National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 6 hours 38 min ago

CVE-2018-9526

Wed, 11/14/2018 - 13:29
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033
Categories: Security News

CVE-2018-9527

Wed, 11/14/2018 - 13:29
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345
Categories: Security News

CVE-2018-9528

Wed, 11/14/2018 - 13:29
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721
Categories: Security News

CVE-2018-9529

Wed, 11/14/2018 - 13:29
In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874
Categories: Security News

CVE-2018-9530

Wed, 11/14/2018 - 13:29
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715
Categories: Security News

CVE-2018-9531

Wed, 11/14/2018 - 13:29
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641
Categories: Security News

CVE-2018-9532

Wed, 11/14/2018 - 13:29
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917
Categories: Security News

CVE-2018-9533

Wed, 11/14/2018 - 13:29
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520
Categories: Security News

CVE-2018-9534

Wed, 11/14/2018 - 13:29
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941
Categories: Security News

CVE-2018-9535

Wed, 11/14/2018 - 13:29
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010
Categories: Security News

CVE-2018-9536

Wed, 11/14/2018 - 13:29
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184
Categories: Security News

CVE-2018-9537

Wed, 11/14/2018 - 13:29
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564
Categories: Security News

CVE-2018-9539

Wed, 11/14/2018 - 13:29
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383
Categories: Security News

CVE-2018-9540

Wed, 11/14/2018 - 13:29
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417
Categories: Security News

CVE-2018-6081

Wed, 11/14/2018 - 10:29
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Categories: Security News

CVE-2018-6082

Wed, 11/14/2018 - 10:29
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Categories: Security News

CVE-2018-6083

Wed, 11/14/2018 - 10:29
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
Categories: Security News

CVE-2018-7357

Wed, 11/14/2018 - 10:29
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
Categories: Security News

CVE-2018-7358

Wed, 11/14/2018 - 10:29
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
Categories: Security News

CVE-2018-6060

Wed, 11/14/2018 - 10:29
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

Pages