Apple Releases Multiple Security Updates

US-CERT All NCAS Products - 10 hours 51 min ago
Original release date: March 25, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Update for Thunderbird

US-CERT All NCAS Products - 10 hours 52 min ago
Original release date: March 25, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-084: Vulnerability Summary for the Week of March 18, 2019

US-CERT All NCAS Products - Mon, 03/25/2019 - 15:04
Original release date: March 25, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoairmore -- airmoreThe AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.2019-03-157.8CVE-2019-9831
EXPLOIT-DB
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.2019-03-157.2CVE-2018-18252
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges.2019-03-157.2CVE-2018-18255
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.2019-03-157.2CVE-2018-18256
MISCcaret -- caretCaret before 2019-02-22 allows Remote Code Execution.2019-03-227.5CVE-2019-9927
MISCdesignchemical -- social_network_tabsThe Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.2019-03-217.5CVE-2018-20555
MISCens -- webgalambsubscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.2019-03-217.5CVE-2018-19510
MISC
MISCens -- webgalambIn Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.2019-03-219.0CVE-2018-19512
MISC
MISCens -- webgalambIn Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.2019-03-217.5CVE-2018-19514
MISC
MISCens -- webgalambIn Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.2019-03-217.5CVE-2018-19515
MISC
MISCfive9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).2019-03-177.5CVE-2018-15509
MISChidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.2019-03-217.2CVE-2018-17491
XFkioware -- kioware_serverKioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions.2019-03-217.2CVE-2018-18435
MISC
EXPLOIT-DBopenmrs -- openmrsOpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.2019-03-2110.0CVE-2018-19276
MISC
EXPLOIT-DBopensuse -- yast2-printerIn yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.2019-03-159.3CVE-2018-20106
CONFIRMportier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.2019-03-217.5CVE-2019-5722
MISC
BUGTRAQ
EXPLOIT-DB
MISCputty -- puttyIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.2019-03-217.5CVE-2019-9895
MISCputty -- puttyPotential recycling of random numbers used in cryptography exists within PuTTY before 0.71.2019-03-217.5CVE-2019-9898
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.2019-03-157.5CVE-2018-20177
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20179
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20180
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20181
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20182
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANroxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows unrestricted file upload in upload.php.2019-03-217.5CVE-2018-20526
MISC
EXPLOIT-DBschool_attendance_monitoring_system_project -- school_attendance_monitoring_systemSchool Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit.2019-03-217.5CVE-2018-18798
MISC
EXPLOIT-DBsolarwinds -- serv-u_ftp_serverSolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.2019-03-219.0CVE-2018-15906
MISC
MISC
MISCthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17493
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17494
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.2019-03-217.2CVE-2018-17495
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.2019-03-217.2CVE-2018-17496
XFBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabantecart -- abantecartAbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.2019-03-214.3CVE-2018-20141
MISC
MISC
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2018-20633
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.2019-03-214.0CVE-2018-20634
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-214.0CVE-2018-20635
MISCairdrop_project -- airdropThe AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.2019-03-155.0CVE-2019-9832
EXPLOIT-DB
MISCairties -- air_5341_firmwareAirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.2019-03-216.8CVE-2019-6967
MISC
MISC
MISC
EXPLOIT-DBartifex -- ghostscriptIn Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.2019-03-216.8CVE-2019-6116
CONFIRM
CONFIRM
MISC
MLIST
MLIST
BID
REDHAT
MISC
CONFIRM
MLIST
FEDORA
FEDORA
UBUNTU
DEBIAN
EXPLOIT-DBbestpractical -- request_trackerThe email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.2019-03-215.0CVE-2018-18898
CONFIRM
FEDORA
FEDORAbooking_calendar_project -- booking_calendarSQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.2019-03-216.5CVE-2018-20556
MISC
EXPLOIT-DBbose -- soundtouchAn issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.2019-03-214.3CVE-2018-12638
MISC
MISCbroadcastboxes -- scion-8_firmwareCircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.2019-03-155.0CVE-2019-5616
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.2019-03-156.9CVE-2018-18253
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.2019-03-154.6CVE-2018-18254
MISCcar_rental_script_project -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.2019-03-216.8CVE-2018-20648
MISCcolossusxt -- colossuscoinxtColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.2019-03-215.0CVE-2018-19158
MISC
CONFIRM
MISCcoyoapp -- coyoCOYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.2019-03-214.3CVE-2018-16519
MISC
MISC
MISC
CONFIRMcryptobots -- battletokenAn Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.2019-03-155.0CVE-2018-17882
MISC
MISCdeltek -- ajeraSecure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.2019-03-216.5CVE-2018-20221
MISC
MISCdnnsoftware -- dotnetnukeDNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.2019-03-214.3CVE-2018-14486
MISC
MISCdropbear_ssh_project -- dropbear_sshIt was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.2019-03-215.0CVE-2017-2659
CONFIRM
MISCens -- webgalambwg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.2019-03-214.3CVE-2018-19509
MISC
MISCens -- webgalambwg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.2019-03-214.3CVE-2018-19511
MISC
MISCens -- webgalambIn Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.2019-03-215.0CVE-2018-19513
MISC
MISCfasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12022
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISCfasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12023
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRMfedoraproject -- fedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.2019-03-215.0CVE-2019-5885
CONFIRM
CONFIRM
CONFIRM
CONFIRMfive9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).2019-03-215.0CVE-2018-15508
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.2019-03-216.8CVE-2019-6727
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.2019-03-214.3CVE-2019-6728
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.2019-03-216.8CVE-2019-6729
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.2019-03-216.8CVE-2019-6730
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.2019-03-216.8CVE-2019-6731
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.2019-03-214.3CVE-2019-6732
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576.2019-03-214.3CVE-2019-6733
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.2019-03-214.3CVE-2019-6734
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.2019-03-214.3CVE-2019-6735
MISC
MISCfujitsu -- gk900_firmwareThe receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.2019-03-155.8CVE-2019-9835
BID
MISCget-simple. -- getsimplecmsGetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.2019-03-215.8CVE-2019-9915
MISC
MISChaproxy -- haproxyAn out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.2019-03-215.0CVE-2018-20615
MLIST
BID
REDHAT
UBUNTU
MLISTibm -- infosphere_streamsIBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.2019-03-214.3CVE-2017-1713
CONFIRM
XFimage_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.2019-03-215.0CVE-2019-7430
MISCimage_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7431
MISCjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17487
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17488
XFlayerbb -- layerbbLayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.2019-03-215.8CVE-2018-17996
MISC
MISC
MISC
EXPLOIT-DBlayerbb -- layerbbLayerBB 1.1.1 allows XSS via the titles of conversations (PMs).2019-03-214.3CVE-2018-17997
MISC
CONFIRM
EXPLOIT-DBmacpaw -- cleanmymac_xAn exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.2019-03-216.6CVE-2019-5011
MISCmicroweber -- microweberMicroweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.2019-03-214.3CVE-2018-19917
MISC
MISC
MISC
MISCmoodle -- moodleMoodle 3.5.x before 3.5.4 allows SSRF.2019-03-216.0CVE-2019-6970
MISCmy-netdata -- netdataThe Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user.2019-03-154.3CVE-2019-9834
EXPLOIT-DB
MISCopentext -- documentum_webtopXSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.2019-03-214.3CVE-2019-7416
MISC
FULLDISC
MISCphamm -- phammPhamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).2019-03-174.3CVE-2018-20806
MISCpodcastgenerator -- podcast_generatorPodcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.2019-03-214.3CVE-2018-20121
MISC
MISC
MISC
MISCportier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.2019-03-215.0CVE-2019-5723
MISC
BUGTRAQ
MISCproperty_rental_software_project -- property_rental_softwarePHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.2019-03-214.0CVE-2019-7429
MISCputty -- puttyA remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.2019-03-216.4CVE-2019-9894
MISCputty -- puttyIn PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.2019-03-214.6CVE-2019-9896
MISCputty -- puttyMultiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.2019-03-215.0CVE-2019-9897
MISCqemu -- qemuIn QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.2019-03-214.6CVE-2019-6778
