Microsoft Releases April 2019 Security Updates

US-CERT All NCAS Products - Tue, 04/09/2019 - 19:44
Original release date: April 09, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 04/09/2019 - 19:08
Original release date: April 09, 2019

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Intel Releases Security Updates, Mitigations for Multiple Products

US-CERT All NCAS Products - Tue, 04/09/2019 - 18:59
Original release date: April 09, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Samba Releases Security Updates

US-CERT All NCAS Products - Mon, 04/08/2019 - 18:47
Original release date: April 08, 2019

The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-3870 and CVE-2019-3880 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-098: Vulnerability Summary for the Week of April 1, 2019

US-CERT All NCAS Products - Mon, 04/08/2019 - 11:32
Original release date: April 08, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info74cms -- 74cmsApplication/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.2019-04-017.5CVE-2019-10684
MISCadvantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6550
MISCadvantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6552
MISCairsonic -- airsonicXXE issue in Airsonic before 10.1.2 during parse.2019-04-047.5CVE-2018-20222
CONFIRM
CONFIRMapple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-039.3CVE-2018-4126
MISC
MISC
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.2019-04-039.3CVE-2018-4327
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-0310.0CVE-2018-4331
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-0310.0CVE-2018-4332
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4336
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4337
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4340
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4343
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4344
MISC
MISC
MISC
MISCapple -- iphone_osAn input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-037.1CVE-2018-4363
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.2019-04-037.5CVE-2018-4367
MISCapple -- iphone_osA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4383
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4401
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4408
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-037.1CVE-2018-4413
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-039.3CVE-2018-4419
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-039.3CVE-2018-4420
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4425
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4426
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.2019-04-039.3CVE-2018-4427
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4447
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4461
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4465
MISC
MISCapple -- mac_os_xA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.2019-04-039.3CVE-2017-13911
MISC
MISCapple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4259
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4268
MISCapple -- mac_os_xA type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-039.3CVE-2018-4285
MISCapple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4286
MISC
MISCapple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4287
MISC
MISCapple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4288
MISC
MISCapple -- mac_os_xAn information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-037.1CVE-2018-4289
MISCapple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4291
MISC
MISCapple -- mac_os_xAn input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-037.5CVE-2018-4295
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4334
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4350
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4393
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4402
MISCapple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4410
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4415
MISCapple -- mac_os_xA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4421
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4422
MISCapple -- mac_os_xA buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4424
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4449
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4450
MISCapple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.2019-04-039.3CVE-2018-4456
MISC
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4463
MISCapple -- xcodeA memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.2019-04-039.3CVE-2018-4357
MISCaudiocodes -- 420hd_ip_phone_firmwareAn issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.2019-04-019.0CVE-2018-5757
MISCaxiomsl -- axiomAxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.2019-04-037.5CVE-2015-5463
MISCcanonical -- ubuntu_linuxIn the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.2019-04-017.2CVE-2019-8956
MISC
MISC
MISC
MISC
UBUNTU
UBUNTUcobub -- razorWestern Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.2019-03-297.5CVE-2019-10276
MISC
MISCctrip -- apolloAn SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.2019-04-017.5CVE-2019-10686
MISCdell -- emc_networkerEMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.2019-04-0110.0CVE-2017-8023
BID
MISCdlink -- dsl-3782_firmwareAn issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.2019-04-019.0CVE-2018-17990
MISCgog -- galaxyAn exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.2019-04-027.2CVE-2018-3974
MISCgog -- galaxyAn exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's ?Games? directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.2019-04-027.2CVE-2018-4049
MISCgog -- galaxyAn exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.2019-04-017.2CVE-2018-4050
CONFIRMgrandstream -- gac2500_firmwareGrandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.2019-03-307.5CVE-2019-10655
MISC
MISCgrandstream -- gxp1610_firmwareA Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.2019-04-017.5CVE-2018-17564
MISC
MISCgrandstream -- gxp1610_firmwareShell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.2019-04-0110.0CVE-2018-17565
MISC
MISCibm -- db2IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.2019-04-037.2CVE-2018-1936
XF
CONFIRMibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.2019-04-037.2CVE-2019-4014
XF
CONFIRMibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.2019-04-029.0CVE-2018-1640
CONFIRM
XFmitel -- cmg_suiteThe BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.2019-04-0210.0CVE-2018-19275
CONFIRM
CONFIRMmkcms_project -- mkcmsMKCMS V5.0 has SQL injection via the bplay.php play parameter.2019-04-027.5CVE-2019-10707
MISCoisf -- libhtphtp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.2019-04-047.5CVE-2018-10243
CONFIRMoverit -- geocallAn issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.2019-04-019.0CVE-2019-5890
MISCplataformatec -- devisePlataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.2019-04-037.5CVE-2019-5421
MISC
MISCpostgresql -- postgresqlIn PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS.2019-04-019.0CVE-2019-9193
MISC
MISCprovisio -- sitekioskAn elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.2019-03-297.5CVE-2018-18766
CONFIRMqualcomm -- mdm9150_firmwareUndefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR11302019-04-047.2CVE-2018-11966
CONFIRMqualcomm -- mdm9150_firmwarekernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM71502019-04-047.2CVE-2018-13918
CONFIRMqualcomm -- mdm9206_firmwareImproper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A2019-04-047.2CVE-2018-11830
CONFIRMqualcomm -- mdm9206_firmwareTZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR11302019-04-047.2CVE-2018-11970
CONFIRMrobocode_project -- robocodeRobocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.2019-03-307.5CVE-2019-10648
MISC
MISCs-cms -- s-cmsS-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.2019-04-027.5CVE-2019-10708
MISCsalesagility -- suitecrmSuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.2019-04-027.5CVE-2019-6506
CONFIRM
CONFIRM
CONFIRM
CONFIRMsony -- neural_network_librariesnbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.2019-04-047.5CVE-2019-10844
MISCsuricata-ids -- suricataSuricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.2019-04-047.5CVE-2018-10244
CONFIRMteeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.2019-04-057.5CVE-2019-10877
MISCteeworlds -- teeworldsIn Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.2019-04-057.5CVE-2019-10878
MISCteeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.2019-04-057.5CVE-2019-10879
MISCtongda2000 -- office_anywhereAn issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.2019-04-027.5CVE-2019-9759
MISCultimatemember -- ultimate_memberA CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.2019-04-039.3CVE-2019-10673
MISCzzzcms -- zzzphpZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).2019-03-307.5CVE-2019-10647
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3m -- detcon_sitewatch_gatewayDetcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.2019-04-025.0CVE-2017-6047
MISC3m -- detcon_sitewatch_gatewayDetcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.2019-04-025.0CVE-2017-6049
MISCabine -- blurAbine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component.2019-03-295.0CVE-2019-6481
MISC
FULLDISC
MISC
MISCadvantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.2019-04-055.0CVE-2019-6554
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.2019-04-036.8CVE-2018-4145
MISC
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4191
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4197
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4261
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4263
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4264
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4265
MISC
MISC
MISC
MISC
MISCapple -- icloudA race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4266
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4267
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4269
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4270
