CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2018(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-19966 436 DoS +Priv 2018-12-08 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
2 CVE-2018-19963 617 DoS +Priv 2018-12-08 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
3 CVE-2018-19962 200 +Priv +Info 2018-12-08 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
4 CVE-2018-19961 459 +Priv 2018-12-08 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
5 CVE-2018-18810 +Priv 2018-12-11 2020-08-24
4.0
None Remote Low ??? Partial None None
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0.
6 CVE-2018-18629 426 +Priv 2018-12-20 2019-02-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
7 CVE-2018-18555 78 +Priv 2018-12-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
8 CVE-2018-18093 732 +Priv 2018-12-14 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
9 CVE-2018-16861 79 Exec Code +Priv XSS CSRF 2018-12-07 2019-05-14
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
10 CVE-2018-15774 863 +Priv 2018-12-13 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
11 CVE-2018-15718 200 +Priv +Info 2018-12-12 2019-10-09
5.0
None Remote Low Not required Partial None None
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
12 CVE-2018-9577 787 Exec Code +Priv 2018-12-07 2019-11-13
9.3
None Remote Medium Not required Complete Complete Complete
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
13 CVE-2018-9569 787 Exec Code +Priv 2018-12-07 2019-11-13
9.3
None Remote Medium Not required Complete Complete Complete
In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.
14 CVE-2018-7065 89 +Priv Sql 2018-12-07 2019-02-05
6.5
None Remote Low ??? Partial Partial Partial
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
15 CVE-2018-1901 +Priv 2018-12-12 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.
16 CVE-2018-1840 668 +Priv 2018-12-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.
Total number of vulnerabilities : 16   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.