SUSE
MISC
BID
FEDORA
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.2019-03-155.0CVE-2018-20174
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20175
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20176
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).2019-03-155.0CVE-2018-20178
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2019-7433
MISCrental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7434
MISCreputeinfosystems -- repute_arformsAn issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.2019-03-216.4CVE-2018-15818
MISC
MISCroxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.2019-03-215.0CVE-2018-20525
MISC
EXPLOIT-DBs-cms -- s-cmsS-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.2019-03-224.3CVE-2019-9925
MISCsaltos -- saltosSaltOS 3.1 r8126 allows CSRF.2019-03-214.3CVE-2018-18762
MISC
EXPLOIT-DBscreen_stream_project -- screen_streamThe Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.2019-03-155.0CVE-2019-9833
EXPLOIT-DBsimplenia -- pagesThe Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.2019-03-214.3CVE-2018-19498
MISC
MISC
MISCtop-vision -- cc8800ce_firmwareTopvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.2019-03-155.0CVE-2018-18205
MISC
MISCtwiki -- twikibin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.2019-03-214.3CVE-2018-20212
MISC
MISC
MISCwowza -- streaming_engineThe REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.2019-03-215.0CVE-2018-19365
MISCzenphoto -- zenphotoZenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.2019-03-214.3CVE-2018-20140
MISC
MISC
MISC
MISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.2019-03-214.3CVE-2019-7422
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.2019-03-214.3CVE-2019-7423
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.2019-03-214.3CVE-2019-7424
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.2019-03-214.3CVE-2019-7425
MISC
FULLDISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.2019-03-213.5CVE-2018-20632
MISCavast -- free_antivirusAvast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.2019-03-212.1CVE-2018-12572
MISCenvoy -- passportEnvoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.2019-03-212.1CVE-2018-17499
XFhidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.2019-03-212.1CVE-2018-17489
XFhidglobal -- easylobby_soloEasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.2019-03-213.6CVE-2018-17490
XFhidglobal -- easylobby_soloEasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17492
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.2019-03-212.1CVE-2018-17482
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.2019-03-212.1CVE-2018-17483
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.2019-03-213.6CVE-2018-17484
XFjollytech -- lobby_trackLobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17485
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.2019-03-213.6CVE-2018-17486
XFopensuse -- yast2-samba-provisionIn yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list2019-03-152.1CVE-2018-17956
CONFIRMqemu -- qemuIn Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.2019-03-212.1CVE-2018-18849
SUSE
SUSE
SUSE
MISC
FEDORA
MISC
UBUNTUsecurenvoy -- securaccessAn issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone.2019-03-211.9CVE-2018-18466
MISCthresholdsecurity -- evisitorpasseVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17497
XFwebmin -- webminWebmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.2019-03-213.5CVE-2018-19191
MISC
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- hadoop
 In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.2019-03-21not yet calculatedCVE-2018-11767
MLIST
MLIST
MLISTapache -- heron
 When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.2019-03-21not yet calculatedCVE-2018-11789
BID
MLISTapache -- karaf
 Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.2019-03-21not yet calculatedCVE-2019-0191
BID
MLISTaudiocodes -- ip_phone_420hd_devices
 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.2019-03-21not yet calculatedCVE-2018-10093
MISC
MISC
MISCaudiocodes -- ip_phone_420hd_devices
 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.2019-03-21not yet calculatedCVE-2018-10091
MISC
MISCbarracuda -- vpn_clientThe barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.2019-03-21not yet calculatedCVE-2019-6724
CONFIRM
MISC
CONFIRMbash -- bash
 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.2019-03-22not yet calculatedCVE-2019-9924
MISC
MISCblackberry -- athoc
 An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.2019-03-21not yet calculatedCVE-2019-8997
MISCblogengine.net -- blogengine.net
 An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.2019-03-21not yet calculatedCVE-2019-6714
MISC
MISC
MISC
EXPLOIT-DBbmc -- remedy_mid-tier
 BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.2019-03-21not yet calculatedCVE-2018-18862
MISC
MISC
CONFIRMchinamobile -- plc_wireless_routerChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6282
MISC
MISC
EXPLOIT-DB
MISCchinamobile -- plc_wireless_router
 ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6279
MISC
MISC
EXPLOIT-DB
MISCcisco -- ip_phone_7800_series_and_ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.2019-03-22not yet calculatedCVE-2019-1716
CISCOcisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.2019-03-22not yet calculatedCVE-2019-1766
CISCOcisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.2019-03-22not yet calculatedCVE-2019-1765
CISCOcisco -- ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1763
CISCOcisco -- ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1764
CISCOckeditor -- ckeditor
 plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.2019-03-21not yet calculatedCVE-2019-9870
MISC
MISCcontrolbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_moduleA stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.2019-03-21not yet calculatedCVE-2018-18882
BID
MISCcontrolbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_module
 A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state.2019-03-21not yet calculatedCVE-2018-18881
BID
MISCcore_ftp -- core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.2019-03-22not yet calculatedCVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DBcore_ftp -- core_ftp
 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.2019-03-22not yet calculatedCVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DBcoturn -- coturn
 An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.2019-03-21not yet calculatedCVE-2018-4059
MISCcoturn -- coturn
 An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4058
MISCcujo -- smart_firewall
 An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-3985
MISCcujo -- smart_firewall
 An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4003
MISCcujo -- smart_firewall
 An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.2019-03-21not yet calculatedCVE-2018-3963
MISCcujo -- smart_firewall
 An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4011
MISCcujo -- smart_firewall
 An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.2019-03-21not yet calculatedCVE-2018-4030
MISCcujo -- smart_firewall
 An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.2019-03-21not yet calculatedCVE-2018-3969
MISCdenx -- das_u-boot
 An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.2019-03-21not yet calculatedCVE-2018-3968
MISCdigi -- transport_lr54
 Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.2019-03-21not yet calculatedCVE-2018-20162
MISC
MISC
MISCdonfig -- donfigAn issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.2019-03-21not yet calculatedCVE-2019-7537
MISC
MISCdoorkeeper -- openidconnect
 Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.2019-03-21not yet calculatedCVE-2019-9837
MISC
MISC
MISCenvoy -- passport_for_android_and_passport_for_iphone
 Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.2019-03-21not yet calculatedCVE-2018-17500
XFericsson -- active_library_explorer
 XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.2019-03-21not yet calculatedCVE-2019-7417
MISC
FULLDISC
MISCfatek -- automation_pm_designer_and_automation_fv_designer
 A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.2019-03-21not yet calculatedCVE-2016-5800
MISCflexera_software -- flexnet_publisherA Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20034
CONFIRMflexera_software -- flexnet_publisherA Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20032
CONFIRMflexera_software -- flexnet_publisher
 A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20031
CONFIRMgl.inet -- gl-ar300m-lite_devicesCommand injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6275
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devicesDirectory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.2019-03-21not yet calculatedCVE-2019-6274
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devicesdownload_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.2019-03-21not yet calculatedCVE-2019-6273
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devices
 Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6272
MISC
EXPLOIT-DBgnu -- tar
 pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.2019-03-22not yet calculatedCVE-2019-9923
MISC
MISC
MISCgraphviz -- graphviz
 An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.2019-03-21not yet calculatedCVE-2019-9904
MISC
MISCheimdal_security -- thor_agent
 Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.2019-03-21not yet calculatedCVE-2019-8351
MISChms_industrial_networks -- netbiter_ws100_devices
 HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.2019-03-21not yet calculatedCVE-2018-19694
MISC
MISC
CONFIRM
MISChospira -- symbiq_infusion_system
 Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.2019-03-23not yet calculatedCVE-2015-3965
MISChostapd -- hostapd
 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.2019-03-23not yet calculatedCVE-2016-10743
