SB19-049: Vulnerability Summary for the Week of February 11, 2019

US-CERT All NCAS Products - Mon, 02/18/2019 - 18:01
Original release date: February 18, 2019 | Last revised: February 19, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabbyy -- flexicaptureMultiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.2019-02-097.5CVE-2018-13792
CONFIRMaveva -- indusoft_web_studioAVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.2019-02-1210.0CVE-2019-6543
MISC
EXPLOIT-DB
MISCaveva -- indusoft_web_studioAVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.2019-02-1210.0CVE-2019-6545
MISC
EXPLOIT-DB
MISCcim_project -- ciminstall/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.2019-02-107.5CVE-2019-7692
MISCdlink -- dir-600m_firmwareD-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.2019-02-117.5CVE-2019-7736
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.2019-02-129.0CVE-2019-8312
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.2019-02-129.0CVE-2019-8313
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field.2019-02-129.0CVE-2019-8314
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field.2019-02-129.0CVE-2019-8315
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field.2019-02-129.0CVE-2019-8316
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.2019-02-129.0CVE-2019-8318
MISCdlink -- dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field.2019-02-129.0CVE-2019-8319
MISCgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.2019-02-117.2CVE-2018-11962
BID
CONFIRMgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.2019-02-117.2CVE-2018-12014
BID
CONFIRMgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed2019-02-117.2CVE-2018-13889
BID
CONFIRMgoogle -- androidNVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.2019-02-139.3CVE-2018-6267
BID
CONFIRMgoogle -- androidNVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.2019-02-139.3CVE-2018-6268
BID
CONFIRMgoogle -- androidNVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.2019-02-139.3CVE-2018-6271
BID
CONFIRMgoogle -- androidIn bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487.2019-02-1110.0CVE-2018-9583
BID
CONFIRMjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.2019-02-127.5CVE-2019-7743
BID
MISCmobotix -- s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.2019-02-0910.0CVE-2009-5154
MISC
MISCmywebsql -- mywebsqlMyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.2019-02-117.5CVE-2019-7731
MISCnibbleblog -- nibbleblogNibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.2019-02-107.5CVE-2019-7719
MISCpocoo -- jinja2An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.2019-02-157.5CVE-2019-8341
MISC
EXPLOIT-DBqualcomm -- mdm9206_firmwareThere is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605.2019-02-117.2CVE-2018-13888
BID
CONFIRMqualcomm -- mdm9607_firmwareUnauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016.2019-02-117.2CVE-2018-11888
BID
CONFIRMtaogogo -- taocmstaocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.2019-02-107.5CVE-2019-7720
MISCtraq -- traqTraq 3.7.1 allows SQL Injection via a tickets?search= URI.2019-02-107.5CVE-2018-20779
MISCwe-con -- levistudiouSeveral heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-129.3CVE-2019-6539
BID
MISCwebassembly -- binaryenAn assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.2019-02-097.1CVE-2019-7662
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- cp400pb_firmwareThe TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.2019-02-136.8CVE-2018-19008
BID
MISCapache -- jspwikiA carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.2019-02-114.3CVE-2018-20242
BID
MLISTatlassian -- confluenceAtlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.2019-02-134.0CVE-2018-20237
BID
CONFIRMatlassian -- crowdVarious rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.2019-02-135.5CVE-2018-20238
BID
CONFIRMatto -- fibrebridge_7500n_firmwareATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS).2019-02-125.0CVE-2018-5499
CONFIRMaxiositalia -- registro_elettronicoAxios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.2019-02-104.3CVE-2019-7693
MISC
MISCaxiosys -- bento4An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.2019-02-104.3CVE-2019-7697
MISCaxiosys -- bento4An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.2019-02-104.3CVE-2019-7698
MISCaxiosys -- bento4A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.2019-02-104.3CVE-2019-7699
MISCbeescms -- beescmsBEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.2019-02-156.8CVE-2019-8347
MISCdbninja -- dbninjaDbNinja 3.2.7 allows session fixation via the data.php sessid parameter.2019-02-116.8CVE-2019-7747
MISCdbninja -- dbninja_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.2019-02-114.3CVE-2019-7748
MISCelfutils_project -- elfutilsIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).2019-02-094.3CVE-2019-7664
MISCelfutils_project -- elfutilsIn elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.2019-02-094.3CVE-2019-7665
MISC
MISCenigmail -- enigmailEnigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.2019-02-114.3CVE-2018-15586
MISCestrongs -- es_file_explorer_file_managerThe Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.2019-02-154.3CVE-2019-8345
MISCf5 -- big-ip_access_policy_managerOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.2019-02-134.3CVE-2019-6589
CONFIRMfrog_cms_project -- frog_cmsFrog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.2019-02-106.5CVE-2018-20772
MISCfrog_cms_project -- frog_cmsFrog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.2019-02-106.5CVE-2018-20773
MISCfrog_cms_project -- frog_cmsadmin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.2019-02-106.5CVE-2018-20775
MISCfrog_cms_project -- frog_cmsFrog CMS 0.9.5 provides a directory listing for a /public request.2019-02-105.0CVE-2018-20776
MISCfrog_cms_project -- frog_cmsadmin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.2019-02-104.3CVE-2018-20778
MISCgnome -- evolutionGNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.2019-02-114.3CVE-2018-15587
MISCgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.2019-02-114.6CVE-2018-12010
CONFIRMgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.2019-02-114.6CVE-2018-13893
CONFIRMgoogle -- androidIn package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362.2019-02-114.6CVE-2018-9582
BID
CONFIRMgoogle -- androidIn nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.2019-02-114.6CVE-2018-9584
BID
CONFIRMgoogle -- androidIn nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.2019-02-114.6CVE-2018-9585
BID
CONFIRMgoogle -- androidIn run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444.2019-02-114.4CVE-2018-9586
BID
CONFIRMgoogle -- androidIn savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.2019-02-114.4CVE-2018-9587
BID
CONFIRMgoogle -- androidIn add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-115900043.2019-02-115.0CVE-2018-9590
BID
CONFIRMgoogle -- androidIn bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116108738.2019-02-115.0CVE-2018-9591
BID
CONFIRMgoogle -- androidIn mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076.2019-02-115.0CVE-2018-9592
BID
CONFIRMhotels_server_project -- hotels_servercontroller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.2019-02-085.0CVE-2019-7648
MISChousegate -- house_gateDirectory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2019-02-135.0CVE-2019-5910
JVNjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.2019-02-124.3CVE-2019-7739
BID
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.2019-02-124.3CVE-2019-7740
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.2019-02-124.3CVE-2019-7741
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.2019-02-124.3CVE-2019-7742
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.2019-02-124.3CVE-2019-7744
MISClexmark -- 6500e_firmwareCertain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.2019-02-116.4CVE-2019-6489
CONFIRMlibtiff -- libtiffAn Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.2019-02-094.3CVE-2019-7663
MISC
MLISTlinux -- linux_kernelIn the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.2019-02-155.8CVE-2019-6974
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DBlive555 -- streaming_mediaIn Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.2019-02-115.0CVE-2019-7732
MISClive555 -- streaming_mediaIn Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.2019-02-115.0CVE-2019-7733
MISCmetinfo -- metinfoAn issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.2019-02-106.8CVE-2019-7718
MISCmobotix -- s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.2019-02-095.0CVE-2019-7673
MISCmobotix -- s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.2019-02-095.0CVE-2019-7674
MISCmobotix -- s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.2019-02-095.0CVE-2019-7675
MISCmywebsql -- mywebsqlMyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.2019-02-114.9CVE-2019-7730
MISCnasm -- netwide_assemblerIn Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.2019-02-156.8CVE-2019-8343
MISCnconsulting -- nc-cmslib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.2019-02-105.0CVE-2019-7721
MISCnttdocomo -- v20_pro_l-01j_firmwareV20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.2019-02-135.7CVE-2019-5914
JVN
MISComron -- cx-supervisorAn access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-02-126.0CVE-2018-19018
MISCqualcomm -- mdm9206_firmwareWhile processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.2019-02-114.6CVE-2018-11899
CONFIRMrarlab -- winrarIn WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.2019-02-126.8CVE-2018-20253
MISCschoolcms -- schoolcmsAn issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].2019-02-134.3CVE-2019-8334
MISCschoolcms -- schoolcmsAn issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].2019-02-134.3CVE-2019-8335
MISCsymantec -- ghost_solution_suiteSymantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.2019-02-086.0CVE-2018-18364
BID
CONFIRMtraq -- traqTraq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).2019-02-106.8CVE-2018-20780
MISCverydows -- verydowsA CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.2019-02-116.8CVE-2019-7737
MISCverydows -- verydowsVerydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.2019-02-124.3CVE-2019-7753
MISCwe-con -- levistudiouA memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-126.8CVE-2019-6541
BID
MISCwebassembly -- binaryenA heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.2019-02-104.3CVE-2019-7700
MISCwebassembly -- binaryenA heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.2019-02-104.3CVE-2019-7701
MISCwebassembly -- binaryenA NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.2019-02-104.3CVE-2019-7702
MISCwebassembly -- binaryenIn Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.2019-02-104.3CVE-2019-7703
MISCwebassembly -- binaryenwasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.2019-02-104.3CVE-2019-7704
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoatlassian -- jiraThe two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.2019-02-133.5CVE-2018-13403
CONFIRMatlassian -- jiraThe labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.2019-02-133.5CVE-2018-20232
BID
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.2019-02-083.5CVE-2019-1673
BID
CISCOfrog_cms_project -- frog_cmsFrog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.2019-02-103.5CVE-2018-20774
MISCfrog_cms_project -- frog_cmsFrog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.2019-02-103.5CVE-2018-20777
MISCgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.2019-02-112.1CVE-2018-12006
CONFIRMgoogle -- androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.2019-02-112.1CVE-2018-12011
CONFIRMgoogle -- androidIn avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156.2019-02-113.3CVE-2018-9588
BID
CONFIRMgoogle -- androidIn ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132.2019-02-112.1CVE-2018-9589
BID
CONFIRMgoogle -- androidIn llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.2019-02-113.3CVE-2018-9593
BID
CONFIRMgoogle -- androidIn llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.2019-02-113.3CVE-2018-9594
BID
CONFIRMmcafee -- true_keyData Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.2019-02-132.1CVE-2019-3610
CONFIRMomron -- cx-supervisorWhen CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.2019-02-123.5CVE-2018-19020
