-14not yet calculatedCVE-2018-9580
CONFIRM
google — androidIn device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1121590332018-11-14not yet calculatedCVE-2018-9526
BID
CONFIRM
google — androidIn Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1128596042018-11-14not yet calculatedCVE-2018-9523
BID
CONFIRM
google — androidIn ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1126097152018-11-14not yet calculatedCVE-2018-9530
CONFIRM
google — androidIn register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1130372202018-11-14not yet calculatedCVE-2018-9544
BID
CONFIRM
google — androidIn avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1118968612018-11-14not yet calculatedCVE-2018-9542
BID
CONFIRM
google — androidIn ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1125518742018-11-14not yet calculatedCVE-2018-9529
CONFIRM
google — androidIn ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1128580102018-11-14not yet calculatedCVE-2018-9535
CONFIRM
google — androidIn f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1128680882018-11-14not yet calculatedCVE-2018-9543
BID
CONFIRM

google — chrome

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6063
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6067
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6065
BID
REDHAT
CONFIRM
MISC
DEBIAN
EXPLOIT-DB

google — chrome

Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6064
BID
REDHAT
CONFIRM
MISC
DEBIAN
EXPLOIT-DB

google — chrome

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17474
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .2018-11-14not yet calculatedCVE-2018-6080
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6082
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6061
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17475
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6057
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17468
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6066
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17462
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17467
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17466
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17465
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6062
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.2018-11-14not yet calculatedCVE-2018-17473
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17477
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17464
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17463
BID
REDHAT
CONFIRM
MISC
DEBIAN
google — chromeAn integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-11-14not yet calculatedCVE-2018-6072
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-17476
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6083
BID
REDHAT
CONFIRM
MISC
DEBIAN

google — chrome

Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-11-14not yet calculatedCVE-2018-6060
BID
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome
 
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the