CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2018-9590 125 2019-02-11 2019-02-12
5.0
None Remote Low Not required Partial None None
In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-115900043.
752 CVE-2018-9589 125 2019-02-11 2019-02-12
2.1
None Local Low Not required Partial None None
In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132.
753 CVE-2018-9588 125 2019-02-11 2019-02-12
3.3
None Local Network Low Not required Partial None None
In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156.
754 CVE-2018-9587 552 2019-02-11 2019-10-03
4.4
None Local Medium Not required Partial Partial Partial
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.
755 CVE-2018-9586 362 2019-02-11 2019-02-12
4.4
None Local Medium Not required Partial Partial Partial
In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444.
756 CVE-2018-9585 787 2019-02-11 2019-02-12
4.6
None Local Low Not required Partial Partial Partial
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.
757 CVE-2018-9584 787 2019-02-11 2019-02-12
4.6
None Local Low Not required Partial Partial Partial
In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.
758 CVE-2018-9583 787 Exec Code 2019-02-11 2019-02-14
10.0
None Remote Low Not required Complete Complete Complete
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487.
759 CVE-2018-9582 610 Bypass 2019-02-11 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362.
760 CVE-2018-9190 476 DoS 2019-02-08 2019-06-03
4.9
None Local Low Not required None None Complete
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
761 CVE-2018-8800 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
762 CVE-2018-8799 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
763 CVE-2018-8798 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
764 CVE-2018-8797 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
765 CVE-2018-8796 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).
766 CVE-2018-8795 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
767 CVE-2018-8794 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
768 CVE-2018-8793 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
769 CVE-2018-8792 125 DoS 2019-02-05 2019-09-15
5.0
None Remote Low Not required None None Partial
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).
770 CVE-2018-8791 125 +Info 2019-02-05 2019-09-15
5.0
None Remote Low Not required Partial None None
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.
771 CVE-2018-7839 310 2019-02-06 2019-06-07
2.1
None Local Low Not required Partial None None
A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.
772 CVE-2018-7817 416 Exec Code 2019-02-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file.
773 CVE-2018-7815 704 Exec Code 2019-02-06 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file
774 CVE-2018-7814 787 Exec Code Overflow 2019-02-06 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file
775 CVE-2018-7813 704 Exec Code 2019-02-06 2019-02-07
6.8
None Remote Medium Not required Partial Partial Partial
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file
776 CVE-2018-6687 835 2019-02-21 2020-08-24
4.3
None Remote Medium Not required None None Partial
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
777 CVE-2018-6271 119 DoS Overflow 2019-02-13 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
778 CVE-2018-6268 416 DoS 2019-02-13 2019-04-02
9.3
None Remote Medium Not required Complete Complete Complete
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.
779 CVE-2018-6267 20 DoS 2019-02-13 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.
780 CVE-2018-5839 269 2019-02-25 2019-10-03
6.6
None Local Low Not required Complete Complete None
Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130.
781 CVE-2018-5819 400 2019-02-20 2019-05-21
7.8
None Remote Low Not required None None Complete
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
782 CVE-2018-5818 835 2019-02-20 2020-08-24
5.0
None Remote Low Not required None None Partial
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
783 CVE-2018-5817 704 2019-02-20 2019-05-21
5.0
None Remote Low Not required None None Partial
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
784 CVE-2018-5499 20 DoS 2019-02-12 2019-02-13
5.0
None Remote Low Not required None None Partial
ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS).
785 CVE-2018-5498 20 DoS 2019-02-01 2019-02-05
3.5
None Remote Medium ??? None None Partial
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.
786 CVE-2018-4056 89 Sql Bypass 2019-02-05 2019-02-20
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
787 CVE-2018-3991 787 Exec Code Overflow 2019-02-05 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
788 CVE-2018-3990 119 Overflow Mem. Corr. 2019-02-05 2019-05-14
7.2
None Local Low Not required Complete Complete Complete
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.
789 CVE-2018-3989 908 2019-02-05 2020-08-24
2.1
None Local Low Not required Partial None None
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
790 CVE-2018-3980 787 Exec Code 2019-02-06 2020-06-22
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
791 CVE-2018-3976 787 Exec Code 2019-02-06 2020-06-22
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.
792 CVE-2018-3973 787 Exec Code 2019-02-06 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
793 CVE-2018-3700 94 2019-02-18 2019-02-20
4.6
None Local Low Not required Partial Partial Partial
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.
794 CVE-2018-2006 22 Dir. Trav. 2019-02-21 2019-10-09
4.0
None Remote Low ??? None Partial None
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.
795 CVE-2018-1996 327 +Info 2019-02-19 2020-08-24
3.5
None Remote Medium ??? Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
796 CVE-2018-1970 611 2019-02-04 2019-10-09
5.5
None Remote Low ??? Partial None Partial
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
797 CVE-2018-1962 384 2019-02-04 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
798 CVE-2018-1950 200 +Info 2019-02-21 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430.
799 CVE-2018-1949 200 +Info 2019-02-21 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
800 CVE-2018-1948 384 2019-02-21 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.
Total number of vulnerabilities : 839   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.