MISCsap -- business_oneUnder certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.2019-02-152.1CVE-2019-0256
BID
MISC
MISCtenable -- nessusNessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.2019-02-113.5CVE-2019-3923
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvancecomp -- advancecompAn issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.2019-02-16not yet calculatedCVE-2019-8383
MISC
MISCadvancecomp -- advancecomp
 An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.2019-02-16not yet calculatedCVE-2019-8379
MISC
MISCamazon -- fire_osAmazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.2019-02-16not yet calculatedCVE-2019-7399
BID
MISCatlassian -- jira
 The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.2019-02-13not yet calculatedCVE-2018-13404
CONFIRMbento4 -- bento4An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8382
MISC
MISCbento4 -- bento4An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8380
MISC
MISCbento4 -- bento4
 An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8378
MISC
MISCbitcoin -- bitcoin_core_and_bitcoin_knots
 Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.2019-02-11not yet calculatedCVE-2018-20587
MISC
MISCc.p.sub_project -- c.p.subC.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.2019-02-11not yet calculatedCVE-2019-7738
MISC
MISCcisco -- meeting_server
 A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.2019-02-08not yet calculatedCVE-2019-1676
BID
CISCOcisco -- network_assurance_engine
 A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).2019-02-12not yet calculatedCVE-2019-1688
BID
CISCOcloud_foundry -- credhub_cli
 Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.2019-02-13not yet calculatedCVE-2019-3782
BID
CONFIRMd-circle -- power_eggInput validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.2019-02-13not yet calculatedCVE-2019-5916
JVN
MISCd-link -- dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.2019-02-16not yet calculatedCVE-2019-8392
MISCd-link -- dir-878_devicesAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.2019-02-12not yet calculatedCVE-2019-8317
MISCdedecms -- dedecms
 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).2019-02-16not yet calculatedCVE-2019-8362
MISCdell -- wyse_password_encoder
 The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.2019-02-13not yet calculatedCVE-2018-15781
MISCdjango -- djangoDjango 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.2019-02-11not yet calculatedCVE-2019-6975
BID
MISC
MISC
UBUNTU
MISC
MISCdundas_data_visualization -- dundas_bi
 The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks.2019-02-11not yet calculatedCVE-2018-18569
MISCeclipse -- openj9
 In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.2019-02-11not yet calculatedCVE-2018-12547
CONFIRMeclipse -- openj9
 In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.2019-02-11not yet calculatedCVE-2018-12549
CONFIRMenphase_energy -- envoyXSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7677
MISC
MISCenphase_energy -- envoyA directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7678
MISC
MISCflatpak -- flatpakFlatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.2019-02-12not yet calculatedCVE-2019-8308
MISC
MISC
MISCfreebsd -- freebsdIn FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.2019-02-12not yet calculatedCVE-2019-5596
FREEBSDfreebsd -- freebsdIn FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.2019-02-12not yet calculatedCVE-2019-5595
FREEBSDgenivia -- gsoapGenivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.2019-02-09not yet calculatedCVE-2019-7659
CONFIRMgnome -- keyring
 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.2019-02-12not yet calculatedCVE-2018-20781
MISC
MISC
MISC
MISChgiga -- oaklouds_mailsherlock
 SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.2019-02-11not yet calculatedCVE-2018-17542
CONFIRM
CONFIRMhiawatha -- hiawatha
 In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.2019-02-16not yet calculatedCVE-2019-8358
CONFIRMibm -- qradar_siem
 IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.2019-02-15not yet calculatedCVE-2017-1695
XF
CONFIRMibm -- infosphere_information_server
 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.2019-02-15not yet calculatedCVE-2018-1895
CONFIRM
XFibm -- infosphere_information_server
 IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.2019-02-15not yet calculatedCVE-2018-1701
XF
CONFIRMibm -- infosphere_information_server
 IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.2019-02-15not yet calculatedCVE-2018-1727
XF
CONFIRMibm -- rational_clearcase
 IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.2019-02-15not yet calculatedCVE-2019-4059
XF
CONFIRMjforum -- jforumIn JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.2019-02-12not yet calculatedCVE-2019-7550
MISCkunbus -- pr100088_modbus_gatewayAn attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.2019-02-12not yet calculatedCVE-2019-6549
MISCkunbus -- pr100088_modbus_gatewayRegisters used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).2019-02-12not yet calculatedCVE-2019-6533
MISCkunbus -- pr100088_modbus_gatewayPR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.2019-02-12not yet calculatedCVE-2019-6527
MISCmailmate -- mailmate
 MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.2019-02-11not yet calculatedCVE-2018-15588
MISCmambo -- cms
 A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.2019-02-15not yet calculatedCVE-2013-2565
MISC
MISCmicco -- lhmeltingUntrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5913
JVN
MISCmicco -- unarj32.dllUntrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5912
JVN
MISCmicco -- unlha32.dllUntrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5911
JVN
MISCmicco -- unlha32.dllUntrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2018-16189
JVN
MISCmicco --  unlha32.dll_and_unarj32.dll_and_lhmelting_and_lmlzh32.dll
 Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2018-16190
JVN
MISC
MISC
MISC
MISCmicro_focus -- solutions_business_manager
 An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-02-12not yet calculatedCVE-2018-19645
CONFIRMmsmtp -- msmtp
 In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.2019-02-13not yet calculatedCVE-2019-8337
CONFIRMmultiple_vendors -- runc
 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.2019-02-11not yet calculatedCVE-2019-5736
BID
REDHAT
REDHAT
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DB
MISC
MISCmusicloud -- musicloud
 A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).2019-02-16not yet calculatedCVE-2019-8389
MISCopen_source_solution_technology_corporation_and_ogis-ri -- openamOpen redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.2019-02-13not yet calculatedCVE-2019-5915
JVN
MISC
MISCopen_source_solution_technology_corporation_and_ogis-ri -- openamOpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.2019-02-13not yet calculatedCVE-2018-0696
JVN
MISC
MISCphpscriptsmall.com -- responsive_video_news_scriptPHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.2019-02-16not yet calculatedCVE-2019-8361
MISC
MISCpmd -- pmd
 PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)2019-02-11not yet calculatedCVE-2019-7722
MISCqualcomm -- snapdragonIf an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.2019-02-11not yet calculatedCVE-2018-11855
CONFIRMqualcomm -- snapdragonMalicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_20162019-02-11not yet calculatedCVE-2018-11847
BID
CONFIRMrubygems -- fileutilsVulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.2019-02-15not yet calculatedCVE-2013-2516
MISC
MISCsap -- abap_platform
 SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.2019-02-15not yet calculatedCVE-2019-0265
BID
MISC
MISCsap -- businessobjects
 SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.2019-02-15not yet calculatedCVE-2019-0259
BID
MISC
MISCsap -- disclosure_management
 SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2019-02-15not yet calculatedCVE-2019-0258
BID
MISC
MISCsap -- disclosure_management
 SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0254
BID
MISC
MISCsap -- fiori_launchpad
 The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0251
BID
MISC
MISCsap -- hana_extended_application_services
 Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.2019-02-15not yet calculatedCVE-2019-0266
BID
MISC
MISCsap -- hana_extended_application_services
 Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).2019-02-15not yet calculatedCVE-2019-0261
BID
MISC
MISCsap -- manufacturing_integration_and_intelligence
 SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.2019-02-15not yet calculatedCVE-2019-0267
BID
MISC
MISCsap -- netweaver_as_abap_platform
 Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2019-02-15not yet calculatedCVE-2019-0257
BID
MISC
MISCsap -- netweaver_as_abap_platform
 SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.2019-02-15not yet calculatedCVE-2019-0255
BID
MISC
MISCsap -- webintelligence_bilaunchpad
 SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0262
BID
MISC
MISCsound_exchange_project -- sound_exchangeAn issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.2019-02-15not yet calculatedCVE-2019-8357
MISCsound_exchange_project -- sound_exchangeAn issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.2019-02-15not yet calculatedCVE-2019-8354
MISCsound_exchange_project -- sound_exchangeAn issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.2019-02-15not yet calculatedCVE-2019-8356
MISCsound_exchange_project -- sound_exchangeAn issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.2019-02-15not yet calculatedCVE-2019-8355
MISCtcpcrypt -- boks
 A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.2019-02-08not yet calculatedCVE-2018-20764
CONFIRMtcpreplay -- tcpreplayAn issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8381
MISC
MISCtcpreplay -- tcpreplayAn issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8377
MISC
MISCtcpreplay -- tcpreplay
 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8376
MISC
MISCthemerig -- find_a_place_cms_directoryThemerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.2019-02-16not yet calculatedCVE-2019-8360
MISCtibco -- silver_fabric
 The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.2019-02-13not yet calculatedCVE-2018-12409
BID
MISC
CONFIRMua_parser_project -- uap_core
 An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)2019-02-13not yet calculatedCVE-2018-20164
MISC
MISC
MISCubiquiti_networks -- airmax_and_edgemax
 Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.2019-02-12not yet calculatedCVE-2017-0938
MISC
MISC
MISCverydows -- verydows
 Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.2019-02-16not yet calculatedCVE-2019-8363
MISCwecon -- levistudiouMultiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-12not yet calculatedCVE-2019-6537
BID
MISCwordpress -- wordpressVulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.2019-02-15not yet calculatedCVE-2015-4617
MISC
MISCwordpress -- wordpress
 Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables2019-02-15not yet calculatedCVE-2015-4615
MISC
MISCxerox -- workcentre
 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.2019-02-10not yet calculatedCVE-2018-20767
CONFIRMxerox -- workcentre
 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.2019-02-10not yet calculatedCVE-2018-20768
CONFIRMxerox -- workcentre
 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.2019-02-10not yet calculatedCVE-2018-20769
CONFIRMxerox -- workcentre
 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.2019-02-10not yet calculatedCVE-2018-20771
CONFIRMxerox -- workcentre
 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.2019-02-10not yet calculatedCVE-2018-20770
CONFIRMyingzhi -- python_programming_languageVulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage2019-02-15not yet calculatedCVE-2013-5654
MISC
MISCyokogawa -- multiple_productsLicense Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.2019-02-13not yet calculatedCVE-2019-5909
MISC
BID
MISCzoho_manageengine -- servicedesk_plusZoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.2019-02-16not yet calculatedCVE-2019-8394
CONFIRMzoho_manageengine -- servicedesk_plusAn Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.2019-02-16not yet calculatedCVE-2019-8395
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