MISChumhub -- humhubA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.2019-03-21not yet calculatedCVE-2019-9094
MISChumhub -- humhub
 A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.2019-03-21not yet calculatedCVE-2019-9093
MISCibm -- api_connect
 IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.2019-03-22not yet calculatedCVE-2019-4052
CONFIRM
XFibm -- content_navigator
 IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.2019-03-22not yet calculatedCVE-2019-4035
CONFIRM
XFibm -- db2_for_linux_and_unix_and_windows
 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.2019-03-21not yet calculatedCVE-2019-4094
XF
CONFIRMibm -- power_9_systems
 The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.2019-03-21not yet calculatedCVE-2018-1992
XF
CONFIRMibm -- websphere_mq
 IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.2019-03-21not yet calculatedCVE-2018-1836
BID
XF
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.2019-03-23not yet calculatedCVE-2019-9956
BID
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16253
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.2019-03-21not yet calculatedCVE-2017-16255
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16254
MISCinvoiceplane -- invoiceplane
 InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.2019-03-21not yet calculatedCVE-2019-7223
MISCiobit -- smart_defrag
 SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.2019-03-21not yet calculatedCVE-2019-6492
MISCipycache -- ipycacheA code injection issue was discovered in ipycache through 2016-05-31.2019-03-21not yet calculatedCVE-2019-7539
CONFIRMjiofi -- 4g_m2s_devicesJioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).2019-03-21not yet calculatedCVE-2019-7440
MISCkentix -- multisensor-lan_devices
 Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.2019-03-21not yet calculatedCVE-2018-19783
MISC
MISCkill-port -- kill-portIf an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.2019-03-21not yet calculatedCVE-2019-5414
MISClenovo -- dynamic_power_reduction_utility
 An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.2019-03-17not yet calculatedCVE-2019-6149
BID
CONFIRMlibseccomp -- libseccomp
 libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.2019-03-21not yet calculatedCVE-2019-9893
MISC
MISClibsndfile -- libsndfile
 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.2019-03-21not yet calculatedCVE-2019-3832
CONFIRM
CONFIRM
CONFIRMlibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3858
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3859
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3862
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2
 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-21not yet calculatedCVE-2019-3855
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClimesurvey -- limesurvey
 The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.2019-03-23not yet calculatedCVE-2019-9960
MISClinux -- kernel
 In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.2019-03-21not yet calculatedCVE-2019-9857
BID
MISC
MISClinux -- kernel
 The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.2019-03-21not yet calculatedCVE-2018-19985
MISC
MISC
MISC
MISC
MISClinux -- kernel
 An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.2019-03-21not yet calculatedCVE-2018-20669
MISC
MLIST
MLIST
BID
MISClinux -- kernel
 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.2019-03-21not yet calculatedCVE-2019-7222
SUSE
MISC
MLIST
BID
CONFIRM
CONFIRM
MISC
FEDORA
FEDORAlinux -- kernel
 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.2019-03-21not yet calculatedCVE-2019-7221
SUSE
MISC
MISC
CONFIRM
CONFIRM
MISC
FEDORA
FEDORAlocalhost-now -- localhost-now
 A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5416
MISClogonbox -- nervepoint_access_manager
 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.2019-03-21not yet calculatedCVE-2019-6716
MISC
EXPLOIT-DB
MISCmailcleaner -- mailcleaner_community_edition
 www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.2019-03-21not yet calculatedCVE-2018-20323
MISC
MISCmastercard -- qkr!_with_masterpass
 The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.2019-03-21not yet calculatedCVE-2019-6702
MISC
FULLDISC
MISC
MISCmorgan -- morgan
 An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.2019-03-21not yet calculatedCVE-2019-5413
MISCmoxa -- oncell_g3100v2_series_and_oncell g3111/g3151/g3211/g3251_series
 Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server.2019-03-21not yet calculatedCVE-2016-5819
MISCmoxa -- softcms
 Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6457
MISCmoxa -- softcms
 Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6458
MISCmybb -- mybb
 In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.2019-03-21not yet calculatedCVE-2018-14724
EXPLOIT-DBmybb -- mybb
 Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.2019-03-21not yet calculatedCVE-2018-14575
MISC
MISC
MISCnetapp -- service_processor
 Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.2019-03-21not yet calculatedCVE-2019-5490
CONFIRMnetiq -- edirectory
 NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.2019-03-21not yet calculatedCVE-2016-9166
CONFIRMnokia -- 8810_4g_devices
 A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.2019-03-21not yet calculatedCVE-2019-7386
MISC
FULLDISC
MISC
MISC
MISCopen-xchange -- ox_app_suite
 OX App Suite 7.8.4 and earlier allows SSRF.2019-03-21not yet calculatedCVE-2018-13103
MISC
MISCopen-xchange -- ox_app_suite
 OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)2019-03-21not yet calculatedCVE-2018-13104
MISC
MISCopentext -- portal
 Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.2019-03-22not yet calculatedCVE-2018-20165
MISCopera_software -- opera
 Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.2019-03-21not yet calculatedCVE-2018-18913
CONFIRM
MISCpatlite -- nbm-d88n_and_nhl-3fb1_and_nhl-3fv1n_devices
 A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices allows attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.2019-03-21not yet calculatedCVE-2018-18473
MISCphpscriptsmall.com -- advance_crowdfunding_scriptPHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20630
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.2019-03-21not yet calculatedCVE-2018-20644
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.2019-03-21not yet calculatedCVE-2018-20645
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.2019-03-21not yet calculatedCVE-2018-20646
MISCphpscriptsmall.com -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.2019-03-21not yet calculatedCVE-2018-20647
MISCphpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20628
MISCphpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20629
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.2019-03-21not yet calculatedCVE-2018-20637
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20638
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.2019-03-21not yet calculatedCVE-2018-20636
MISCphpscriptsmall.com -- consumer_reviews_scriptPHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.2019-03-21not yet calculatedCVE-2018-20627
MISCphpscriptsmall.com -- consumer_reviews_script
 PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20626
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.2019-03-21not yet calculatedCVE-2018-20642
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.2019-03-21not yet calculatedCVE-2018-20639
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-21not yet calculatedCVE-2018-20641
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.2019-03-21not yet calculatedCVE-2018-20640
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20643
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.2019-03-21not yet calculatedCVE-2019-7436
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.2019-03-21not yet calculatedCVE-2019-7435
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.2019-03-21not yet calculatedCVE-2019-7437
MISCphpscriptsmall.com -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.2019-03-21not yet calculatedCVE-2019-7432
MISCphpscriptsmall.com -- website_seller_script
 PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.2019-03-21not yet calculatedCVE-2018-20631
MISCplohni -- advanced_comment_system
 internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.2019-03-21not yet calculatedCVE-2018-18845
MISC
MISCpoppler -- poppler
 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.2019-03-21not yet calculatedCVE-2019-9903
MISC
MISCpowerdns -- authoritative_server
 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response2019-03-21not yet calculatedCVE-2019-3871
MLIST
BID
CONFIRM
MISCprinteron -- enterprise
 PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.2019-03-21not yet calculatedCVE-2018-17167
MISCpuppet -- chloride
 Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.2019-03-21not yet calculatedCVE-2018-6517
CONFIRMpuppet -- discovery
 Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.2019-03-21not yet calculatedCVE-2018-11747
CONFIRMpython -- pythonurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.2019-03-23not yet calculatedCVE-2019-9948
MISC
MISCpython -- python
 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.2019-03-23not yet calculatedCVE-2019-9947
MISCpython-gnupg -- python-gnupg
 python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.2019-03-21not yet calculatedCVE-2019-6690
SUSE
SUSE
MISC
BID
MLIST
MISC
BUGTRAQqemu -- qemu
 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.2019-03-21not yet calculatedCVE-2019-8934
MISC
MISC
MISCqemu -- qemu
 In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.2019-03-21not yet calculatedCVE-2019-6501
MLIST
MLISTqt -- qt
 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.2019-03-21not yet calculatedCVE-2018-19872
CONFIRMraisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7384
MISC
FULLDISC
MISC
MISC
BID
MISCraisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7385
MISC
MISC
FULLDISC
MISC
BID
MISC