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4271
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4272
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4273
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4284
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-035.0CVE-2018-4293
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4299
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4306
MISC
MISC
MISC
MISC
MISCapple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-034.3CVE-2018-4309
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4314
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4315
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4316
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4317
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4318
MISC
MISC
MISC
MISC
MISCapple -- icloudA cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-035.8CVE-2018-4319
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4323
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4328
MISC
MISC
MISC
MISC
MISCapple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-034.3CVE-2018-4345
MISC
MISC
MISC
MISC
MISCapple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4347
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4358
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4359
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4360
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4361
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4372
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4373
MISC
MISC
MISC
MISC
MISCapple -- icloudA logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4374
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4375
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4376
MISC
MISC
MISC
MISC
MISCapple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4377
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4378
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4382
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4386
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4392
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudAn issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-035.0CVE-2018-4398
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4409
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4414
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4416
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4437
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4438
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-034.3CVE-2018-4439
MISC
MISC
MISC
MISCapple -- icloudA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-034.3CVE-2018-4440
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4441
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4442
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4443
MISC
MISC
MISC
MISC
MISC
MISCapple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4464
MISC
MISC
MISC
MISC
MISC
MISCapple -- iphone_osAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-035.0CVE-2018-4203
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1.2019-04-034.3CVE-2018-4216
MISCapple -- iphone_osAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.2019-04-035.0CVE-2018-4248
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.2019-04-036.8CVE-2018-4275
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.2019-04-036.8CVE-2018-4280
MISC
MISC
MISC
MISCapple -- iphone_osAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.2019-04-034.9CVE-2018-4282
MISC
MISC
MISCapple -- iphone_osA denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.2019-04-034.3CVE-2018-4290
MISC
MISCapple -- iphone_osAn input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-036.8CVE-2018-4303
MISC
MISC
MISC
MISCapple -- iphone_osA denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-034.3CVE-2018-4304
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.2019-04-035.0CVE-2018-4321
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-036.8CVE-2018-4326
MISC
MISC
MISCapple -- iphone_osA validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-034.3CVE-2018-4333
MISC
MISCapple -- iphone_osA validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.2019-04-034.3CVE-2018-4335
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.8CVE-2018-4341
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.8CVE-2018-4354
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-034.3CVE-2018-4355
MISC
MISCapple -- iphone_osA permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.2019-04-035.0CVE-2018-4356
MISCapple -- iphone_osAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.2019-04-034.3CVE-2018-4365
MISCapple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.2019-04-035.0CVE-2018-4366
MISCapple -- iphone_osA denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-034.0CVE-2018-4368
MISC
MISC
MISC
MISCapple -- iphone_osA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-035.0CVE-2018-4369
MISC
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.2019-04-036.8CVE-2018-4384
MISC
MISCapple -- iphone_osA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.2019-04-034.3CVE-2018-4385
MISCapple -- iphone_osAn access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-034.3CVE-2018-4399
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.2019-04-034.3CVE-2018-4400
MISC
MISC
MISCapple -- iphone_osA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.5CVE-2018-4407
MISC
MISC
MISC
MISC
MISCapple -- iphone_osA spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.2019-04-034.3CVE-2018-4429
MISC
MISCapple -- iphone_osA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-034.9CVE-2018-4431
MISC
MISC
MISC
MISCapple -- iphone_osA logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-036.8CVE-2018-4435
MISC
MISC
MISC
MISCapple -- iphone_osA certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.2019-04-035.0CVE-2018-4436
MISC
MISC
MISCapple -- iphone_osThis issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.2019-04-034.3CVE-2018-4446
MISCapple -- itunesA race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.2019-04-035.1CVE-2017-7151
MISC
MISC
MISC
MISC
MISC
MISCapple -- itunesA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.2019-04-036.8CVE-2018-4394
MISC
MISC
MISC
MISC
MISCapple -- mac_os_xAn injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4153
MISC
MISCapple -- mac_os_xA null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-035.0CVE-2018-4276
MISCapple -- mac_os_xAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-034.9CVE-2018-4283
MISCapple -- mac_os_xAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4308
MISC
MISCapple -- mac_os_xA permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4324
MISCapple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4338
MISCapple -- mac_os_xA validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4346
MISC
MISCapple -- mac_os_xA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4351
MISCapple -- mac_os_xAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-034.3CVE-2018-4389
MISCapple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4396
MISC
MISCapple -- mac_os_xThis issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-034.3CVE-2018-4403
MISCapple -- mac_os_xA denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.0CVE-2018-4406
MISC
MISCapple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-036.8CVE-2018-4411
MISC
MISCapple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4417
MISC
MISCapple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4418
MISC
MISCapple -- mac_os_xA logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-036.8CVE-2018-4423
MISCapple -- mac_os_xAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-036.6CVE-2018-4434
MISCapple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-034.3CVE-2018-4462
MISCapple -- mac_os_xA privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-034.3CVE-2018-4470
MISCapple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.2019-04-034.3CVE-2018-4195
MISCapple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.2019-04-034.3CVE-2018-4260
MISC
MISCapple -- safariA spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.2019-04-035.0CVE-2018-4274
MISC
MISCapple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.2019-04-035.0CVE-2018-4279
MISCapple -- safariA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.2019-04-034.3CVE-2018-4307
MISC
MISCapple -- safariClearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.2019-04-035.0CVE-2018-4329
MISC
MISCapple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.2019-04-034.3CVE-2018-4362
MISC
MISCapple -- safari"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.2019-04-034.0CVE-2018-4445
MISC
MISCatlassian -- crowdThe console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.2019-03-296.8CVE-2017-18105
MISCatlassian -- crowdThe identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.2019-03-296.0CVE-2017-18106
MISCatlassian -- crowdThe administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.2019-03-296.5CVE-2017-18108
MISCatlassian -- crowdThe login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.2019-03-295.8CVE-2017-18109
MISCatlassian -- crowdThe administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.2019-03-294.0CVE-2017-18110
MISCaxway -- vordel_xml_gatewayVordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.2019-04-035.0CVE-2015-5606
MISCbuttle_project -- buttleXSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.2019-04-034.3CVE-2019-5422
MISCcoapthon3_project -- coapthon3The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.2019-04-025.0CVE-2018-12679
MISCcoapthon_project -- coapthonThe Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.2019-04-025.0CVE-2018-12680
MISCdomoticz -- domoticzDomoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.2019-03-315.0CVE-2019-10678
MISCflatcore -- flatcoreAn issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.2019-03-306.5CVE-2019-10652
MISCfusioninventory -- fusioninventoryThe FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.2019-03-295.0CVE-2019-10477
MISC
MISC
MISC
MISC
MISCgnu -- gnutlsIt was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.2019-04-015.0CVE-2019-3836
CONFIRM
CONFIRM