VMware Releases Security Updates

US-CERT All NCAS Products - Sat, 02/16/2019 - 01:06
Original release date: February 15, 2019

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Update for Thunderbird

US-CERT All NCAS Products - Thu, 02/14/2019 - 21:22
Original release date: February 14, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Updates for Firefox

US-CERT All NCAS Products - Wed, 02/13/2019 - 01:26
Original release date: February 12, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Microsoft Releases February 2019 Security Updates

US-CERT All NCAS Products - Tue, 02/12/2019 - 21:12
Original release date: February 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft's February 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Internet Romance Scams

US-CERT All NCAS Products - Tue, 02/12/2019 - 20:28
Original release date: February 12, 2019

The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone you have not met in person.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites. If you think you have been a target of a romance scam, file a report with

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Update

US-CERT All NCAS Products - Tue, 02/12/2019 - 19:35
Original release date: February 12, 2019

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 02/12/2019 - 17:39
Original release date: February 12, 2019

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

US-CERT All NCAS Products - Tue, 02/12/2019 - 14:19
Original release date: February 12, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

runc Open-Source Container Vulnerability

US-CERT All NCAS Products - Mon, 02/11/2019 - 20:26
Original release date: February 11, 2019 | Last revised: February 12, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc.

NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-042: Vulnerability Summary for the Week of February 4, 2019