reliance_jio_infocomm -- jiofi_4g_m2s_devices

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7439
MISCreliance_jio_infocomm -- jiofi_4g_m2s_devicescgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7438
MISC
MISCrisi -- gestao_de_horarios
 RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.2019-03-21not yet calculatedCVE-2019-6491
MISCsamsung -- galaxy_s6Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.2019-03-21not yet calculatedCVE-2018-14745
MISC
MISC
CONFIRMsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.2019-03-21not yet calculatedCVE-2019-7421
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.2019-03-21not yet calculatedCVE-2019-7420
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.2019-03-21not yet calculatedCVE-2019-7419
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_service
 XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.2019-03-21not yet calculatedCVE-2019-7418
MISC
FULLDISC
MISC
MISCschneider_electric -- modicon_plc_productsReflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.2019-03-21not yet calculatedCVE-2015-6462
MISCschneider_electric -- modicon_plc_products
 Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.2019-03-21not yet calculatedCVE-2015-6461
MISCserve -- serveA bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.2019-03-21not yet calculatedCVE-2019-5415
MISCserve -- serve
 A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5417
MISC

shareit -- shareit_for_android

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.2019-03-22not yet calculatedCVE-2019-9939
MISCshareit -- shareit_for_android
 The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."2019-03-22not yet calculatedCVE-2019-9938
MISCshellinabox -- shellinabox
 libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.2019-03-21not yet calculatedCVE-2018-16789
MISC
MISC
CONFIRM
CONFIRMshenzhen_electronics_coship -- multiple_devices
 An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.2019-03-21not yet calculatedCVE-2019-6441
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DBshenzhen_skyworth -- multiple_devices
 An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.2019-03-21not yet calculatedCVE-2018-19524
MISC
MISC
MISC
MISC
MISCsiemens -- multiple_products
 A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-03-21not yet calculatedCVE-2018-16563
CONFIRMsiemens -- sicam_products
 A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.2019-03-21not yet calculatedCVE-2018-13798
CONFIRMsignal_messenger -- open_whisper_and_private_messenger
 Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-23not yet calculatedCVE-2019-9970
MISCsoftnas -- cloud
 SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.2019-03-23not yet calculatedCVE-2019-9945
MISCsolarwinds -- serv-u_ftp_server
 SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.2019-03-21not yet calculatedCVE-2018-19934
MISC
MISC
MISCsonatype -- nexus_repository_manager
 Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.2019-03-21not yet calculatedCVE-2019-7238
MISCsplunk -- splunk-sdk-python
 Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.2019-03-21not yet calculatedCVE-2019-5729
CONFIRMsqlite -- sqliteIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.2019-03-22not yet calculatedCVE-2019-9937
MISC
MISC
MISCsqlite -- sqlite
 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.2019-03-22not yet calculatedCVE-2019-9936
MISC
MISC
MISCsqlitemanager -- sqlitemanager
 SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.2019-03-21not yet calculatedCVE-2019-9083
MISCsricam -- ip_cctv_cameras
 Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.2019-03-21not yet calculatedCVE-2019-6973
MISC
MISC
EXPLOIT-DBsynaptics -- touchpad_drivers
 SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.2019-03-21not yet calculatedCVE-2018-15532
MISC
MISC
MISC
CONFIRMsystemd -- systemd
 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).2019-03-21not yet calculatedCVE-2019-6454
SUSE
MLIST
MLIST
BID
REDHAT
MISC
MLIST
FEDORA
UBUNTU
DEBIANsystrome -- cumilon_isg-600c_and_isg-600h_and_isg-800w_devices
 An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.2019-03-21not yet calculatedCVE-2019-7383
MISC
MISC
FULLDISC
MISC
BID
MISCsystrome -- multiple_devices
 An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.2019-03-21not yet calculatedCVE-2018-19525
MISC
MISC
MISCteracue -- enc-400_devicesAn issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.2019-03-21not yet calculatedCVE-2018-20219
MISC
MISC
MISCteracue -- enc-400_devices
 An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.2019-03-21not yet calculatedCVE-2018-20220
MISC
MISC
MISCteracue -- enc-400_devices
 An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.2019-03-21not yet calculatedCVE-2018-20218
MISC
MISCthe_receptionist -- the_receptionist_for_ipad
 The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.2019-03-21not yet calculatedCVE-2018-17502
XFtwig -- twig
 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.2019-03-23not yet calculatedCVE-2019-9942
MISC
MISCvanilla -- vanilla
 In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.2019-03-21not yet calculatedCVE-2019-9889
MISC
MISC
MISCveritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9868
MISCveritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9867
MISCvertrigoserv -- vertrigoserv
 VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.2019-03-21not yet calculatedCVE-2019-8938
MISC
MISC
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3496
MISC
MLIST
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3497
MISC
MLIST
MISCwifi-soft -- unibox_controller
 An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3495
MISC
MLIST
MISCwordpress -- wordpressThe wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.2019-03-21not yet calculatedCVE-2019-9912
FULLDISC
MISC
MISCwordpress -- wordpressThe yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.2019-03-21not yet calculatedCVE-2019-9914
FULLDISC
MISC
MISCwordpress -- wordpressThe wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.2019-03-21not yet calculatedCVE-2019-9913
FULLDISC
MISC
MISCwordpress -- wordpress
 The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.2019-03-21not yet calculatedCVE-2019-9908
FULLDISC
MISC
MISC
MISCwordpress -- wordpress
 The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.2019-03-21not yet calculatedCVE-2018-19488
MISCwordpress -- wordpress
 The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.2019-03-21not yet calculatedCVE-2018-19487
MISCwordpress -- wordpress
 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.2019-03-21not yet calculatedCVE-2019-7441
MISCwordpress -- wordpress
 The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.2019-03-21not yet calculatedCVE-2019-9911
FULLDISC
MISC
MISCwordpress -- wordpress
 A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.2019-03-21not yet calculatedCVE-2019-7299
MISC
MISC
MISCwordpress -- wordpress
 The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.2019-03-21not yet calculatedCVE-2019-9909
FULLDISC
MISC
MISC
MISCwordpress -- wordpress
 The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.2019-03-21not yet calculatedCVE-2019-9910
FULLDISC
MISC
MISCwso2 -- api_manager
 An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.2019-03-21not yet calculatedCVE-2018-20736
CONFIRM
CONFIRM
MISCwso2 -- api_manager
 An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.2019-03-21not yet calculatedCVE-2018-20737
CONFIRM
CONFIRM
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.2019-03-23not yet calculatedCVE-2019-9969
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.2019-03-23not yet calculatedCVE-2019-9966
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.2019-03-23not yet calculatedCVE-2019-9967
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.2019-03-23not yet calculatedCVE-2019-9968
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.2019-03-23not yet calculatedCVE-2019-9964
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.2019-03-23not yet calculatedCVE-2019-9965
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.2019-03-23not yet calculatedCVE-2019-9963
MISCxnview -- xnview_mp
 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.2019-03-23not yet calculatedCVE-2019-9962
MISCxpdf -- xpdfThere is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9878
MISC
MISCxpdf -- xpdf
 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9877
MISC
MISCyast -- yast2-multipath
 In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection2019-03-15not yet calculatedCVE-2018-17955
CONFIRMysoft -- safeq_server
 YSoft SafeQ Server 6 allows a replay attack.2019-03-21not yet calculatedCVE-2018-15498
MISCyubico -- libu2f-host
 Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.2019-03-21not yet calculatedCVE-2018-20340
CONFIRM
MISC
MISC
CONFIRMzoho_manageengine -- adselfservice_plus
 An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.2019-03-21not yet calculatedCVE-2019-7161
MISC
CONFIRMzyxel -- vmg3312-b10b_dsl-491hnu-b1b_modem
 ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.2019-03-21not yet calculatedCVE-2019-7391
MISC
MISC
EXPLOIT-DB
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Updates for Firefox