FEDORAgog -- galaxyAn exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.2019-04-024.9CVE-2018-4051
MISCgrandstream -- gxp1610_firmwareA Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.2019-04-015.0CVE-2018-17563
MISC
MISCharmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.2019-03-296.5CVE-2019-9920
MISC
MISCharmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.2019-03-294.0CVE-2019-9921
MISC
MISCharmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.2019-03-295.0CVE-2019-9922
MISC
MISChttp-live-simulator_project -- http-live-simulatorPath traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.2019-04-035.0CVE-2019-5423
MISChyphp -- hybbsAn issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.2019-03-296.8CVE-2019-10644
MISCibm -- infosphere_information_serverIBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.2019-04-024.0CVE-2018-1906
BID
XF
CONFIRMibm -- infosphere_information_serverIBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.2019-04-024.0CVE-2018-1917
BID
XF
CONFIRMibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.2019-04-025.0CVE-2018-1618
CONFIRM
XFibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.2019-04-026.8CVE-2018-1622
CONFIRM
XFibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410.2019-04-024.0CVE-2018-1625
CONFIRM
XFibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.2019-04-024.0CVE-2018-1626
CONFIRM
XFibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.2019-04-025.0CVE-2018-1680
CONFIRM
XFibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.2019-04-025.5CVE-2019-4043
BID
XF
CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.2019-04-026.8CVE-2019-4080
BID
XF
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.2019-03-304.3CVE-2019-10649
BID
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.2019-03-305.8CVE-2019-10650
BID
MISCimagemagick -- imagemagickLocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.2019-04-024.3CVE-2019-10714
MISC
MISC
MISC
MISCkakaocorp -- kakaotalkRemote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower.2019-04-016.8CVE-2019-9132
CONFIRMkubernetes -- kubernetesIn all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.2019-04-014.0CVE-2019-1002100
BID
CONFIRM
CONFIRMkubernetes -- kubernetesCloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.2019-04-025.0CVE-2019-9946
CONFIRMlrzip_project -- lrzipThe lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.2019-03-304.3CVE-2019-10654
MISCmicrofocus -- content_managerAn unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.2019-04-015.0CVE-2019-3489
MISCmybb -- mybbA reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.2019-03-294.3CVE-2018-19201
MISConline_lottery_php_readymade_script_project -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.2019-03-296.8CVE-2019-9604
MISCopen-emr -- openemrA vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.2019-04-024.3CVE-2018-18035
CONFIRMopenmicroscopy -- omeroOMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.2019-03-316.8CVE-2014-7198
MISC
MISCopensynergy -- blue_sdkThe L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.2019-03-295.4CVE-2018-20378
MISC
CONFIRMoverit -- geocallMultiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.2019-04-014.3CVE-2019-5888
MISCoverit -- geocallAn log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.2019-04-015.0CVE-2019-5889
MISCoverit -- geocallAn issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.2019-04-015.0CVE-2019-5891
MISCpivotal_software -- concoursePivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.2019-04-015.0CVE-2019-3792
BID
CONFIRMpodofo_project -- podofoAn issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.2019-04-034.3CVE-2019-10723
MISCpronestor -- pronestor_health_monitoringThe Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.2019-04-014.4CVE-2018-19113
MISC
MISCqasymphony -- qtest_managerqTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter.2019-04-025.8CVE-2018-15180
MISCqualcomm -- mdm9206_firmwareInsufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_20162019-04-044.9CVE-2018-11958
CONFIRMqualcomm -- mdm9206_firmwareInterrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR11302019-04-044.9CVE-2018-11971
CONFIRMredhat -- openshift_container_platformA flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.2019-04-014.3CVE-2019-3876
BID
CONFIRMsuricata-ids -- suricataSuricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.2019-04-045.0CVE-2018-10242
CONFIRMsynology -- calendarRelative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.2019-04-014.0CVE-2018-13299
CONFIRMsynology -- driveInformation exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.2019-04-015.0CVE-2018-13297
CONFIRMsynology -- file_stationInformation exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.2019-04-015.0CVE-2018-13288
CONFIRMsynology -- mailplus_serverUncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.2019-04-015.0CVE-2018-13296
CONFIRMsynology -- ssl_vpn_clientLack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.2019-04-015.8CVE-2018-13283
CONFIRMtp-link -- tl-wr840n_firmwareTP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.2019-03-295.0CVE-2018-15840
MISCukcms -- ukcmsA CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.2019-04-056.8CVE-2019-10888
MISCwolfcms -- wolfcmsWolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.2019-03-294.3CVE-2019-10646
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- iphone_osAn input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-033.3CVE-2018-4305
MISC
MISC
MISCapple -- iphone_osA consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-032.1CVE-2018-4313
MISC
MISC
MISCapple -- iphone_osThis issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4322
MISCapple -- iphone_osA logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4325
MISCapple -- iphone_osA consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4352
MISCapple -- iphone_osA lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.2019-04-032.1CVE-2018-4379
MISCapple -- iphone_osA lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.2019-04-032.1CVE-2018-4387
MISCapple -- iphone_osA lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.2019-04-032.1CVE-2018-4388
MISCapple -- iphone_osA lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.2019-04-032.1CVE-2018-4430
MISCapple -- mac_os_xA permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.2019-04-032.1CVE-2018-4178
MISCapple -- mac_os_xA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-032.1CVE-2018-4342
MISCapple -- mac_os_xA validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.2019-04-032.1CVE-2018-4348
MISC
MISCcentos-webpanel -- centos_web_panelCentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.2019-04-033.5CVE-2019-10261
BID
MISC
EXPLOIT-DBdlink -- dsl-3782_firmwareA stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested.2019-04-013.5CVE-2018-17989
MISCgog -- galaxyAn exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.2019-04-022.1CVE-2018-4052
MISCgog -- galaxyAn exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.2019-04-022.1CVE-2018-4053
MISCharmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.2019-03-293.5CVE-2019-9919
MISC
MISCibm -- api_connectIBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.2019-04-022.1CVE-2018-1874
BID
XF
CONFIRMibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.2019-04-022.1CVE-2018-1623
CONFIRM
XFibm -- spectrum_protectIBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.2019-04-023.2CVE-2019-4093
CONFIRM
XFlinux -- linux_kernelThe hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.2019-04-042.1CVE-2018-20449
CONFIRM
MISConline_lottery_php_readymade_script_project -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.2019-03-293.5CVE-2019-9605
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamazon -- aws_sdk_for_androidAmazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).2019-04-04not yet calculatedCVE-2018-19981
MISC
MISC
MISC
MISCapple -- ios_and_macos_and_mojaveAn access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-03not yet calculatedCVE-2018-4310
MISC
MISC
MISCapple -- macos_and_mojaveA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.2019-04-03not yet calculatedCVE-2018-4353
MISCapple -- apple_support_for_iosAnalytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.2019-04-03not yet calculatedCVE-2018-4397
MISCapple -- cupsThe session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.2019-04-03not yet calculatedCVE-2018-4300
BID
MISCapple -- iosA lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.2019-04-03not yet calculatedCVE-2018-4380
MISCapple -- multiple_productsA denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-03not yet calculatedCVE-2018-4460
MISC
MISC
MISCapple -- multiple_productsA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4412
MISC
MISC
MISC
MISC
MISC
MISC
MISCapple -- multiple_productsThis issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-03not yet calculatedCVE-2018-4395
MISC
MISC
MISC
MISC
MISCapple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-03not yet calculatedCVE-2018-4371
MISC
MISC
MISC
MISCapple -- multiple_productsA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4312
MISC
MISC
MISC
MISC
MISCapple -- multiple_productsThe issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4311
MISC
MISC
MISC
MISC
MISCatlassian -- application_linksThe OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.2019-03-29not yet calculatedCVE-2017-18111
MISCavaya -- ip_office_contact_centerA SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.2019-04-04not yet calculatedCVE-2019-7001
CONFIRMaxiomsl -- axiom_google_web_toolkit_moduleAxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.2019-04-03not yet calculatedCVE-2015-5384
MISCaxiomsl -- axiom_google_web_toolkit_moduleAxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.2019-04-03not yet calculatedCVE-2015-5462
MISCbolt -- cmsCross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.2019-04-05not yet calculatedCVE-2019-10874
MISC
MISCbootstrap -- bootstrap-sass
 Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.2019-04-04not yet calculatedCVE-2019-10842
MISC
MISC
MISCburrow-wheeler_aligner -- burrow-wheeler_alignerBWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.2019-03-29not yet calculatedCVE-2019-10269
MISC

cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers

A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.2019-04-04not yet calculatedCVE-2019-1827
BID
CISCO

cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.2019-04-04not yet calculatedCVE-2019-1828
BID
CISCOdomoticz -- domoticzDomoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.2019-03-31not yet calculatedCVE-2019-10664
MISCeclipse -- hawkbitEclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.2019-04-03not yet calculatedCVE-2019-10240
CONFIRMgitlab -- community_and_enterprise_editionGitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.2019-04-04not yet calculatedCVE-2018-20229
CONFIRM
CONFIRMglory -- rbw-100_devicesAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.2019-04-05not yet calculatedCVE-2019-10478
MISCglory -- rbw-100_devicesAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.2019-04-05not yet calculatedCVE-2019-10479
MISCgrandstream -- gwn7000_and_gwn7610_devicesGrandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.2019-03-30not yet calculatedCVE-2019-10657
MISCgrandstream -- gwn7000_devicesGrandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10656
MISCgrandstream -- gwn7610_devicesGrandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10658
MISCgrandstream -- gxv3370_and_wp820_devicesGrandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.2019-03-30not yet calculatedCVE-2019-10659
MISCgrandstream -- gxv3611ir_hdGrandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.2019-03-30not yet calculatedCVE-2019-10660
MISCgrandstream -- gxv3611ir_hdOn Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.2019-03-30not yet calculatedCVE-2019-10661
MISCgrandstream -- ucm6204Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10662
MISCgrandstream -- ucm6204Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10663
MISCibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147710.2019-04-03not yet calculatedCVE-2018-1731
CONFIRM
BID
XFibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737.2019-04-03not yet calculatedCVE-2018-1913
CONFIRM
BID
XFivanti -- workspace_controlAn issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.2019-04-05not yet calculatedCVE-2019-10885
MISCjenkins -- jenkinsJenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10298
MISCjenkins -- jenkinsA missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003099
MISCjenkins -- jenkinsJenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003095
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003098
MISCjenkins -- jenkinsJenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003097
MISCjenkins -- jenkinsJenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003096
MISCjenkins -- jenkinsJenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10297
MISCjenkins -- jenkinsJenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003094
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003086
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003092
MISCjenkins -- jenkinsA missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003091
MISCjenkins -- jenkinsA missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003087
MISCjenkins -- jenkinsJenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003089
MISCjenkins -- jenkinsJenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003088
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003090
MISCjenkins -- jenkinsA missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003093
MISCjenkins -- jenkinsJenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10277
MISCjenkins -- jenkinsJenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10288
MISCjenkins -- jenkinsJenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10294
MISCjenkins -- jenkinsA missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10293
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10292
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003084
MISCjenkins -- jenkinsJenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10291
MISCjenkins -- jenkinsA missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10290
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10289
MISCjenkins -- jenkinsJenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10287
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10278
MISCjenkins -- jenkinsJenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10286
MISCjenkins -- jenkinsJenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10285
MISCjenkins -- jenkinsJenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10284
MISCjenkins -- jenkinsJenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10283
MISCjenkins -- jenkinsJenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10282
MISCjenkins -- jenkinsJenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10281
MISCjenkins -- jenkinsJenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10280
MISCjenkins -- jenkinsA missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10279
MISCjenkins -- jenkinsA missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003085
MISCjenkins -- jenkinsJenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003066
MISCjenkins -- jenkinsA missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003083
MISCjenkins -- jenkinsJenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003057
MISCjenkins -- jenkinsJenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003063
MISCjenkins -- jenkinsJenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003062
MISCjenkins -- jenkinsJenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003061
MISCjenkins -- jenkinsJenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003060
MISCjenkins -- jenkinsA missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003059
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003058
MISCjenkins -- jenkinsJenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003056
MISCjenkins -- jenkinsJenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003065
MISCjenkins -- jenkinsJenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003055
MISCjenkins -- jenkinsJenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003054
MISCjenkins -- jenkinsJenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003053
MISCjenkins -- jenkinsJenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003052
MISCjenkins -- jenkinsJenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003051
MISCjenkins -- jenkinsJenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10299
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003082
MISCjenkins -- jenkinsJenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003064
MISCjenkins -- jenkinsJenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10296
MISCjenkins -- jenkinsJenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003075
MISCjenkins -- jenkinsA missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003081
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003080
MISCjenkins -- jenkinsA missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003079
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003078
MISCjenkins -- jenkinsA missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003077
MISCjenkins -- jenkinsJenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003067
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003076
MISCjenkins -- jenkinsJenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003074
MISCjenkins -- jenkinsJenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003073
MISCjenkins -- jenkinsJenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003072
MISCjenkins -- jenkinsJenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003071
MISCjenkins -- jenkinsJenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003070
MISCjenkins -- jenkinsJenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003069