US-CERT All NCAS Products - Mon, 02/11/2019 - 14:37
Original release date: February 11, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.2019-02-057.5CVE-2019-6519
BID
MISCadvantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.2019-02-057.5CVE-2019-6521
BID
MISCadvantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.2019-02-057.5CVE-2019-6523
BID
MISCarticatech -- artica_proxyArtica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.2019-02-019.0CVE-2019-7300
MISC
MISCbaijiacms_project -- baijiacmsAn issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.2019-02-077.5CVE-2019-7568
MISCbijiadao -- waimai_super_cmsAn issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.2019-02-077.5CVE-2019-7585
MISCbo-blog -- bwBo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.2019-02-077.5CVE-2019-7587
MISCcisco -- aironet_active_sensorA vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected.2019-02-077.8CVE-2019-1675
BID
CISCOcss-tricks -- chat2An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.2019-02-047.5CVE-2019-7316
MISC
MISCdefaults-deep_project -- defaults-deepA prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.2019-02-017.5CVE-2018-16486
MISCdlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.2019-02-019.3CVE-2019-7298
BID
MISCdlink -- dir-823g_firmwareAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.2019-02-047.8CVE-2019-7389
BID
MISCf5 -- big-ip_local_traffic_managerOn BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.2019-02-057.1CVE-2019-6590
BID
CONFIRMfastnet -- mailcleanerFastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server.2019-02-049.0CVE-2018-1000999
MISCfortinet -- fortiosA format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.2019-02-087.5CVE-2018-1352
CONFIRMharaka_project -- harakaHaraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.2019-02-057.5CVE-2016-1000282
MISChaxx -- libcurllibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.2019-02-067.5CVE-2019-3823
BID
CONFIRM
MISC
UBUNTU
DEBIANlifesize -- networker_220_firmwareLifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.2019-02-089.0CVE-2019-7632
MISClive555 -- streaming_medialiblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.2019-02-037.5CVE-2019-7314
MISC
MISCmozilla -- firefoxA use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18500
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRMmozilla -- firefoxMozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18501
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRMmozilla -- firefoxMozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.2019-02-0510.0CVE-2018-18502
BID
UBUNTU
CONFIRMmozilla -- firefoxA crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.2019-02-057.5CVE-2018-18504
BID
UBUNTU
CONFIRMmozilla -- firefoxAn earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18505
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRMopt-net -- ng-netmsOPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.2019-02-047.5CVE-2019-1000023
MISC
MISC
MISCpizzashack -- rsshInsufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.2019-02-067.5CVE-2019-3463
BID
MLIST
MISC
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8793
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.2019-02-057.5CVE-2018-8794
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8795
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8797
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8800
BID
MISCwibu -- wibukeyAn exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.2019-02-057.2CVE-2018-3990
MISCzevenet -- zen_load_balancerZen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.2019-02-019.0CVE-2019-7301
BID
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- subversionSubversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.2019-02-055.0CVE-2018-11803
BID
CONFIRM
UBUNTUaudacityteam -- audacityAudacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled.2019-02-046.0CVE-2016-1000276
CONFIRM
MISCbijiadao -- waimai_super_cmsAn issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.2019-02-074.3CVE-2019-7567
MISCboolector_project -- boolectorIn parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.2019-02-074.3CVE-2019-7560
MISC
MISCbtor2tools_project -- btor2toolsIn btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.2019-02-074.3CVE-2019-7559
MISCcanvasgfx -- canvas_drawAn exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.2019-02-066.8CVE-2018-3973
BID
MISCcanvasgfx -- canvas_drawAn exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.2019-02-066.8CVE-2018-3976
BID
MISCchamilo -- chamilo_lmsChamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.2019-02-044.0CVE-2019-1000017
MISC
MISCcisco -- firepower_management_centerA vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2019-02-074.3CVE-2019-1671
BID
CISCOcisco -- meeting_serverA vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.2019-02-074.0CVE-2019-1678
BID
CISCOcisco -- telepresence_management_suiteA vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.2019-02-074.3CVE-2019-1661
BID
CISCOcisco -- unified_intelligence_centerA vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.2019-02-074.3CVE-2019-1670
BID
CISCOcszcms -- csz_cmsCSZ CMS 1.1.8 has CSRF via admin/users/new/add.2019-02-076.8CVE-2019-7566
MISCdlink -- dir-823g_firmwareAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.2019-02-045.0CVE-2019-7388
BID
MISCexpress-cart_project -- express-cartA deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.2019-02-016.5CVE-2018-16483
MISCffmpeg -- ffmpegFFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.2019-02-044.3CVE-2019-1000016
MISCfortiguard -- forticlientA null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.2019-02-084.9CVE-2018-9190
CONFIRMfreedesktop -- popplerIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.2019-02-026.8CVE-2019-7310
BID
MISC
MISCgpac_project -- gpacIn GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.2019-02-066.8CVE-2018-20760
MISC
MISCgpac_project -- gpacGPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.2019-02-066.8CVE-2018-20761
MISC
MISCgpac_project -- gpacGPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.2019-02-066.8CVE-2018-20762
MISC
MISCgpac_project -- gpacIn GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.2019-02-066.8CVE-2018-20763
MISC
MISCgrafana -- piechart-panelThe Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.2019-02-064.3CVE-2015-9282
MISC
MISC
MISC
MISCgurock -- testrailindex.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.2019-02-075.0CVE-2019-7535
MISChtml-pages_project -- html-pagesA XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.2019-02-014.3CVE-2018-16481
MISChttp-live-simulator_project -- http-live-simulatorPath traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.2019-02-015.0CVE-2018-16479
MISCibm -- api_connectAPI Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.2019-02-075.0CVE-2019-4008
XF
CONFIRMibm -- integration_busIBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.2019-02-045.0CVE-2018-1801
CONFIRM
XFibm -- security_identity_managerIBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.2019-02-044.6CVE-2019-4038
XF
CONFIRMibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.2019-02-045.0CVE-2018-1675
CONFIRM
XFimagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.2019-02-045.0CVE-2019-7395
BID
MISC
MISCimagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.2019-02-045.0CVE-2019-7396
BID
MISC
MISCimagemagick -- imagemagickIn ImageMagick before 7.0.8-25, several memory leaks exist in WritePDFImage in coders/pdf.c.2019-02-045.0CVE-2019-7397
BID
MISC
MISCimagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.2019-02-045.0CVE-2019-7398
BID
MISCjenkins -- gitA cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.2019-02-064.3CVE-2019-1003010
CONFIRMjenkins -- github_oauthAn session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.2019-02-064.3CVE-2019-1003019
CONFIRMjenkins -- job_importAn XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.2019-02-066.4CVE-2019-1003015
CONFIRMjenkins -- job_importAn exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-02-064.3CVE-2019-1003016
CONFIRMjenkins -- monitoringA denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.2019-02-064.3CVE-2019-1003022
CONFIRMjenkins -- script_securityA sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.2019-02-066.5CVE-2019-1003005
CONFIRMjenkins -- token_macroAn information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.2019-02-065.5CVE-2019-1003011
CONFIRMjenkins -- warningsA cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.2019-02-066.8CVE-2019-1003007
CONFIRMjenkins -- warnings_next_generationA cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.2019-02-066.8CVE-2019-1003008
CONFIRMjspmyadmin -- jspmyadmin2yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question.2019-02-044.3CVE-2019-1000004
MISCkanboard -- kanboardapp/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.2019-02-044.3CVE-2019-7324
MISC
MISCkindsoft -- kindeditorIn KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.2019-02-064.3CVE-2019-7543
MISClibarchive -- libarchivelibarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.2019-02-044.3CVE-2019-1000019
MISC
MISC
MLIST
UBUNTUlibarchive -- libarchivelibarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.2019-02-044.3CVE-2019-1000020
MISC
MISC
MLIST
UBUNTUlibming -- libmingThe parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.2019-02-076.8CVE-2019-7581
MISClibming -- libmingThe readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.2019-02-076.8CVE-2019-7582
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.2019-02-076.8CVE-2019-7572
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).2019-02-076.8CVE-2019-7573
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.2019-02-076.8CVE-2019-7574
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.2019-02-076.8CVE-2019-7575
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).2019-02-076.8CVE-2019-7576
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.2019-02-076.8CVE-2019-7577
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.2019-02-076.8CVE-2019-7578
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.2019-02-086.8CVE-2019-7635
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.2019-02-086.8CVE-2019-7636
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.2019-02-086.8CVE-2019-7637
MISC
MISClibsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.2019-02-086.8CVE-2019-7638
MISC
MISClinux -- linux_kernelIn the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.2019-02-014.7CVE-2016-10741
MISC
BID
MISC
MISC
MISCmcafee -- epolicy_orchestratorCross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.2019-02-016.8CVE-2019-3604
BID
CONFIRMmcstatic-project -- mcstaticA server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.2019-02-015.0CVE-2018-16482
MISCmodx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via the User Photo field.2019-02-064.3CVE-2018-20755