US-CERT All NCAS Products - Fri, 03/22/2019 - 22:35
Original release date: March 22, 2019

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1  and Firefox 66.0.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Drupal Releases Security Updates

US-CERT All NCAS Products - Wed, 03/20/2019 - 22:51
Original release date: March 20, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Advisories for Multiple Products

US-CERT All NCAS Products - Wed, 03/20/2019 - 21:50
Original release date: March 20, 2019

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Updates for Firefox

US-CERT All NCAS Products - Tue, 03/19/2019 - 19:32
Original release date: March 19, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Microsoft Ending Support for Windows 7

US-CERT All NCAS Products - Tue, 03/19/2019 - 19:14
Original release date: March 19, 2019

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:

•         Technical support for any issues
•         Software updates
•         Security updates or fixes

Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

US-CERT All NCAS Products - Tue, 03/19/2019 - 18:03
Original release date: March 19, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).   

CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-077: Vulnerability Summary for the Week of March 11, 2019

US-CERT All NCAS Products - Mon, 03/18/2019 - 14:07
Original release date: March 18, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoatlassian -- sourcetreeThere was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.2019-03-089.0CVE-2018-20234
CONFIRMatlassian -- sourcetreeThere was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.2019-03-089.0CVE-2018-20235
BID
CONFIRMatlassian -- sourcetreeThere was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.2019-03-089.3CVE-2018-20236
BID
CONFIRMcisco -- nx-osA vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-087.2CVE-2019-1601
BID
CISCOcisco -- nx-osA vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-087.2CVE-2019-1604
BID
CISCOcisco -- nx-osA vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-087.2CVE-2019-1605
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).2019-03-087.2CVE-2019-1607
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).2019-03-087.2CVE-2019-1608
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-087.2CVE-2019-1609
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3500 Platform Switches and Nexus 3000 Series Switches software versions prior to 7.0(3)I7(4) are affected.2019-03-117.2CVE-2019-1610
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).2019-03-117.2CVE-2019-1611
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).2019-03-117.2CVE-2019-1612
BID
CISCOcisco -- nx-osA vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges. Note: NX-API is disabled by default. MDS 9000 Series Multilayer Switches are affected running software versions prior to 8.1(1b) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.3(4)N1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 7.3(3)D1(1) and 8.2(3).2019-03-119.0CVE-2019-1614
BID
CISCOcisco -- spa514g_firmwareA vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier.2019-03-137.8CVE-2018-0389
BID
CISCOcobham -- satcom_sailor_800_firmwareCobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.2019-03-157.8CVE-2018-19393
MISC
MISCftpgetter -- ftpgetterFTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.2019-03-137.5CVE-2019-9760
MISC
EXPLOIT-DBibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.2019-03-117.2CVE-2018-1978
BID
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.2019-03-117.2CVE-2018-1980
BID
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.2019-03-117.2CVE-2019-4015
BID
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.2019-03-117.2CVE-2019-4016
BID
XF
CONFIRMibm -- websphere_mqIBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.2019-03-117.2CVE-2018-1998
XF
CONFIRMintel -- converged_security_management_engine_firmwareBounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.2019-03-147.2CVE-2018-12191
CONFIRMintel -- converged_security_management_engine_firmwareLogic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.2019-03-147.2CVE-2018-12192
CONFIRMintel -- converged_security_management_engine_firmwareBuffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.2019-03-147.2CVE-2018-12199
CONFIRMintel -- graphics_driverPotential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.2019-03-147.2CVE-2018-12214
CONFIRMintel -- graphics_driverInsufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.2019-03-147.2CVE-2018-12216
CONFIRMintel -- graphics_driverLogic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.2019-03-147.2CVE-2018-12220
CONFIRMintel -- platform_sample_firmwareDenial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.2019-03-147.2CVE-2018-12203
CONFIRMintel -- platform_sample_firmwarePrivilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access.2019-03-147.2CVE-2018-12204
CONFIRMintel -- platform_sample_firmwarePrivilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow unauthenticated user to potentially execute arbitrary code via physical access.2019-03-147.2CVE-2018-12205
CONFIRMmicrovirt -- memuAn issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time. This allows code to be run as NT AUTHORITY/SYSTEM.2019-03-137.2CVE-2018-20621
MISCnablarch_project -- nablarchNablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.2019-03-128.5CVE-2019-5918
JVN
MISCphp -- phpAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.2019-03-087.5CVE-2019-9638
MISC
DEBIANphp -- phpAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.2019-03-087.5CVE-2019-9639
MISC
DEBIANphp -- phpAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.2019-03-087.5CVE-2019-9640
MISC
DEBIANphp -- phpAn issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.2019-03-087.5CVE-2019-9641
MISC
DEBIANphpshe -- phpsheA SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.2019-03-137.5CVE-2019-9762
MISCpixar -- rendermanA local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.2019-03-087.2CVE-2018-4054
MISCpixar -- rendermanA local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit.2019-03-087.2CVE-2019-5015
MISCpodofo_project -- podofoPoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.2019-03-117.5CVE-2019-9687
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.2019-03-157.5CVE-2018-20177
MISC
CONFIRMrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20179
MISC
CONFIRMrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20180
MISC
CONFIRMrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20181
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20182
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANsdcms -- sdcmsAn issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.2019-03-107.5CVE-2019-9651
MISCshanda -- maplestory_onlineIn Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.2019-03-127.2CVE-2019-9729
MISCtinysvcmdns_project -- tinysvcmdnsIn tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."2019-03-139.4CVE-2019-9748
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1024tools -- 1024toolsDOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.2019-03-124.3CVE-2019-9736
MISCapache -- solrServer Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.2019-03-085.0CVE-2017-3164
MLIST
BIDblog_mini_project -- blog_miniIn Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.2019-03-144.3CVE-2019-9765
MISCbotan_project -- botanA side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.2019-03-084.3CVE-2018-20187
MISC
MISC
MISCcheckstyle -- checkstyleCheckstyle before 8.18 loads external DTDs by default.2019-03-115.0CVE-2019-9658
MISC
MISC
MISC
MISCchuango -- a11_pstn/lcd/rfid_touch_alarm_system_firmwareThe Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.2019-03-116.4CVE-2019-9659
MISCcisco -- enterprise_chat_and_emailMultiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected.2019-03-114.3CVE-2019-1702
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-084.6CVE-2019-1603
BID
CISCOcisco -- nx-osA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3).2019-03-114.6CVE-2019-1613
BID
CISCOcisco -- nx-osA vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).2019-03-114.6CVE-2019-1615
BID
CISCOcisco -- nx-osA vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a).2019-03-115.0CVE-2019-1616
BID
CISCOcleanersoft -- free_mp3_cd_ripperStack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.2019-03-146.8CVE-2019-9766
EXPLOIT-DBcleanersoft -- free_mp3_cd_ripperStack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.2019-03-146.8CVE-2019-9767
MISC
EXPLOIT-DBcmsmadesimple -- cms_made_simpleclass.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).2019-03-115.0CVE-2019-9692
MISC
MISCcmsmadesimple -- cms_made_simpleIn CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).2019-03-116.5CVE-2019-9693
MISC
MISCcodecrafters -- ability_mail_serverAbility Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.2019-03-124.3CVE-2019-9557
MISCcyberark -- endpoint_privilege_managerA buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.2019-03-086.9CVE-2019-9627
BID
MISCeditor.md_project -- editor.mdEditor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.2019-03-124.3CVE-2019-9737
MISCesafenet -- electronic_document_security_management_systemESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.2019-03-085.0CVE-2019-9632
MISCffmpeg -- ffmpegIn FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.2019-03-124.3CVE-2019-9718
BID
MISCffmpeg -- ffmpegA denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.2019-03-124.3CVE-2019-9721
BID
MISCgitnoteapp -- gitnotegitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.2019-03-146.8CVE-2019-9785
MISC
MISCgnome -- glibgio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).2019-03-084.3CVE-2019-9633
BID
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.2019-03-145.0CVE-2019-9770
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.2019-03-145.0CVE-2019-9771
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.2019-03-145.0CVE-2019-9772
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.2019-03-145.0CVE-2019-9773
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.2019-03-146.4CVE-2019-9774
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.2019-03-146.4CVE-2019-9775
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).2019-03-145.0CVE-2019-9776
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.2019-03-145.0CVE-2019-9777
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.2019-03-145.0CVE-2019-9778
MISC
MISCgnu -- libredwgAn issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).2019-03-145.0CVE-2019-9779
MISC
MISCgolang -- goAn issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.2019-03-134.3CVE-2019-9741
MISCgolangtc -- gopherjimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.2019-03-124.3CVE-2019-9738
MISCgpsd_project -- gpsdgpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.2019-03-135.8CVE-2018-17937
BID
MISCibm -- api_connectIBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.2019-03-114.0CVE-2018-2009
BID
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.2019-03-114.6CVE-2018-1922
BID
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.2019-03-114.6CVE-2018-1923
BID
XF
CONFIRMibm -- rational_engineering_lifecycle_managerIBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120.2019-03-144.0CVE-2018-1929
CONFIRM
XFibm -- sdkIBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.2019-03-114.6CVE-2018-1890
XF
CONFIRM
CONFIRM
CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.2019-03-114.0CVE-2018-1902
BID
XF
CONFIRMibm -- websphere_mqIBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.2019-03-116.0CVE-2018-1974
XF
CONFIRMichain -- insurance_walletDirectory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2019-03-125.0CVE-2019-5923
JVN
MISCintel -- converged_security_management_engine_firmwareInsufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.2019-03-144.6CVE-2018-12185
CONFIRMintel -- converged_security_management_engine_firmwareInsufficient input validation in Intel CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially execute arbitrary code via local access.2019-03-144.6CVE-2018-12190
CONFIRMintel -- converged_security_management_engine_firmwareInsufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.2019-03-144.6CVE-2018-12196
CONFIRMintel -- converged_security_management_engine_firmwareBuffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.2019-03-144.6CVE-2018-12208
CONFIRMintel -- graphics_driverInsufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access.2019-03-144.6CVE-2018-12221
CONFIRMintel -- graphics_driverInsufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.2019-03-144.6CVE-2018-12223
CONFIRMintel -- rapid_storage_technology_enterpriseImproper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.2019-03-144.6CVE-2019-0135
CONFIRMintel -- usb_3.0_creator_utilityImproper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.2019-03-144.6CVE-2019-0129
CONFIRMiotivity -- iotivityIn IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite."2019-03-136.4CVE-2019-9750
MISCjenkins -- appdynamicsAn insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.2019-03-084.0CVE-2019-1003039
CONFIRMjenkins -- azure_vm_agentsAn information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.2019-03-084.0CVE-2019-1003035
CONFIRMjenkins -- azure_vm_agentsA data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.2019-03-084.0CVE-2019-1003036
CONFIRMjenkins -- azure_vm_agentsAn information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2019-03-084.0CVE-2019-1003037
CONFIRMjenkins -- email_extensionA sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003032
CONFIRMjenkins -- groovyA sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003033
CONFIRMjenkins -- job_dslA sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003034
CONFIRMjenkins -- matrix_projectA sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003031
CONFIRMjenkins -- pipeline:_groovyA sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003030
CONFIRMjenkins -- script_securityA sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.2019-03-086.5CVE-2019-1003029
CONFIRMjoomla -- joomla!An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.2019-03-124.3CVE-2019-9711
BID
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.2019-03-124.3CVE-2019-9712
BID
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.2019-03-125.0CVE-2019-9713
BID
MISCjoomla -- joomla!An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.2019-03-124.3CVE-2019-9714
BID
MISCjtbc -- jtbc_phpAn issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.2019-03-116.4CVE-2019-9662
MISCkartatopia -- piluscartPilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.2019-03-146.8CVE-2019-9769
EXPLOIT-DBkorenix -- jetport_web_managerThe Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.2019-03-124.3CVE-2019-9725
MISClexmark -- cx725h_firmwareOn certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.2019-03-124.0CVE-2018-17944
CONFIRMlibofx_project -- libofxAn issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.2019-03-116.8CVE-2019-9656
MISC
MISCmaccms -- maccmsMaccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.2019-03-146.5CVE-2019-9829
MISCmailtraq -- webmailMailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.2019-03-124.3CVE-2019-9558
MISCmicrosoft -- teamsUntrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-03-126.8CVE-2019-5922
JVN
BIDmicrosoft -- windows_7Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-03-126.8CVE-2019-5921
JVN
BIDnablarch_project -- nablarchAn incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.2019-03-126.4CVE-2019-5919
JVN
MISCncrafts -- formcraftCross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.2019-03-126.8CVE-2019-5920
JVN
MISC
MISCopenstack -- neutronAn issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)2019-03-124.0CVE-2019-9735
BID
MISCopenwsman_project -- openwsmanOpenwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.2019-03-145.0CVE-2019-3816
CONFIRM
BID
CONFIRMopenwsman_project -- openwsmanOpenwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.2019-03-145.0CVE-2019-3833
CONFIRM
BID
CONFIRMphp -- phpAn issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.2019-03-085.0CVE-2019-9637
MISC
DEBIANphp -- php** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible."2019-03-116.8CVE-2019-9675
MISC
MISCphpshe -- phpsheAn XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.2019-03-135.0CVE-2019-9761
MISCpixar -- rendermanA local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw.2019-03-084.9CVE-2018-4055
MISCpython -- pythonPython 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.2019-03-085.0CVE-2019-9636
BID
MISC
MISC
MISCpython -- pythonAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command.2019-03-124.3CVE-2019-9740
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.2019-03-155.0CVE-2018-20174
MISC
CONFIRMrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20175
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20176
MISC
CONFIRMrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).2019-03-155.0CVE-2018-20178
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrednao -- smart_formsCross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.2019-03-126.8CVE-2019-5924
JVN
MISCsap -- advanced_business_application_programming_platform_kernelABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.2019-03-126.5CVE-2019-0270
BID
MISC
MISCsap -- banking_services_from_sapBanking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.2019-03-126.5CVE-2019-0276
BID
MISC
MISCsap -- businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.2019-03-125.5CVE-2019-0268
BID
MISC
MISCsap -- hana_extended_application_servicesSAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).2019-03-125.5CVE-2019-0277
BID
MISC
MISCsap -- mobile_platform_sdkSAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later.2019-03-125.0CVE-2019-0274
BID
MISC
MISCsdcms -- sdcmsThere is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.2019-03-106.8CVE-2019-9652
MISCsftnow -- sftnowsftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.2019-03-116.8CVE-2019-9688
MISCstackstorm -- stackstormIn st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.2019-03-084.3CVE-2019-9580
MISC
MISC
MISCthinkst -- canarytokensThinkst Canarytokens through 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.2019-03-145.0CVE-2019-9768
MISCtinycc -- tinyccAn issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.2019-03-134.3CVE-2019-9754
MISCtinysvcmdns_project -- tinysvcmdnsIn tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."2019-03-135.0CVE-2019-9747
MISCtreasuredata -- fluent_bitAn issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.2019-03-135.0CVE-2019-9749
MISCwebmproject -- libwebmIn libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.2019-03-135.0CVE-2019-9746
MISC
MISCwordpress -- wordpressWordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.2019-03-146.8CVE-2019-9787
BID
MISC
MISC
MISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- application_policy_infrastructure_controllerA vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected.2019-03-113.3CVE-2019-1690
BID
CISCOcobham -- satcom_sailor_800_firmwareCobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.2019-03-153.5CVE-2018-19394
MISC
MISCdradisframework -- dradisCross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2019-03-123.5CVE-2019-5925
JVN
MISCibm -- rational_collaborative_lifecycle_managementIBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884.2019-03-143.5CVE-2018-1658
CONFIRM
XFibm -- rational_collaborative_lifecycle_managementIBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.2019-03-143.5CVE-2018-1688
CONFIRM
XFibm -- rational_engineering_lifecycle_managerIBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152734.2019-03-143.5CVE-2018-1910
CONFIRM
XFibm -- rational_engineering_lifecycle_managerIBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738.2019-03-143.5CVE-2018-1914
CONFIRM
XFibm -- rational_engineering_lifecycle_managerIBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.2019-03-143.5CVE-2018-1916
CONFIRM
XFibm -- rational_engineering_lifecycle_managerIBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.2019-03-143.5CVE-2018-1952
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148613.2019-03-143.5CVE-2018-1759
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148617.2019-03-143.5CVE-2018-1763
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618.2019-03-143.5CVE-2018-1764
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426.2019-03-143.5CVE-2018-1823
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.2019-03-143.5CVE-2018-1824
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428.2019-03-143.5CVE-2018-1825
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.2019-03-143.5CVE-2018-1829
CONFIRM
XFibm -- rational_team_concertIBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148615.2019-03-143.5CVE-2018-1761
CONFIRM
BID
XFibm -- rational_team_concertIBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135.2019-03-143.5CVE-2018-1982
CONFIRM
BID
XFibm -- rational_team_concertIBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.2019-03-143.5CVE-2018-1983
CONFIRM
XFibm -- rational_team_concertIBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.2019-03-143.5CVE-2018-1984
CONFIRM
BID
XFintel -- converged_security_management_engine_firmwareInsufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.2019-03-142.1CVE-2018-12188
CONFIRMintel -- converged_security_management_engine_firmwareUnhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.2019-03-142.1CVE-2018-12189
CONFIRMintel -- graphics_driverInsufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.2019-03-142.1CVE-2018-12209
CONFIRMintel -- graphics_driverMultiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.2019-03-142.1CVE-2018-12210
CONFIRMintel -- graphics_driverInsufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.2019-03-142.1CVE-2018-12211
CONFIRMintel -- graphics_driverBuffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.2019-03-142.1CVE-2018-12212
CONFIRMintel -- graphics_driverPotential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.2019-03-142.1CVE-2018-12213
CONFIRMintel -- graphics_driverInsufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access.2019-03-142.1CVE-2018-12215
CONFIRMintel -- graphics_driverInsufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access.2019-03-142.1CVE-2018-12217
CONFIRMintel -- graphics_driverUnhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a memory leak via local access.2019-03-142.1CVE-2018-12218
CONFIRMintel -- graphics_driverInsufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access.2019-03-142.1CVE-2018-12219
CONFIRMintel -- graphics_driverInsufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access.2019-03-142.1CVE-2018-12222
CONFIRMintel -- graphics_driverBuffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.2019-03-142.1CVE-2018-12224