MISCjenkins -- jenkinsJenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003068
MISCjenkins -- jenkinsJenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10295
MISCkubernetes -- kubectlThe kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.2019-04-01not yet calculatedCVE-2019-1002101
BID
MISCkunbus -- pr100088_modbus_gatewayAn attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.2019-04-02not yet calculatedCVE-2019-6531
MISClibmysofa -- libmysofatreeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.2019-03-31not yet calculatedCVE-2019-10672
MISC
MISC
MISClibvirt -- libvirtAn incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.2019-04-04not yet calculatedCVE-2019-3886
BID
CONFIRMnorton -- coreNorton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.2019-03-29not yet calculatedCVE-2019-9695
BID
CONFIRMopenstack -- neutronAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.2019-04-05not yet calculatedCVE-2019-10876
MISC
MISCpallets -- jinjaIn Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.2019-04-06not yet calculatedCVE-2019-10906
MISCparsedown -- parsedownParsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.2019-04-06not yet calculatedCVE-2019-10905
MISC
MISCpimcore -- pimcoreAn issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.2019-04-04not yet calculatedCVE-2019-10867
MISC
MISCpinterest -- ktlintUsing ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261.2019-04-02not yet calculatedCVE-2019-1010260
MISCpoppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.2019-04-05not yet calculatedCVE-2019-10873
MISCpoppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.2019-04-05not yet calculatedCVE-2019-10872
MISCpoppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.2019-04-05not yet calculatedCVE-2019-10871
MISCproject_jupyter -- jupyter_notebookIn Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.2019-04-04not yet calculatedCVE-2019-10856
MISC
MISCrasberry_pi_foundation -- pi_3The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.2019-04-04not yet calculatedCVE-2018-18068
MISC
MISCrockwell_automation -- powerflex_525_ac_drivesRockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.2019-04-04not yet calculatedCVE-2018-19282
MISC
MISCrockwell_automation -- rslinx_classicA vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.2019-04-04not yet calculatedCVE-2019-6553
MISCroundup -- roundupRoundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.2019-04-06not yet calculatedCVE-2019-10904
MLIST
MISC
MISC
MLIST
MISCsalesagility -- suitecrmAn XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.2019-04-05not yet calculatedCVE-2018-20816
MISC
MISC
MISCsalicru -- slc-20-cube3(5)_devicesA reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.2019-04-05not yet calculatedCVE-2019-10887
MISCshibboleth -- identity_provider_and_opensaml_javaThe (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2019-04-04not yet calculatedCVE-2014-3603
SECUNIA
CONFIRM
CONFIRMsonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7477
CONFIRMsonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7475
CONFIRMsonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7474
CONFIRMsqlite -- sqliteSQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).2019-04-03not yet calculatedCVE-2018-20505
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCsqlite -- sqlite
 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.2019-04-03not yet calculatedCVE-2018-20506
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCsynology -- android_momentsChannel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.2019-04-01not yet calculatedCVE-2018-13298
CONFIRMsynology -- application_serviceInformation exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.2019-04-01not yet calculatedCVE-2018-13294
CONFIRMsynology -- application_serviceInformation exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.2019-04-01not yet calculatedCVE-2018-13295
CONFIRMsynology -- diskstation_managerInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13291
CONFIRMsynology -- diskstation_managerCross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.2019-04-01not yet calculatedCVE-2018-13293
CONFIRMsynology -- diskstation_managerCross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.2019-04-01not yet calculatedCVE-2017-16774
CONFIRMsynology -- diskstation_managerCommand injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.2019-04-01not yet calculatedCVE-2018-13284
CONFIRMsynology -- diskstation_managerIncorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13286
CONFIRMsynology -- router_managerInformation exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.2019-04-01not yet calculatedCVE-2018-13290
CONFIRMsynology -- router_managerCommand injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.2019-04-01not yet calculatedCVE-2018-13285
CONFIRMsynology -- router_managerIncorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13287
CONFIRMsynology -- router_managerInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13292
CONFIRMsynology -- router_managerInformation exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.2019-04-01not yet calculatedCVE-2018-13289
CONFIRMsynology -- sso_serverImproper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2019-04-01not yet calculatedCVE-2017-16775
CONFIRMsynology -- web_stationMissing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.2019-04-01not yet calculatedCVE-2018-8913
CONFIRMteemip -- teemipA command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.2019-04-04not yet calculatedCVE-2019-10863
MISC
MISCtrend_micro -- apex_one_and_officescan_and_worry-free_business_securityA directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.2019-04-05not yet calculatedCVE-2019-9489
CONFIRMtrend_micro -- interscan_web_security_virtual_applianceA vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.2019-04-05not yet calculatedCVE-2019-9490
CONFIRMtryton -- trytonIn trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.2019-04-04not yet calculatedCVE-2019-10868
MISC
MISC
BUGTRAQ
DEBIANuniqkey -- password_manager Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.2019-04-05not yet calculatedCVE-2019-10884
MISCvmware -- esxi_and_workstation_and_fusionVMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.2019-04-01not yet calculatedCVE-2019-5518
MISC
CONFIRMvmware -- esxi_and_workstation_and_fusionVMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.2019-04-01not yet calculatedCVE-2019-5519
MISC
CONFIRMvmware -- fusionVMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.2019-04-01not yet calculatedCVE-2019-5514
MISC
BID
CONFIRMvmware -- vcloud_director_for_service_providers
 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.2019-04-01not yet calculatedCVE-2019-5523
MISC
BID
CONFIRMvmware -- workstation_and_fusioinVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.2019-04-02not yet calculatedCVE-2019-5515
MISC
BID
CONFIRM
MISCvmware -- workstation_and_fusionVMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.2019-04-02not yet calculatedCVE-2019-5524
MISC
BID
CONFIRMwordpress -- wordpresspub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.2019-04-01not yet calculatedCVE-2019-6715
MISCwordpress -- wordpressIn the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.2019-04-02not yet calculatedCVE-2019-10692
MISC
MISCxiaomi -- mi_browserA URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.2019-04-05not yet calculatedCVE-2019-10875
MISC
MISC
MISCzoho -- manageengine_servicedesk_plusInformation leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.2019-04-04not yet calculatedCVE-2019-10273
MISC nouveau_project -- nouveau_display_driverA remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).2019-04-01not yet calculatedCVE-2018-3979
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Apache Releases Security Update for Apache HTTP Server