MISCmodx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.2019-02-064.3CVE-2018-20756
MISCmodx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.2019-02-064.3CVE-2018-20757
MISCmozilla -- firefoxWhen JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.2019-02-056.8CVE-2018-18503
BID
UBUNTU
CONFIRMmozilla -- firefoxWhen proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.2019-02-054.3CVE-2018-18506
BID
UBUNTU
CONFIRMopt-net -- ng-netmsOPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity.2019-02-044.3CVE-2019-1000024
MISC
MISC
MISCpbootcms -- pbootcmsA CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.2019-02-075.8CVE-2019-7570
MISCphpipam -- phpipamphpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.2019-02-044.3CVE-2019-1000010
MISC
MISCphpmywind -- phpmywindAn issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.2019-02-054.3CVE-2019-7402
MISCphpmywind -- phpmywindAn issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.2019-02-055.5CVE-2019-7403
MISCpodofo_project -- podofoAn issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.2019-02-046.8CVE-2018-20751
MISC
MISCrarlab -- winrarThere is an out-of-bounds writes vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.2019-02-056.8CVE-2018-20252
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.2019-02-055.0CVE-2018-8791
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8792
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8796
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.2019-02-055.0CVE-2018-8798
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8799
BID
MISCschneider-electric -- guiconA Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7813
BID
CONFIRMschneider-electric -- guiconA Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7814
BID
CONFIRMschneider-electric -- guiconA Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7815
BID
CONFIRMschneider-electric -- zelio_soft_2A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file.2019-02-064.4CVE-2018-7817
BID
CONFIRMspice_project -- spiceSpice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.2019-02-045.4CVE-2019-3813
BID
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIANsqlalchemy -- sqlalchemySQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.2019-02-066.8CVE-2019-7548
MISC
MISCthinkcmf -- thinkcmfThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.2019-02-076.5CVE-2019-7580
MISC
MISCtopnew -- siduAn issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability.2019-02-064.3CVE-2019-7546
MISCwdoyo -- doyoAn issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.2019-02-076.8CVE-2019-7569
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.2019-02-044.3CVE-2019-7325
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.2019-02-044.3CVE-2019-7326
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7327
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.2019-02-044.3CVE-2019-7328
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.2019-02-044.3CVE-2019-7329
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7330
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.2019-02-044.3CVE-2019-7331
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7332
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7333
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7334
MISCzoneminder -- zoneminderSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.2019-02-044.3CVE-2019-7335
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.2019-02-044.3CVE-2019-7336
MISCzoneminder -- zoneminderSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.2019-02-044.3CVE-2019-7338
MISCzoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7339
MISCzoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7340
MISCzoneminder -- zoneminderReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7341
MISCzoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7342
MISCzoneminder -- zoneminderReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7343
MISCzoneminder -- zoneminderReflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.2019-02-044.3CVE-2019-7344
MISCzoneminder -- zoneminderA CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.2019-02-046.8CVE-2019-7346
MISCzoneminder -- zoneminderA Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).2019-02-046.0CVE-2019-7347
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7348
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7349
MISCzoneminder -- zoneminderSession fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.2019-02-044.9CVE-2019-7350
MISCzoneminder -- zoneminderLog Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.2019-02-044.3CVE-2019-7351
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.2019-02-044.3CVE-2019-7352
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- sparkWhen using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.2019-02-042.1CVE-2018-11760
BID
MLISTcisco -- webex_meetingsA vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.2019-02-071.9CVE-2019-1677
BID
CISCOdbninja -- dbninjaIn DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.2019-02-063.5CVE-2019-7545
MISCf5 -- big-ip_access_policy_managerOn BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.2019-02-053.5CVE-2019-6591
CONFIRMgnu -- glibcIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.2019-02-022.1CVE-2019-7309
BID
MISC
MISCjenkins -- config_file_providerAn cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.2019-02-063.5CVE-2019-1003014
CONFIRMlibpng -- libpngpng_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.2019-02-042.6CVE-2019-7317
MISC
MISCmodx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.2019-02-063.5CVE-2018-20758
MISCmywebsql -- mywebsqlAn issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field.2019-02-063.5CVE-2019-7544
MISCschneider-electric -- iiot_monitorA Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.2019-02-062.1CVE-2018-7839
CONFIRMtopnew -- siduAn issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.2019-02-063.5CVE-2019-7547
MISCzoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.2019-02-043.5CVE-2019-7337
MISCzoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.2019-02-043.5CVE-2019-7345
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info42gears -- suremdmAn SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.2019-02-04not yet calculatedCVE-2018-15657
MISC
EXPLOIT-DB42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.2019-02-04not yet calculatedCVE-2018-15655
MISC42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.2019-02-04not yet calculatedCVE-2018-15659
MISC42gears -- suremdmAn issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header.2019-02-04not yet calculatedCVE-2018-15656
MISC42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.2019-02-04not yet calculatedCVE-2018-15658
MISCabbyy -- flexicaptureMultiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.2019-02-09not yet calculatedCVE-2018-13792
CONFIRMaioxmpp -- aioxmppaioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3.2019-02-04not yet calculatedCVE-2019-1000007
MISCapache -- gauacamolePrior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.2019-02-07not yet calculatedCVE-2018-1340
BID
MISCapache -- hadoopIn Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.2019-02-07not yet calculatedCVE-2018-1296
BID
MISCapi_platform -- api_platformAPI Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.2019-02-04not yet calculatedCVE-2019-1000011
MISC
MISCavaya -- aura_communication_managerA vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.2019-02-01not yet calculatedCVE-2018-15617
BID
CONFIRMbecton,_dickinson_and_company -- facslyricBD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.2019-02-06not yet calculatedCVE-2019-6517
BID
MISCbrancz -- kube-rbac-proxyThe kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.2019-02-05not yet calculatedCVE-2019-3818
BID
CONFIRM
CONFIRMbuildbot -- buildbotwww/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.2019-02-03not yet calculatedCVE-2019-7313
MISCca_technologies -- automic_workload_automationInsufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.2019-02-05not yet calculatedCVE-2019-6504
BID
MISC
BUGTRAQ
MISC
MISC
FULLDISC
MISCcanvas -- drawAn exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.2019-02-06not yet calculatedCVE-2018-3980
MISCchamilo -- chamilo-lmsChamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.2019-02-04not yet calculatedCVE-2019-1000015
MISCcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.2019-02-08not yet calculatedCVE-2019-1673
BID
CISCOcisco -- meeting_serverA vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.2019-02-08not yet calculatedCVE-2019-1676
BID
CISCOcisco -- telepresence_conductor_and_expressway_series_and_telepresence_video_communication_server_softwareA vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.2019-02-07not yet calculatedCVE-2019-1679
BID
CISCOcisco -- telepresence_management_suiteA vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.2019-02-07not yet calculatedCVE-2019-1660
BID
CISCOcisco -- web_security_applianceA vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.2019-02-08not yet calculatedCVE-2019-1672
BID
CISCOcisco -- webex_business_suiteA vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.2019-02-07not yet calculatedCVE-2019-1680
BID
CISCOconnectwise -- manageditsyncConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.2019-02-05not yet calculatedCVE-2017-18362
MISC
MISC
MISCcoturn -- coturnAn exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-4056
MISC
DEBIANcvsweb -- cvswebFreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.2019-02-04not yet calculatedCVE-2018-1000998
MISCd-link -- dir-823g_devicesAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.2019-02-04not yet calculatedCVE-2019-7390
BID
MISCdebain -- tmpreaperDebian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.2019-02-04not yet calculatedCVE-2019-3461
MISC
MLIST
DEBIANdell_emc -- dell_os10Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).2019-02-04not yet calculatedCVE-2018-15778
MISCdell_emc -- vnx2_operating_environmentVNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.2019-02-07not yet calculatedCVE-2019-3704
BID
FULLDISCelfutils -- elfutilsIn elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.2019-02-09not yet calculatedCVE-2019-7665
MISC
MISCelfutils -- elfutilsIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).2019-02-09not yet calculatedCVE-2019-7664
MISCemsisoft -- emsisoft_anti-malwareEPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\EPP device are not properly protected, leading to unintended impersonation or object creation.2019-02-08not yet calculatedCVE-2019-7651
MISC
MISC
MISCenphase_energy -- envoyA weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.2019-02-09not yet calculatedCVE-2019-7676
MISC
MISC
MISCenphase_energy -- envoyA directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7678
MISC