CONFIRMintel -- graphics_driverMultiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.2019-03-142.1CVE-2018-18089
CONFIRMintel -- graphics_driverOut of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access.2019-03-142.1CVE-2018-18090
CONFIRMintel -- graphics_driverUse after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access.2019-03-142.1CVE-2018-18091
CONFIRMjenkins -- repository_connectorAn insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.2019-03-082.1CVE-2019-1003038
CONFIRMmcafee -- database_securityData Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.2019-03-122.1CVE-2019-3615
BID
CONFIRMrsa -- archer_grc_platformRSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.2019-03-132.1CVE-2019-3715
FULLDISCrsa -- archer_grc_platformRSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.2019-03-132.1CVE-2019-3716
BID
FULLDISCsap -- businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-03-123.5CVE-2019-0269
BID
MISC
MISCsap -- netweaver_java_application_serverSAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.2019-03-123.5CVE-2019-0275
BID
MISC
MISCyzmcms -- yzmcmsStored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.2019-03-113.5CVE-2019-9660
MISCyzmcms -- yzmcmsStored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,2019-03-113.5CVE-2019-9661
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabap -- server_and_platformABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform.2019-03-12not yet calculatedCVE-2019-0271
BID
MISC
MISCairmore -- airmore
 The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.2019-03-15not yet calculatedCVE-2019-9831
EXPLOIT-DB
MISCazure-umqtt-c -- azure-umqtt-c
 azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors.2019-03-12not yet calculatedCVE-2019-5917
JVN
BID
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges.2019-03-15not yet calculatedCVE-2018-18255
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.2019-03-15not yet calculatedCVE-2018-18256
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.2019-03-15not yet calculatedCVE-2018-18252
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.2019-03-15not yet calculatedCVE-2018-18253
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.2019-03-15not yet calculatedCVE-2018-18254
MISCcircuitwerkes -- sicon-8CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.2019-03-15not yet calculatedCVE-2019-5616
MISCcisco -- common_services_platform_collectorA vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2.2019-03-13not yet calculatedCVE-2019-1723
BID
CISCOcisco -- dna_centerA vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected.2019-03-11not yet calculatedCVE-2019-1707
BID
CISCOcisco -- nx-os_softwareA vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. Nexus 3000, 3500, and Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).2019-03-08not yet calculatedCVE-2019-1606
BID
CISCOcisco -- nx-os_softwareA vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker could exploit this vulnerability by logging in to the CLI of an affected device, accessing a specific file, and leveraging this information to authenticate to the NX-API server. A successful exploit could allow an attacker to make configuration changes as administrator. Note: NX-API is disabled by default. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).2019-03-08not yet calculatedCVE-2019-1602
BID
CISCOcisco -- nx-os_softwareA vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).2019-03-11not yet calculatedCVE-2019-1617
BID
CISCOcloud_foundry_foundation -- cloud_controllerCloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.2019-03-13not yet calculatedCVE-2019-3785
CONFIRMcloud_foundry_foundation -- container_runtimeCloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.2019-03-08not yet calculatedCVE-2019-3780
CONFIRMcloud_foundry_foundation -- container_runtime
 Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.2019-03-08not yet calculatedCVE-2019-3779
CONFIRMcobham -- satcom_sailor_250_and_500_devicesCobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.2019-03-15not yet calculatedCVE-2018-19391
MISC
MISCcobham -- satcom_sailor_250_and_500_devicesCobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).2019-03-15not yet calculatedCVE-2018-19392
MISC
MISCethereum -- cryptobotsbattle_tokenAn Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.2019-03-15not yet calculatedCVE-2018-17882
MISC
MISCf5 -- big-ipIn BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2019-03-13not yet calculatedCVE-2019-6597
CONFIRMf5 -- big-ipIn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.2019-03-13not yet calculatedCVE-2019-6598
CONFIRMf5 -- big-ipIn BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.2019-03-13not yet calculatedCVE-2019-6599
BID
CONFIRMf5 -- big-ipIn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.2019-03-13not yet calculatedCVE-2019-6600
CONFIRMf5 -- big-ipIn BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.2019-03-13not yet calculatedCVE-2019-6601
CONFIRMf5 -- big-ip_apmIn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.2019-03-13not yet calculatedCVE-2019-6596
BID
CONFIRMfeifeicms -- feifeicms
 FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.2019-03-14not yet calculatedCVE-2019-9825
MISC
MISCfujitsu -- wireless_keyboard_setThe receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.2019-03-15not yet calculatedCVE-2019-9835
MISCg_data_software -- total_securitygdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.2019-03-13not yet calculatedCVE-2019-9742
MISC
MISCgoogle -- androidThe Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.2019-03-15not yet calculatedCVE-2019-9833
EXPLOIT-DBgoogle -- android
 The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.2019-03-15not yet calculatedCVE-2019-9832
EXPLOIT-DB
MISChighcharts_js -- highcharts_js
 In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.2019-03-14not yet calculatedCVE-2018-20801
MISC
MISChuawei -- oceanstor_uds_devicesHuawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.2019-03-13not yet calculatedCVE-2015-2254
CONFIRMibm -- content_navigatorIBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.2019-03-14not yet calculatedCVE-2019-4034
BID
XF
CONFIRMibm -- robotic_process_automation_with_automation_anywhereIBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671.2019-03-14not yet calculatedCVE-2018-1908
CONFIRM
XFintel -- active_management_technologyInsufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.2019-03-14not yet calculatedCVE-2018-12187
CONFIRMintel -- capability_licensing_serviceInsufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.2019-03-14not yet calculatedCVE-2018-12200
CONFIRMintel -- matrix_storage_managerImproper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.2019-03-14not yet calculatedCVE-2019-0121
CONFIRMintel -- multiple_productsPrivilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.2019-03-14not yet calculatedCVE-2018-12202
CONFIRMintel -- multiple_products
 Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.2019-03-14not yet calculatedCVE-2018-12201
CONFIRMintel -- server_platform_services_heci_subsystem
 Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.2019-03-14not yet calculatedCVE-2018-12198
CONFIRMintel -- sgx_sdk_for_linux_and_sgx_sdk_for_windowsDouble free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.2019-03-14not yet calculatedCVE-2019-0122
CONFIRMjupyter -- notebookAn XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.2019-03-12not yet calculatedCVE-2019-9644
MISCmybb -- mybb
 An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.2019-03-10not yet calculatedCVE-2019-9650
MISC
MISCnetdata -- netdata
 The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user.2019-03-15not yet calculatedCVE-2019-9834
EXPLOIT-DB
MISCnexus -- 9000_series_switches_in_standalone_nx-os_modeA vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5).2019-03-11not yet calculatedCVE-2019-1618
BID
CISCOopen_ticket_request_system -- open_ticket_request_systemAn issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.2019-03-13not yet calculatedCVE-2019-9751
MISCopen_ticket_request_system -- open_ticket_request_systemAn issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.2019-03-13not yet calculatedCVE-2019-9752
MISCopen_ticket_request_system -- open_ticket_request_system
 An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.2019-03-13not yet calculatedCVE-2018-20800
MISCopensuse -- yast2-multipath
 In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection2019-03-15not yet calculatedCVE-2018-17955
CONFIRMopensuse -- yast2-printer
 In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.2019-03-15not yet calculatedCVE-2018-20106
CONFIRMopensuse -- yast2-samba-provision
 In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list2019-03-15not yet calculatedCVE-2018-17956
CONFIRMpacman -- pacman
 pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.2019-03-11not yet calculatedCVE-2019-9686
MISC
MISC
MISCpaul_vixie -- vixie_cronVixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.2019-03-11not yet calculatedCVE-2019-9706
MISC
MISC
MISCpaul_vixie -- vixie_cronVixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.2019-03-11not yet calculatedCVE-2019-9705
BID
MISCpaul_vixie -- vixie_cronVixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.2019-03-11not yet calculatedCVE-2019-9704
BID
MISCrsa -- authentication_managerRSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.2019-03-13not yet calculatedCVE-2019-3711
BID
FULLDISCtopvision -- cc8800_cmts_c-e_devicesTopvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.2019-03-15not yet calculatedCVE-2018-18205
MISC
MISCultravnc -- ultravncUltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.2019-03-08not yet calculatedCVE-2019-8267
MISCultravnc -- ultravncUltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8272
MISCultravnc -- ultravncUltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.2019-03-08not yet calculatedCVE-2019-8268
MISCultravnc -- ultravncUltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.2019-03-08not yet calculatedCVE-2019-8265
MISCultravnc -- ultravncUltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.2019-03-08not yet calculatedCVE-2019-8280
MISCultravnc -- ultravncUltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8277
MISCultravnc -- ultravncUltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8276
MISCultravnc -- ultravncUltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8275
MISCultravnc -- ultravncUltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8274
MISCultravnc -- ultravncUltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8273
MISCultravnc -- ultravncUltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208.2019-03-08not yet calculatedCVE-2019-8266
MISCultravnc -- ultravncUltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.2019-03-08not yet calculatedCVE-2019-8271
MISCultravnc -- ultravncUltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.2019-03-08not yet calculatedCVE-2019-8270
MISCultravnc -- ultravncUltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.2019-03-08not yet calculatedCVE-2019-8269
MISCultravnc -- ultravnc
 UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.2019-03-08not yet calculatedCVE-2019-8264
MISCwebargs -- webargs
 An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.2019-03-11not yet calculatedCVE-2019-9710
MISC
MISCwordpress -- wordpressThe Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."2019-03-10not yet calculatedCVE-2019-9646
MISC
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