US-CERT All NCAS Products - Thu, 04/04/2019 - 17:48
Original release date: April 04, 2019

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

MS-ISAC Releases Security Primer on LockerGoga Ransomware

US-CERT All NCAS Products - Mon, 04/01/2019 - 18:45
Original release date: April 01, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.

Ransomware can be devastating to an individual or an organization. The Cybersecurity and Infrastructure Security Agency (CISA) discourages individuals and organizations from paying the ransom, as this does not guarantee access will be restored.

CISA encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – LockerGoga, CISA’s Ransomware page, and the U.S. Government’s Interagency Joint Guidance for further information and to implement the following best practices:

  • Create system back-ups,
  • Be wary of opening emails and attachments from unknown or unverified senders, and
  • Ensure that systems are updated with the latest patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Supply Chain Integrity Month

US-CERT All NCAS Products - Mon, 04/01/2019 - 17:21
Original release date: April 01, 2019

April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of a network environment.

CISA recommends users and administrators review ODNI’s guidance on Supply Chain Risk Management for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-091: Vulnerability Summary for the Week of March 25, 2019

US-CERT All NCAS Products - Mon, 04/01/2019 - 13:31
Original release date: April 01, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabus -- secvest_wireless_alarm_system_fuaa50000_firmwareDue to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.2019-03-2710.0CVE-2019-9863
MISCapache -- mesosA specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.2019-03-259.3CVE-2019-0204
BID
MLISTatlassian -- confluenceThe WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.2019-03-257.5CVE-2019-3395
MISCatlassian -- confluenceThe Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.2019-03-2510.0CVE-2019-3396
MISCbluecms_project -- bluecmsA SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.2019-03-287.5CVE-2019-10262
MISCdlink -- dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.2019-03-2510.0CVE-2019-10040
MISCdlink -- dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.2019-03-257.8CVE-2019-10042
MISCdovecot -- dovecotIn Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.2019-03-287.2CVE-2019-7524
MLIST
MISC
MISC
MLIST
BUGTRAQ
DEBIANflatpak -- flatpakFlatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.2019-03-267.5CVE-2019-10063
MISCfortinet -- fortiportalA weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button2019-03-257.5CVE-2017-7342
CONFIRMghs -- integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).2019-03-257.5CVE-2019-7713
MISC
MISCghs -- integrity_rtosAn issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.2019-03-257.5CVE-2019-7714
MISC
MISCgithub -- githubThe Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.2019-03-287.5CVE-2017-18365
MISC
MISChospira -- mednetHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.2019-03-2610.0CVE-2014-5401
MISChp -- arcsight_loggerMitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.2019-03-257.5CVE-2019-3479
MISChp -- arcsight_loggerMitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.2019-03-257.5CVE-2019-3481
MISChp -- arcsight_loggerMitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.2019-03-257.2CVE-2019-3484
MISClinux -- linux_kernelAn issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG).2019-03-277.8CVE-2019-10124
MISC
BID
MISC
MISClinux -- linux_kernelAn issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.2019-03-2710.0CVE-2019-10125
MISCmicrofocus -- data_protectorRemote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.2019-03-257.5CVE-2019-3476
MISCmoodle -- moodleA flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.2019-03-257.5CVE-2019-3809
CONFIRM
CONFIRM
CONFIRMovirt -- vdsmA vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.2019-03-259.0CVE-2019-3831
CONFIRMpfizer -- symbiq_infusion_system_firmwareHospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.2019-03-239.0CVE-2015-3965
MISCredhat -- ansibleAnsible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.2019-03-277.5CVE-2019-3828
CONFIRM
MISCsoftnas -- cloudSoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.2019-03-2310.0CVE-2019-9945
MISCteclib-edition -- gestionnaire_libre_de_parc_informatiqueTeclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.2019-03-277.5CVE-2019-10232
MISCtianocore -- edk_iiBuffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.2019-03-277.5CVE-2019-0160
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoamazon_affiliate_store_project -- amazon_affiliate_storePHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.2019-03-284.0CVE-2019-9864
MISCbaigo -- baigo_ssobaigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.2019-03-246.5CVE-2019-10015
MISCcmsmadesimple -- cms_made_simpleCMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.2019-03-244.3CVE-2019-10017
MISC
MISCcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.2019-03-266.8CVE-2019-9053
MISC
CONFIRMcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.2019-03-266.5CVE-2019-9055
MISC
CONFIRMcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.2019-03-266.5CVE-2019-9057
MISC
CONFIRMcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.2019-03-266.5CVE-2019-9058
MISC
CONFIRMcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature.2019-03-266.5CVE-2019-9059
MISC
CONFIRMcmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.2019-03-266.5CVE-2019-9061
MISC
CONFIRMcoreftp -- core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.2019-03-225.0CVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DBcoreftp -- core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.2019-03-225.0CVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DBdedecms -- dedecmsIn DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.2019-03-244.0CVE-2019-10014
MISCdlink -- dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.2019-03-255.0CVE-2019-10039
MISCdlink -- dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.2019-03-255.0CVE-2019-10041
MISCdovecot -- dovecotIt was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.2019-03-274.9CVE-2019-3814
CONFIRM
MISCeclipse -- jettyIn Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.2019-03-275.0CVE-2018-12545
CONFIRMeclipse -- mosquittoIn Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.2019-03-275.0CVE-2017-7655
CONFIRMeclipse -- mosquittoIn Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.2019-03-274.0CVE-2018-12546
CONFIRMeclipse -- mosquittoWhen Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.2019-03-276.8CVE-2018-12550
CONFIRMeclipse -- mosquittoWhen Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.2019-03-276.8CVE-2018-12551
CONFIRMelastic -- elasticsearchA permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.2019-03-256.8CVE-2019-7611
MISC
MISCfaststone -- image_viewerFastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.2019-03-264.3CVE-2018-15813
MISCfaststone -- image_viewerFastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.2019-03-264.3CVE-2018-15814
MISCfaststone -- image_viewerFastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.2019-03-264.3CVE-2018-15815
MISCfaststone -- image_viewerFastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.2019-03-264.3CVE-2018-15816
MISCfaststone -- image_viewerFastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.2019-03-264.3CVE-2018-15817
MISCfedoraproject -- fedoraA vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.2019-03-274.3CVE-2019-3877
CONFIRM
CONFIRM
CONFIRM
UBUNTUfedoraproject -- fedoraA vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.2019-03-266.8CVE-2019-3878
CONFIRM
CONFIRM
UBUNTUfortinet -- fortiportalA Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.2019-03-254.3CVE-2017-7340
CONFIRMgforge -- advanced_serverGForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.2019-03-244.3CVE-2019-10016
MISCghs -- integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.2019-03-255.0CVE-2019-7711
MISC
MISCghs -- integrity_rtosAn issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.2019-03-255.0CVE-2019-7712
MISC
MISCghs -- integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.2019-03-255.0CVE-2019-7715
MISC
MISCgitlab -- gitlabGitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.2019-03-265.0CVE-2018-19856
MISC
MISCgitlab -- gitlabGitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.2019-03-285.0CVE-2018-20144
MISC
MISC
MISCgitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.2019-03-255.0CVE-2019-6240
MISC
MISCgnu -- gnutlsA vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.2019-03-275.0CVE-2019-3829
CONFIRM
CONFIRM
FEDORA
FEDORA
MISCgnu -- tarpax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.2019-03-225.0CVE-2019-9923
MISC
MISC
MISCharmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.2019-03-296.4CVE-2019-9918
MISC
MISChashicorp -- consulHashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.2019-03-265.8CVE-2019-9764
MISChp -- arcsight_loggerMitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.2019-03-254.3CVE-2019-3480
MISChp -- arcsight_loggerMitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.2019-03-256.8CVE-2019-3482
MISChp -- arcsight_loggerMitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.2019-03-256.8CVE-2019-3483
MISChp -- isaac_mizrahi_smartwatchA potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.2019-03-275.0CVE-2017-2748
CONFIRMhp -- remote_graphics_softwareA potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.2019-03-276.4CVE-2018-5926
CONFIRMhp -- support_assistantHP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.2019-03-274.1CVE-2018-5927
CONFIRMibm -- api_connectIBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.2019-03-225.0CVE-2019-4052
CONFIRM
BID
XFibm -- content_navigatorIBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.2019-03-226.4CVE-2019-4035
CONFIRM
BID
XFibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.2019-03-255.0CVE-2019-4046
BID
XF
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.2019-03-236.8CVE-2019-9956
BID