MISCenphase_energy -- envoyXSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7677
MISC
MISCextend -- extendA prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16492
MISCforcepoint -- forcepoint_user_idForcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.2019-02-07not yet calculatedCVE-2019-6139
MISCgenivia -- gsoapGenivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.2019-02-09not yet calculatedCVE-2019-7659
CONFIRMgitea -- giteaGitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.2019-02-04not yet calculatedCVE-2019-1000002
MISCgnome -- gdmA vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.2019-02-06not yet calculatedCVE-2019-3825
CONFIRMgnome -- gnome-shellIt was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.2019-02-06not yet calculatedCVE-2019-3820
CONFIRM
MISCgsi-openssh-server -- gsi_openssh_serverAn issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.2019-02-08not yet calculatedCVE-2019-7639
MISChelm -- chartmuseumHelm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1.2019-02-04not yet calculatedCVE-2019-1000009
MISChelm -- helmAll versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.2019-02-04not yet calculatedCVE-2019-1000008
MISChex -- hex_coreHex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.2019-02-04not yet calculatedCVE-2019-1000013
MISC
MISChex -- hex_coreHex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.2019-02-04not yet calculatedCVE-2019-1000012
MISC
MISChotels_server_project -- hotels_servercontroller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.2019-02-08not yet calculatedCVE-2019-7648
MISCibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.2019-02-05not yet calculatedCVE-2017-1177
XF
CONFIRMibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.2019-02-05not yet calculatedCVE-2017-1198
XF
CONFIRMibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.2019-02-05not yet calculatedCVE-2017-1200
XF
CONFIRMibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.2019-02-05not yet calculatedCVE-2017-1202
XF
CONFIRMibm -- datapower_gatewayIBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.2019-02-07not yet calculatedCVE-2018-1666
XF
CONFIRMibm -- security_identity_managerIBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.2019-02-04not yet calculatedCVE-2018-1970
CONFIRM
XFibm -- security_identity_managerIBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.2019-02-04not yet calculatedCVE-2018-1962
CONFIRM
BID
XFinxedu -- inxeduinxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg.2019-02-09not yet calculatedCVE-2019-7684
MISCjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.2019-02-06not yet calculatedCVE-2019-1003018
CONFIRMjenkins -- jenkinsAn cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.2019-02-06not yet calculatedCVE-2019-1003013
CONFIRMjenkins -- jenkinsAn improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.2019-02-06not yet calculatedCVE-2019-1003009
CONFIRMjenkins -- jenkinsA data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.2019-02-06not yet calculatedCVE-2019-1003017
CONFIRMjenkins -- jenkinsA data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.2019-02-06not yet calculatedCVE-2019-1003012
CONFIRMjenkins -- jenkinsA sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.2019-02-06not yet calculatedCVE-2019-1003006
CONFIRMjenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.2019-02-06not yet calculatedCVE-2019-1003021
CONFIRMjenkins -- jenkinsA server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.2019-02-06not yet calculatedCVE-2019-1003020
CONFIRMjenkins -- jenkinsA cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.2019-02-06not yet calculatedCVE-2019-1003023
CONFIRMjoomla -- joomlaJoomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.2019-02-04not yet calculatedCVE-2016-1000271
MISCjust-extend -- just-extendA prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.2019-02-01not yet calculatedCVE-2018-16489
MISCkaseya -- vsa_rmmKaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.2019-02-05not yet calculatedCVE-2018-20753
MISC
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.2019-02-05not yet calculatedCVE-2018-19002
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.2019-02-05not yet calculatedCVE-2018-18992
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution.2019-02-05not yet calculatedCVE-2018-18986
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.2019-02-05not yet calculatedCVE-2018-19029
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.2019-02-01not yet calculatedCVE-2018-18988
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.2019-02-05not yet calculatedCVE-2018-18996
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.2019-02-05not yet calculatedCVE-2018-18998
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.2019-02-05not yet calculatedCVE-2018-19000
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.2019-02-05not yet calculatedCVE-2018-18990
BID
MISClibcurl -- libcurllibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.2019-02-06not yet calculatedCVE-2018-16890
BID
CONFIRM
MISC
UBUNTU
DEBIANlibcurl -- libcurllibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.2019-02-06not yet calculatedCVE-2019-3822
BID
CONFIRM
MISC
UBUNTU
DEBIANlibtiff -- libtiffAn Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.2019-02-09not yet calculatedCVE-2019-7663
MISClightsoft -- logmxGUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file.2019-02-04not yet calculatedCVE-2019-7323
MISC
MISC
MISClinux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.2019-02-01not yet calculatedCVE-2019-7308
MISC
MISC
BID
MISC
MISC
MISC
MISClodash -- lodashA prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.2019-02-01not yet calculatedCVE-2018-16487
MISCm-server -- m-serverPath Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.2019-02-01not yet calculatedCVE-2018-16485
MISCm-server -- m-serverA XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.2019-02-01not yet calculatedCVE-2018-16484
MISCmapsvg -- mapsvg_liteMapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later.2019-02-04not yet calculatedCVE-2019-1000003
MISC
MISCmitsubishi -- multiple_productsMitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.2019-02-05not yet calculatedCVE-2019-6535
BID
MISCmobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.2019-02-09not yet calculatedCVE-2019-7674
MISCmobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.2019-02-09not yet calculatedCVE-2019-7675
MISCmobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.2019-02-09not yet calculatedCVE-2019-7673
MISCmobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.2019-02-09not yet calculatedCVE-2009-5154
MISC
MISCmpath -- mpathA prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16490
MISCmpdf -- mpdfmPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="https://www.us-cert.govphar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.2019-02-04not yet calculatedCVE-2019-1000005
MISCnetapp -- clustered_data_ontapClustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.2019-02-01not yet calculatedCVE-2018-5498
CONFIRMnginx -- nginx_unitNGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.2019-02-07not yet calculatedCVE-2019-7401
MISC
MISC
MISC
BIDnode.extend -- node.extendA prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16491
MISCpagure -- pagurePagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)2019-02-07not yet calculatedCVE-2019-7628
MISC
MISC
MISC
MISC
MISCprimx -- zed_enterpriseLimited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.2019-02-03not yet calculatedCVE-2019-7312
MISCpublic -- publicA XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.2019-02-01not yet calculatedCVE-2018-16480
MISC
MISCrarlab -- winrarA validation function (in WinRAR code) is being called before extraction of ACE archives. The validation function inspects the filename field for each compressed file in the ACE archive. In case the filename is disallow by the validator function (for example, the filename contains path traversal patterns) The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after the creation of files and folders. It prevent the write operation to the extracted files only.2019-02-05not yet calculatedCVE-2018-20251
BID
MISCrebar3 -- rebar3Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.2019-02-04not yet calculatedCVE-2019-1000014
MISCrecon-ng -- recon-ngAn issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.2019-02-04not yet calculatedCVE-2018-20752
MISC
MISCredflib -- redflibThe Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.2019-02-08not yet calculatedCVE-2019-7653
MISCriot -- riot-osRIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity.2019-02-04not yet calculatedCVE-2019-1000006
MISCrssh -- rsshrssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.2019-02-04not yet calculatedCVE-2019-1000018
MISC
MLIST
DEBIANrssh -- rsshInsufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.2019-02-06not yet calculatedCVE-2019-3464
BID
MLIST
MISC
DEBIANrukovoditel -- rukovoditelRukovoditel before 2.4.1 allows XSS.2019-02-05not yet calculatedCVE-2019-7400
CONFIRMslixmpp -- slixmppslixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.2019-02-04not yet calculatedCVE-2019-1000021
MISC
MISCsymantec -- ghost_solution_suiteSymantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.2019-02-08not yet calculatedCVE-2018-18364
BID
CONFIRMsystrome -- mulitple_cumilon_devicesA local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.2019-02-04not yet calculatedCVE-2019-7387
MISC
MISCtaoensso -- senateTaoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later.2019-02-04not yet calculatedCVE-2019-1000022
MISCtcpcrypt -- tcpcryptA buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.2019-02-08not yet calculatedCVE-2018-20764
CONFIRMteampass -- teampassTeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.2019-02-04not yet calculatedCVE-2019-1000001
MISCtrend_micro -- dr_safetyA vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations.2019-02-05not yet calculatedCVE-2018-18334
CONFIRMtrend_micro -- security_2019A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations.2019-02-05not yet calculatedCVE-2018-18333
CONFIRM
MISC
MISCwebassembly -- binaryenAn assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.2019-02-09not yet calculatedCVE-2019-7662
MISCwibu-systems -- wibukeyAn exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-3991
MISCwibu-systems -- wibukeyAn exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-3989
MISCwin.rar -- winrarBy crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution.2019-02-05not yet calculatedCVE-2018-20250
BID
MISCwordpress -- wordpressIn the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)2019-02-05not yet calculatedCVE-2019-7413
MISCwordpress -- wordpressThe PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.2019-02-05not yet calculatedCVE-2019-7412
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Apple Releases Multiple Security Updates

