|
|
Security Vulnerabilities Published
In September 2018
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
851 |
CVE-2018-8455 |
404 |
|
|
2018-09-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. |
|
852 |
CVE-2018-8452 |
200 |
|
+Info |
2018-09-13 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. |
|
853 |
CVE-2018-8449 |
367 |
|
Bypass |
2018-09-13 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
|
854 |
CVE-2018-8447 |
787 |
|
Exec Code Mem. Corr. |
2018-09-13 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461. |
|
855 |
CVE-2018-8446 |
200 |
|
+Info |
2018-09-13 |
2018-11-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445. |
|
856 |
CVE-2018-8445 |
200 |
|
+Info |
2018-09-13 |
2022-05-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446. |
|
857 |
CVE-2018-8444 |
200 |
|
+Info |
2018-09-13 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2. |
|
858 |
CVE-2018-8443 |
200 |
|
+Info |
2018-09-13 |
2018-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446. |
|
859 |
CVE-2018-8442 |
200 |
|
+Info |
2018-09-13 |
2018-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. |
|
860 |
CVE-2018-8441 |
190 |
|
Overflow |
2018-09-13 |
2018-11-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. |
|
861 |
CVE-2018-8440 |
|
|
|
2018-09-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
862 |
CVE-2018-8439 |
20 |
|
Exec Code |
2018-09-13 |
2018-11-19 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965. |
|
863 |
CVE-2018-8438 |
20 |
|
DoS |
2018-09-13 |
2018-11-02 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. |
|
864 |
CVE-2018-8437 |
20 |
|
DoS |
2018-09-13 |
2018-11-02 |
5.5 |
None |
Local Network |
Low |
??? |
None |
None |
Complete |
|
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438. |
|
865 |
CVE-2018-8436 |
20 |
|
DoS |
2018-09-13 |
2018-11-02 |
5.5 |
None |
Local Network |
Low |
??? |
None |
None |
Complete |
|
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438. |
|
866 |
CVE-2018-8435 |
331 |
|
Bypass |
2018-09-13 |
2019-10-03 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
Partial |
None |
|
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
|
867 |
CVE-2018-8434 |
200 |
|
+Info |
2018-09-13 |
2021-09-13 |
5.2 |
None |
Local Network |
Medium |
??? |
Complete |
None |
None |
|
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
868 |
CVE-2018-8433 |
200 |
|
+Info |
2018-09-13 |
2018-11-20 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
869 |
CVE-2018-8431 |
79 |
|
XSS |
2018-09-13 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428. |
|
870 |
CVE-2018-8430 |
|
|
Exec Code |
2018-09-13 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office. |
|
871 |
CVE-2018-8429 |
200 |
|
+Info |
2018-09-13 |
2018-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. |
|
872 |
CVE-2018-8428 |
79 |
|
XSS |
2018-09-13 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8431. |
|
873 |
CVE-2018-8426 |
79 |
|
XSS |
2018-09-13 |
2018-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. |
|
874 |
CVE-2018-8425 |
290 |
|
|
2018-09-13 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. |
|
875 |
CVE-2018-8424 |
200 |
|
+Info |
2018-09-13 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422. |
|
876 |
CVE-2018-8422 |
200 |
|
+Info |
2018-09-13 |
2018-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424. |
|
877 |
CVE-2018-8421 |
20 |
|
Exec Code |
2018-09-13 |
2022-05-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. |
|
878 |
CVE-2018-8420 |
611 |
|
Exec Code |
2018-09-13 |
2018-11-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
879 |
CVE-2018-8419 |
665 |
|
|
2018-09-13 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. |
|
880 |
CVE-2018-8410 |
404 |
|
|
2018-09-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
881 |
CVE-2018-8409 |
|
|
DoS |
2018-09-13 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. |
|
882 |
CVE-2018-8393 |
|
|
Exec Code Overflow |
2018-09-13 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392. |
|
883 |
CVE-2018-8392 |
|
|
Exec Code Overflow |
2018-09-13 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. |
|
884 |
CVE-2018-8391 |
787 |
|
Exec Code Mem. Corr. |
2018-09-13 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. |
|
885 |
CVE-2018-8367 |
787 |
|
Exec Code Mem. Corr. |
2018-09-13 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467. |
|
886 |
CVE-2018-8366 |
200 |
|
+Info |
2018-09-13 |
2018-11-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. |
|
887 |
CVE-2018-8354 |
787 |
|
Exec Code Mem. Corr. |
2018-09-13 |
2020-08-24 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. |
|
888 |
CVE-2018-8337 |
178 |
|
Bypass |
2018-09-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. |
|
889 |
CVE-2018-8336 |
200 |
|
+Info |
2018-09-13 |
2018-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. |
|
890 |
CVE-2018-8335 |
|
|
DoS |
2018-09-13 |
2020-08-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. |
|
891 |
CVE-2018-8332 |
|
|
Exec Code |
2018-09-13 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. |
|
892 |
CVE-2018-8331 |
|
|
Exec Code |
2018-09-13 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. |
|
893 |
CVE-2018-8315 |
200 |
|
+Info |
2018-09-13 |
2018-10-31 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. |
|
894 |
CVE-2018-8271 |
200 |
|
+Info |
2018-09-13 |
2018-11-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
895 |
CVE-2018-8269 |
|
|
DoS |
2018-09-13 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData. |
|
896 |
CVE-2018-8041 |
22 |
|
Dir. Trav. |
2018-09-17 |
2019-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. |
|
897 |
CVE-2018-8023 |
200 |
|
+Info |
2018-09-21 |
2020-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value. |
|
898 |
CVE-2018-8017 |
835 |
|
|
2018-09-19 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. |
|
899 |
CVE-2018-7991 |
|
|
Bypass |
2018-09-18 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. |
|
900 |
CVE-2018-7990 |
|
|
Bypass |
2018-09-04 |
2019-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. |
|
|