New Zealand Tragedy-Related Scams and Malware Campaigns

US-CERT All NCAS Products - Fri, 03/15/2019 - 23:18
Original release date: March 15, 2019

In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Intel Releases Security Advisories on Multiple Products

US-CERT All NCAS Products - Fri, 03/15/2019 - 17:28
Original release date: March 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

VMware Releases Security Updates for Workstation and Horizon

US-CERT All NCAS Products - Fri, 03/15/2019 - 16:38
Original release date: March 15, 2019

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Microsoft Releases Security Update for Azure Linux Guest Agent

US-CERT All NCAS Products - Fri, 03/15/2019 - 02:42
Original release date: March 14, 2019

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

MS-ISAC Releases Security Primer on TrickBot Malware

US-CERT All NCAS Products - Thu, 03/14/2019 - 21:33
Original release date: March 14, 2019

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – TrickBot for more information and best practice recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

WordPress Releases Security Update

US-CERT All NCAS Products - Thu, 03/14/2019 - 15:15
Original release date: March 14, 2019

WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.1.1.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Updates

US-CERT All NCAS Products - Wed, 03/13/2019 - 21:39
Original release date: March 13, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Google Releases Security Updates for Chrome

US-CERT All NCAS Products - Wed, 03/13/2019 - 21:28
Original release date: March 13, 2019

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Microsoft Releases March 2019 Security Updates

US-CERT All NCAS Products - Tue, 03/12/2019 - 20:02
Original release date: March 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 03/12/2019 - 15:00
Original release date: March 12, 2019

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Pages