US-CERT All NCAS Products - Thu, 02/07/2019 - 20:12
Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Microsoft Releases Security Advisory for Exchange Server

US-CERT All NCAS Products - Wed, 02/06/2019 - 03:50
Original release date: February 05, 2019

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#465632 and consider the workarounds until an update is available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Marvell Avastar Wi-Fi Vulnerability

US-CERT All NCAS Products - Wed, 02/06/2019 - 00:41
Original release date: February 05, 2019

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#730261 for more information and refer to vendors for appropriate updates, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-035: Vulnerability Summary for the Week of January 28, 2019

US-CERT All NCAS Products - Mon, 02/04/2019 - 15:40
Original release date: February 04, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infolibgd -- libgdThe GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.2019-01-287.5CVE-2019-6978
MISC
MISC
MISC
MLISTlibvnc_project -- libvncserverLibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.2019-01-307.5CVE-2018-20750
MISC
MISC
MLIST
UBUNTU
MISCphpmyadmin -- phpmyadminAn issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.2019-01-267.5CVE-2019-6798
BID
CONFIRMzoneminder -- zoneminderA classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.2019-01-287.5CVE-2019-6991
MISC
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobatAdobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.2019-01-284.3CVE-2018-19721
CONFIRMadobe -- acrobatAdobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.2019-01-285.0CVE-2018-19723
BID
CONFIRMadobe -- acrobatAdobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-01-284.3CVE-2018-19728
CONFIRMadobe -- experience_managerAdobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19724
BID
CONFIRMadobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19726
BID
CONFIRMadobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19727
BID
CONFIRMapache -- open_officeWhen loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.2019-01-314.6CVE-2018-11790
BID
CONFIRMarm -- trusted_firmware-aARM Trusted Firmware-A allows information disclosure.2019-01-305.0CVE-2018-19440
CONFIRM
CONFIRMatlassian -- crowdVarious resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.2019-01-284.0CVE-2016-10740
CONFIRMatutor -- atutorA stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.2019-01-294.3CVE-2019-7172
MISCaxiosys -- bento4An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.2019-01-254.3CVE-2019-6966
MISCcross_reference_project -- cross_referenceAn issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.2019-01-314.3CVE-2019-7250
MISCelfutils_project -- elfutilsIn elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.2019-01-284.3CVE-2019-7146
MISC
MISCelfutils_project -- elfutilsAn attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception.2019-01-284.3CVE-2019-7148
MISCelfutils_project -- elfutilsA heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.2019-01-284.3CVE-2019-7149
MISC
MISCelfutils_project -- elfutilsAn issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.2019-01-284.3CVE-2019-7150
MISC
MISCencodable -- filechuckerAn issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.2019-01-316.8CVE-2019-7216
MISC
MISCfoxitsoftware -- phantompdfAn exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2019-01-305.8CVE-2018-3956
MISCfreshrss -- freshrssMultiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.2019-01-304.3CVE-2018-19782
MISC
FULLDISC
EXPLOIT-DB
MISCibm -- api_connectIBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.2019-01-294.0CVE-2018-1976
BID
XF
CONFIRMibm -- iIBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.2019-01-314.3CVE-2019-4040
CONFIRM
BID
XFibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811.2019-01-295.0CVE-2018-1733
BID
XF
CONFIRMidreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.2019-01-306.4CVE-2019-7235
MISCidreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.2019-01-305.0CVE-2019-7236
MISCidreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.2019-01-305.0CVE-2019-7237
MISCip_history_logs_project -- ip_history_logsAn issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.2019-01-284.3CVE-2019-6979
MISC
EXPLOIT-DBlibdoc_project -- libdocIn libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.2019-01-295.0CVE-2019-7156
BID
MISClibdoc_project -- libdocIn libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.2019-01-306.8CVE-2019-7233
MISClinux -- linux_kernelIn the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.2019-02-014.7CVE-2016-10741
MISC
MISC
MISC
MISClinux -- linux_kernelIn change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.2019-01-314.9CVE-2017-18360
MISC
BID
MISC
MISC
MISClinux -- linux_kernelA flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.2019-01-254.9CVE-2019-3819
BID
CONFIRMmcafee -- epolicy_orchestratorCross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.2019-02-016.8CVE-2019-3604
CONFIRMmedia_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19040
EXPLOIT-DBmedia_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.2019-01-314.3CVE-2018-19041
EXPLOIT-DBmedia_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19042
EXPLOIT-DBmedia_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19043
EXPLOIT-DBmumble -- mumblemurmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.2019-01-255.0CVE-2018-20743
MISC
MISC
MISC
MISCnasm -- netwide_assemblerA buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.2019-01-284.3CVE-2019-7147
MISCnetscape -- enterprise_serverservlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.2019-01-314.3CVE-2018-18940
MISC
FULLDISComron -- cx-oneThree type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-01-306.8CVE-2018-19027
BID
MISComron -- cx-supervisorAn attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.2019-01-286.0CVE-2018-19015
BID
MISCopen-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.2019-01-304.0CVE-2018-12609
FULLDISC
CONFIRM
CONFIRM
CONFIRMopen-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Information Exposure.2019-01-305.0CVE-2018-12610
FULLDISC
CONFIRM
CONFIRMopen-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Directory Traversal.2019-01-304.3CVE-2018-12611
FULLDISC
CONFIRM
CONFIRM
CONFIRMopenbsd -- opensshAn issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.2019-01-314.0CVE-2019-6109
MISC
MISC
MISCpaloaltonetworks -- pan-osThe PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.2019-01-304.3CVE-2019-1566
BID
CONFIRMphpmyadmin -- phpmyadminAn issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.2019-01-264.3CVE-2019-6799
BID
CONFIRMpowerdns -- recursorAn issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.2019-01-296.8CVE-2019-3806
CONFIRM
CONFIRMpowerdns -- recursorAn issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.2019-01-296.4CVE-2019-3807
CONFIRM
CONFIRMpylonsproject -- colanderIn Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.2019-02-015.0CVE-2017-18361
MISC
MISCredhat -- cephCeph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.2019-01-285.0CVE-2018-16889
BID
CONFIRMrsyslog -- rsyslogA denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.2019-01-255.0CVE-2018-16881
CONFIRMstatic-resource-server_project -- static-resource-serverA path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.2019-02-015.0CVE-2018-16493
MISCtypora -- typoratypora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.2019-01-314.3CVE-2019-7295
MISCtypora -- typoratypora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.2019-01-314.3CVE-2019-7296
MISCuclouvain -- openjpegAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.2019-01-284.3CVE-2019-6988
BID
MISCwebassembly -- binaryenA NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7151
MISCwebassembly -- binaryenA heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7152
MISCwebassembly -- binaryenA NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7153
MISCwebassembly -- binaryenThe main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.2019-01-284.3CVE-2019-7154
MISCzoneminder -- zoneminderA stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.2019-01-284.3CVE-2019-6992
MISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocroogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.2019-01-293.5CVE-2019-7168
MISCcroogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.2019-01-293.5CVE-2019-7169
MISCcroogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.2019-01-293.5CVE-2019-7170
MISCcroogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.2019-01-293.5CVE-2019-7171
MISCcroogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.2019-01-293.5CVE-2019-7173
MISCemerson -- deltav_distributed_control_systemA specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.2019-01-253.3CVE-2018-19021
BID
MISCpaloaltonetworks -- pan-osThe PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.2019-01-303.5CVE-2019-1565
BID
CONFIRMtridium -- niagaraTridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.2019-01-293.5CVE-2018-18985
BID
MISCzoneminder -- zoneminderA stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.2019-01-283.5CVE-2019-6990
MISC
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3s-smart_software_solutions -- codesys_control_productsIn 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.2019-01-29not yet calculatedCVE-2018-10612
BID
MISCabb -- cms-770
 The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.2019-01-31not yet calculatedCVE-2018-17928
BID
MISCabb -- m2m_ethernetThe product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.2019-01-31not yet calculatedCVE-2018-17926
BID
MISCapache -- http_serverIn Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.2019-01-30not yet calculatedCVE-2018-17199
BID
CONFIRM
MLIST
CONFIRMapache -- http_serverA bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.2019-01-30not yet calculatedCVE-2019-0190
BID
CONFIRM
CONFIRMapache -- http_serverIn Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.2019-01-30not yet calculatedCVE-2018-17189
BID
CONFIRM
CONFIRMartica -- proxyArtica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.2019-02-01not yet calculatedCVE-2019-7300
MISC
MISCavaya -- aura_communication_managerA vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.2019-02-01not yet calculatedCVE-2018-15617
CONFIRMbluez -- bluezA bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.2019-01-28not yet calculatedCVE-2018-10910
CONFIRM
UBUNTUcisco -- webex_meetings_serverA version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks.2019-01-30not yet calculatedCVE-2018-18895
MISC
FULLDISC
SECTRACK
BUGTRAQclustered_data -- ontapClustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.2019-02-01not yet calculatedCVE-2018-5498
CONFIRMcomodo -- utm_firewallWeb Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.2019-01-30not yet calculatedCVE-2018-17431
MISCd-link -- central_wifimanager_cwm-100_devicesThe FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.2019-01-31not yet calculatedCVE-2018-15516
MISC
FULLDISC
MISCd-link -- central_wifimanager_cwm-100_devicesThe MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.2019-01-31not yet calculatedCVE-2018-15517
MISC
FULLDISCd-link -- central_wifimanager_cwm-100_devicesThe CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.2019-01-31not yet calculatedCVE-2018-15515
MISC
FULLDISCd-link -- dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.2019-01-31not yet calculatedCVE-2019-7297
BID
MISCd-link -- dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.2019-02-01not yet calculatedCVE-2019-7298
BID
MISCdebian -- apt
 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.2019-01-28not yet calculatedCVE-2019-3462
BID
MLIST
MLIST
CONFIRM
UBUNTU
DEBIANdefaults-deep -- defaults-deep
 A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16486
MISCdräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.2019-01-28not yet calculatedCVE-2018-19014
BID
MISCdräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.2019-01-28not yet calculatedCVE-2018-19012
BID
MISCdräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.2019-01-28not yet calculatedCVE-2018-19010
BID
MISCexpress-cart -- express-cart
 A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.2019-02-01not yet calculatedCVE-2018-16483
MISCextend -- extend
 A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16492
MISCfoxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation.2019-01-28not yet calculatedCVE-2019-6985
CONFIRMfoxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.2019-01-28not yet calculatedCVE-2019-6982
CONFIRMfoxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory.2019-01-28not yet calculatedCVE-2019-6983
CONFIRMfoxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer.2019-01-28not yet calculatedCVE-2019-6984
CONFIRMgnu -- c_libraryIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.2019-02-02not yet calculatedCVE-2019-7309
MISC
MISCgoogle -- android
 NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.2019-01-31not yet calculatedCVE-2018-6241
BID
CONFIRMhetronic -- nova-mHetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.2019-01-25not yet calculatedCVE-2018-19023
BID
MISChtml-pages -- html-pages
 A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.2019-02-01not yet calculatedCVE-2018-16481
MISChttp-live-simulator -- http-live-simulator
 Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.2019-02-01not yet calculatedCVE-2018-16479
MISCibm -- datapower_gatewayIBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.2019-01-29not yet calculatedCVE-2018-1668
XF
CONFIRMidreamsoft -- icmsidreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.2019-01-29not yet calculatedCVE-2019-7160
MISCidreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.2019-01-30not yet calculatedCVE-2019-7234
MISCjust-extend -- just-extend
 A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.2019-02-01not yet calculatedCVE-2018-16489
MISCkeybase -- keybase
 In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.2019-01-31not yet calculatedCVE-2019-7249
MISC
MISClabkey -- server_community_editionAn open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.2019-01-30not yet calculatedCVE-2019-3912
MISClabkey -- server_community_editionReflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.2019-01-30not yet calculatedCVE-2019-3911
MISClabkey -- server_community_editionCommand manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.2019-01-30not yet calculatedCVE-2019-3913
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.2019-02-01not yet calculatedCVE-2018-19004
BID
MISClcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.2019-02-01not yet calculatedCVE-2018-18988
BID
MISClibvips -- libvips
 libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory.2019-01-26not yet calculatedCVE-2019-6976
MISC
MISClibvnc -- libvncLibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.2019-01-30not yet calculatedCVE-2018-20749
MISC
MISC
MLIST
UBUNTU
MISClibvnc -- libvnc
 LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.2019-01-30not yet calculatedCVE-2018-20748
MISC
MISC
MISC
MISC
MISC
MLIST
UBUNTU
MISClinux -- linux_kernelA flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.2019-01-29not yet calculatedCVE-2018-16880
BID
CONFIRMlinux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.2019-02-01not yet calculatedCVE-2019-7308
MISC
MISC
MISC
MISC
MISC
MISClodash -- lodash
 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.2019-02-01not yet calculatedCVE-2018-16487
MISCm-server -- m-serverPath Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.2019-02-01not yet calculatedCVE-2018-16485
MISCm-server -- m-server
 A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.2019-02-01not yet calculatedCVE-2018-16484
MISCmcafee -- total_protectionExploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.2019-01-28not yet calculatedCVE-2019-3593
CONFIRMmcstatic -- mcstatic
 A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.2019-02-01not yet calculatedCVE-2018-16482
MISCmpath -- mpath
 A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16490
MISCnetkit -- netkitAn issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.2019-01-31not yet calculatedCVE-2019-7283
MISC
MISCnetkit -- netkit
 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.2019-01-31not yet calculatedCVE-2019-7282
MISC
MISCnode.extend -- node.extend
 A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16491
MISColivier_poitrey -- go_cors_handler
 The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.2019-01-28not yet calculatedCVE-2018-20744
MISC
MISCopenjdk_and_eclipse -- openj9In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.2019-01-31not yet calculatedCVE-2018-12548
CONFIRMopenssh -- opensshAn issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).2019-01-31not yet calculatedCVE-2019-6111
BID
MISC
MISC
EXPLOIT-DBopenssh -- openssh
 In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.2019-01-31not yet calculatedCVE-2019-6110
MISC
MISC
MISC
EXPLOIT-DBphp -- php
 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.2019-01-26not yet calculatedCVE-2019-6977
MISC
MISC
BID
MISC
MLISTpilz -- pnozmulti_configuratorPilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.2019-01-25not yet calculatedCVE-2018-19009
BID
MISCpoppler -- poppler
 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.2019-02-02not yet calculatedCVE-2019-7310
MISC
MISCpostgresql -- postgresqlPostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.2019-01-25not yet calculatedCVE-2017-18359
MLIST
MISC
MISC
MISCpractecol -- guardzilla_all-in-one_video_security_systemA reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.2019-01-31not yet calculatedCVE-2018-5560
MISC
MISCprincexml -- princexml
 PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.2019-01-30not yet calculatedCVE-2018-19858
MISC
MISC
MISCpublic -- public
 A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.2019-02-01not yet calculatedCVE-2018-16480
MISC
MISCqnap -- photo_stationPath Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.2019-02-01not yet calculatedCVE-2018-0722
CONFIRMred_hat -- enterprise_linuxA memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.2019-01-28not yet calculatedCVE-2019-3815
BID
REDHAT
CONFIRMrundeck -- rundeck_community_editionAn XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.2019-01-25not yet calculatedCVE-2019-6804
MISC
MISC
EXPLOIT-DBschedmd -- slurmSchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.2019-01-31not yet calculatedCVE-2019-6438
CONFIRM
CONFIRMsofintel_it_engineering -- zen_load_balancerZen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.2019-02-01not yet calculatedCVE-2019-7301
BID
MISCtitanhq -- spamtitanTitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.2019-01-30not yet calculatedCVE-2018-15136
MISCvignette -- content_managementIn Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued.2019-01-31not yet calculatedCVE-2018-18941
MISC
FULLDISCvivo -- vivo_vitro
 SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.2019-01-28not yet calculatedCVE-2019-6986
MISC
MISCyii -- yiiYii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.2019-01-28not yet calculatedCVE-2018-20745
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

US-CERT All NCAS Products - Fri, 02/01/2019 - 20:21
Original release date: February 01, 2019

The National Security Agency (NSA) has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the NSA Cybersecurity Advisory on Updated Guidance for Vulnerabilities Affecting Modern Processors and Hardware and Firmware Security Guidance GitHub website for more information and updated mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

CISA Awareness Briefing on Chinese Malicious Cyber Activity

US-CERT All NCAS Products - Wed, 01/30/2019 - 17:25
Original release date: January 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below:

CISA encourages MSPs and their customers to register for the briefing by clicking on one of the dates listed above. The briefing will provide a background on the identified cyber activity and mitigation techniques.   

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

MS-ISAC Releases Advisory on DNS Flag Day

US-CERT All NCAS Products - Wed, 01/30/2019 - 17:17
Original release date: January 30, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review MS-ISAC's Cyber Alert: DNS Flag Day for more information and the DNS Flag Day website to determine whether a domain name will be affected.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Update for Thunderbird

US-CERT All NCAS Products - Wed, 01/30/2019 - 17:12
Original release date: January 30, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Google Releases Security Updates for Chrome

US-CERT All NCAS Products - Wed, 01/30/2019 - 03:34
Original release date: January 29, 2019

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.  

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Pages