MISCjenzabar -- internet_campus_solutionJenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICS\ICS.NET\ICSFileServer/moxiemanager directory.2019-03-256.0CVE-2019-10012
MISC
MISClaravel -- frameworkLaravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.2019-03-286.5CVE-2018-6330
MISC
MISClibrenms -- librenmsLibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.2019-03-286.5CVE-2018-20678
MISC
MISClibreoffice -- libreofficeIt was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.2019-03-256.8CVE-2018-16858
CONFIRM
MISClibssh2 -- libssh2An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-256.8CVE-2019-3856
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISClibssh2 -- libssh2An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-256.8CVE-2019-3857
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-256.4CVE-2019-3860
SUSE
CONFIRM
MLIST
CONFIRM
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-256.4CVE-2019-3861
SUSE
CONFIRM
MLIST
CONFIRM
MISClibssh2 -- libssh2A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.2019-03-256.8CVE-2019-3863
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISCmisp -- mispIn MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.2019-03-284.3CVE-2019-10254
MISC
MISCmoodle -- moodleA flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.2019-03-254.0CVE-2019-3808
CONFIRM
CONFIRM
CONFIRMmoodle -- moodleA flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.2019-03-255.0CVE-2019-3810
CONFIRM
CONFIRM
CONFIRMmoodle -- moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.2019-03-276.5CVE-2019-3847
CONFIRM
MISCmoodle -- moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.2019-03-265.8CVE-2019-3850
CONFIRM
MISCmoodle -- moodleA vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.2019-03-264.0CVE-2019-3851
CONFIRM
MISCmoodle -- moodleA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities2019-03-264.0CVE-2019-3852
CONFIRM
MISCmyadrenalin -- adrenalinA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.2019-03-254.3CVE-2018-12652
MISCmyadrenalin -- adrenalinA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter.2019-03-254.3CVE-2018-12653
MISCnagios -- nagios_xiCommand injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.2019-03-286.5CVE-2019-9164
CONFIRM
CONFIRMomron -- poweract_pro_master_agentPowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.2019-03-274.0CVE-2018-16207
MISC
MISC
MISCopentext -- opentext_portalCross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.2019-03-224.3CVE-2018-20165
MISCovirt -- ovirtIn ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.2019-03-254.0CVE-2017-7510
CONFIRMovirt -- ovirtIt was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.2019-03-255.5CVE-2019-3879
BID
CONFIRMportainer -- portainerA vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.2019-03-275.0CVE-2018-19466
MISC
MISC
MISCpython -- pythonAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.2019-03-234.3CVE-2019-9947
MISCpython -- pythonurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.2019-03-236.4CVE-2019-9948
BID
MISC
MISCredhat -- ansible_towerWhen running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.2019-03-284.0CVE-2019-3869
CONFIRM
MISCs-cms -- s-cmsS-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.2019-03-276.8CVE-2019-10237
MISCselect2 -- select2In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.2019-03-274.3CVE-2016-10744
MISC
MISC
MISCsitemagic -- sitemagicSitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.2019-03-274.3CVE-2019-10238
MISCsqlite -- sqliteIn SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.2019-03-225.0CVE-2019-9936
BID
MISC
MISC
MISCsqlite -- sqliteIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.2019-03-225.0CVE-2019-9937
BID
MISC
MISC
MISCsymfony -- twigA sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.2019-03-234.3CVE-2019-9942
MISC
BUGTRAQ
MISC
DEBIANtianocore -- edk_iiBuffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.2019-03-276.4CVE-2018-12178
SUSE
CONFIRMtianocore -- edk_iiStack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-274.6CVE-2018-12183
CONFIRMtianocore -- edk_iiLogic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-274.6CVE-2018-3613
CONFIRMtotaljs -- total.js_cmsTotal.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).2019-03-284.3CVE-2019-10260
MISC
MISCshareit -- shareitThe SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.2019-03-225.8CVE-2019-9939
MISCverifone -- verix_multi-app_conductorThe Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.2019-03-256.8CVE-2019-10060
MISCw1.fi -- hostapdhostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.2019-03-235.0CVE-2016-10743
MLIST
MISCweban -- anDirectory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2019-03-275.0CVE-2019-5927
MISC
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.2019-03-236.8CVE-2019-9966
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.2019-03-236.8CVE-2019-9967
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.2019-03-236.8CVE-2019-9968
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.2019-03-236.8CVE-2019-9969
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.2019-03-236.8CVE-2019-9962
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.2019-03-236.8CVE-2019-9963
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.2019-03-236.8CVE-2019-9964
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.2019-03-236.8CVE-2019-9965
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.2019-03-244.3CVE-2019-10018
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.2019-03-244.3CVE-2019-10019
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.2019-03-244.3CVE-2019-10020
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.2019-03-244.3CVE-2019-10021
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.2019-03-244.3CVE-2019-10022
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.2019-03-244.3CVE-2019-10023
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.2019-03-244.3CVE-2019-10024
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.2019-03-244.3CVE-2019-10025
MISCxpdfreader -- xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.2019-03-244.3CVE-2019-10026
MISCznc -- zncZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.2019-03-274.0CVE-2019-9917
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabus -- secvest_wireless_alarm_system_fuaa50000_firmwareAn issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).2019-03-273.3CVE-2019-9862
MISCcentos-webpanel -- centos_web_panelCentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.2019-03-263.5CVE-2019-7646
MISC
MISC
EXPLOIT-DBcmsmadesimple -- cms_made_simpleCMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.2019-03-263.5CVE-2019-10105
MISCcmsmadesimple -- cms_made_simpleCMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.2019-03-263.5CVE-2019-10106
MISCcmsmadesimple -- cms_made_simpleCMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.2019-03-263.5CVE-2019-10107
MISCdrupal -- drupalIn Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.2019-03-263.5CVE-2019-6341
CONFIRMgnome -- gvfsAn incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.2019-03-253.3CVE-2019-3827
CONFIRM
CONFIRMonline_lottery_php_readymade_script_project -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.2019-03-293.5CVE-2019-9605
MISCpaloaltonetworks -- expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.2019-03-263.5CVE-2019-1569
BID
MISC
MISCpaloaltonetworks -- expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.2019-03-263.5CVE-2019-1570
BID
CONFIRM
MISCpaloaltonetworks -- expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.2019-03-263.5CVE-2019-1571
BID
CONFIRM
MISCphpcms -- phpcmsPHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.2019-03-243.5CVE-2019-10027
MISC
MISCredhat -- libvirtA NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.2019-03-273.5CVE-2019-3840
CONFIRM
CONFIRM
CONFIRMtianocore -- edk_iiStack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.2019-03-272.1CVE-2019-0161
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabine_blur -- abine_blur
 Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component.2019-03-29not yet calculatedCVE-2019-6481
MISC
FULLDISC
MISC
MISCabus -- secvest_remote_controlDue to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.2019-03-27not yet calculatedCVE-2019-9860
MISCadtran -- netconf_pmaa_access_managementAn issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.2019-03-27not yet calculatedCVE-2018-19648
CONFIRMapache -- activemqIn Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.2019-03-28not yet calculatedCVE-2019-0222
CONFIRM
MLIST
BID
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLISTapache -- hbase_rest_serverIn all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server.2019-03-28not yet calculatedCVE-2019-0212
MLIST
BID
CONFIRMapache -- jspwikiA specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.2019-03-28not yet calculatedCVE-2019-0225
MLIST
BID
CONFIRM
MLIST
MLIST
MLIST
MLISTapache -- jspwikiIn Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.2019-03-28not yet calculatedCVE-2019-0224
BID
CONFIRM
MLIST
MLISTapache -- kibanaKibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2019-03-25not yet calculatedCVE-2019-7608
MISC
MISCapache -- kibanaKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.2019-03-25not yet calculatedCVE-2019-7609
MISC
MISCapache -- kibanaKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.2019-03-25not yet calculatedCVE-2019-7610
MISC
MISCatlassian -- crowdThe administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.2019-03-29not yet calculatedCVE-2017-18108
MISCatlassian -- crowdThe console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.2019-03-29not yet calculatedCVE-2017-18105
MISCatlassian -- crowdThe administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.2019-03-29not yet calculatedCVE-2017-18110
MISCatlassian -- crowdThe login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.2019-03-29not yet calculatedCVE-2017-18109
MISCatlassian -- crowdThe identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.2019-03-29not yet calculatedCVE-2017-18106
MISCatlassian_application_linksThe OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.2019-03-29not yet calculatedCVE-2017-18111
MISCaxtls -- axtls
 tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.2019-03-25not yet calculatedCVE-2019-8981
MISC
MISC
MISCbash -- bash
 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.2019-03-22not yet calculatedCVE-2019-9924
MISC
MISC
MLISTbaxter -- sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5434
MISCbaxter -- sigma_spectrum_infusion_systemAn unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5433
MISCbaxter -- sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5432
MISCbaxter -- sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5431
MISCburrows-wheeler_aligner -- burrows-wheeler_aligner
 BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.2019-03-29not yet calculatedCVE-2019-10269
MISCcisco -- aggregation_services_router_900_route_switch_processor_3A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.2019-03-27not yet calculatedCVE-2019-1749
BID
CISCOcisco -- catalyst_4500_series_switchesA vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1750
BID
CISCOcisco -- catalyst_6500_series_switchesA vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.2019-03-27not yet calculatedCVE-2019-1758
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.2019-03-27not yet calculatedCVE-2019-1757
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.2019-03-27not yet calculatedCVE-2019-1746
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1739
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1738
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1745
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.2019-03-27not yet calculatedCVE-2019-1752
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.2019-03-27not yet calculatedCVE-2019-1747
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.2019-03-27not yet calculatedCVE-2019-1748
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.2019-03-27not yet calculatedCVE-2019-1737
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.2019-03-27not yet calculatedCVE-2019-1762
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.2019-03-27not yet calculatedCVE-2019-1761
BID
CISCOcisco -- ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1740
BID
CISCOcisco -- ios_softwareA vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1751
BID
CISCOcisco -- ios_xe_softwareA vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.2019-03-27not yet calculatedCVE-2019-1741
BID
CISCOcisco -- ios_xe_softwareA vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1754
BID
CISCOcisco -- ios_xe_softwareA vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.2019-03-27not yet calculatedCVE-2019-1760
BID
CISCOcisco -- ios_xe_softwareA vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.2019-03-27not yet calculatedCVE-2019-1759
CISCOcisco -- ios_xe_softwareA vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.2019-03-27not yet calculatedCVE-2019-1742
BID
CISCOcisco -- ios_xe_softwareA vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.2019-03-27not yet calculatedCVE-2019-1755
BID
CISCOcisco -- ios_xe_softwareA vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.2019-03-27not yet calculatedCVE-2019-1756
BID
CISCOcisco -- ios_xe_softwareA vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1743
BID
CISCOcisco -- ios_xe_softwareA vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1753
BID
CISCOcivetweb -- civetweb
 A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.2019-03-27not yet calculatedCVE-2019-3821
CONFIRM
MISCcockpit-project -- cockpitIt was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.2019-03-26not yet calculatedCVE-2019-3804
CONFIRM
CONFIRM
CONFIRMcommonmark -- commonmark
 Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.2019-03-24not yet calculatedCVE-2019-10010
MISC
MISCd-link -- routers
 D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).2019-03-25not yet calculatedCVE-2019-7642
MISCdell -- networking_os10Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system.2019-03-28not yet calculatedCVE-2019-3710
MISCdigium -- asteriskAn Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.2019-03-28not yet calculatedCVE-2019-7251
CONFIRM
CONFIRMelastic -- logstachA sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.2019-03-25not yet calculatedCVE-2019-7612
MISC
MISCelastic -- winlogbeat
 Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.2019-03-25not yet calculatedCVE-2019-7613
MISC
MISCelectric_coin_company -- zcashZcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.2019-03-26not yet calculatedCVE-2019-7167
MISC
MISCenttec -- datagate_mk2_and_storm_24_and_pixelatorENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.2019-03-28not yet calculatedCVE-2019-6542
MISCextensible_firmware_interface -- development_kitInsufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-27not yet calculatedCVE-2018-12182
CONFIRMextensible_firmware_interface -- development_kitStack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.2019-03-27not yet calculatedCVE-2018-12181
CONFIRMextensible_firmware_interface -- development_kitBuffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.2019-03-27not yet calculatedCVE-2018-12180
SUSE
CONFIRMextensible_firmware_interface -- development_kit
 Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-27not yet calculatedCVE-2018-12179
CONFIRMf5 -- multiple_big-ip_productsIn BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.2019-03-28not yet calculatedCVE-2019-6602
BID
MISCf5 -- multiple_big-ip_productsOn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.2019-03-28not yet calculatedCVE-2019-6605
BID
MISCf5 -- multiple_big-ip_productsOn BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.2019-03-28not yet calculatedCVE-2019-6606
BID
MISCf5 -- multiple_big-ip_productsOn BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.2019-03-28not yet calculatedCVE-2019-6607
BID
MISCf5 -- multiple_productsOn BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.2019-03-28not yet calculatedCVE-2019-6608
MISCf5 -- multiple_productsIn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.2019-03-28not yet calculatedCVE-2019-6603
BID
MISCf5 -- multiple_productsOn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.2019-03-28not yet calculatedCVE-2019-6604
MISCflatcore -- flatcore-cms
 An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.2019-03-30not yet calculatedCVE-2019-10652
MISCforcepoint -- email_securityA password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.2019-03-28not yet calculatedCVE-2018-16529
MISC
CONFIRMgnuboard5 -- gnuboard5Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.2019-03-25not yet calculatedCVE-2018-15583
CONFIRM
CONFIRMgnuboard5 -- gnuboard5Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.2019-03-27not yet calculatedCVE-2018-15585
MISC
MISC
MISCgrandstream -- gwn7000_and_gwn7610_devicesGrandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.2019-03-30not yet calculatedCVE-2019-10657
MISCgrandstream -- gwn7000_devicesGrandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10656
MISCgrandstream -- gwn7610_devicesGrandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10658
MISCgrandstream -- gxv3370_and_wp80_devicesGrandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.2019-03-30not yet calculatedCVE-2019-10659
MISCgrandstream -- gxv3611ir_hd_devicesGrandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.2019-03-30not yet calculatedCVE-2019-10660
MISCgrandstream -- gxv3611ir_hd_devicesOn Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.2019-03-30not yet calculatedCVE-2019-10661
MISCgrandstream -- multiple_devices
 Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.2019-03-30not yet calculatedCVE-2019-10655
MISC
MISCgrandstream -- ucm6204_devicesGrandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10662
MISCgrandstream -- ucm6204_devicesGrandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10663
MISChoneywell -- experion_pksMultiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-03-25not yet calculatedCVE-2014-9187
MISChoneywell -- experion_pksMultiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-03-25not yet calculatedCVE-2014-9189
MISChospira -- lifecare_pca_infusion_systemWireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.2019-03-25not yet calculatedCVE-2015-1012
MISChospira -- plum_and_symbiq_infusion_systemsWireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3952
MISChospira -- plum_and_symbiq_infusion_systemsHard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3953
MISChospira -- plum_and_symbiq_infusion_systemsHospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3954
MISChospira -- plum_and_symbiq_infusion_systemsHospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3956
MISChp_development_company -- multiple_printers
 In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.2019-03-27not yet calculatedCVE-2018-5923
CONFIRMhp_development_company -- tommy_hilfiger_th24/7_android_appA potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.2019-03-27not yet calculatedCVE-2017-2752
CONFIRMhybbs -- hybbs
 An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.2019-03-29not yet calculatedCVE-2019-10644
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.2019-03-30not yet calculatedCVE-2019-10650
BID
MISCimagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.2019-03-30not yet calculatedCVE-2019-10649
BID
MISCjboss -- management_consoleA cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.2019-03-27not yet calculatedCVE-2018-10934
CONFIRMjenkins -- jenkinsA vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.2019-03-28not yet calculatedCVE-2019-1003048
MLIST
BID
MISCjenkins -- jenkinsA missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-03-28not yet calculatedCVE-2019-1003047
MLIST
BID
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.2019-03-28not yet calculatedCVE-2019-1003046
MLIST
BID
MISCjenkins -- jenkinsA vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration.2019-03-28not yet calculatedCVE-2019-1003045
MLIST
BID
MISCjenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-03-28not yet calculatedCVE-2019-1003044
MLIST
BID
MISCjenkins -- jenkinsA missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-03-28not yet calculatedCVE-2019-1003043
MLIST
BID
MISCjenkins -- jenkinsA cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.2019-03-28not yet calculatedCVE-2019-1003042
MLIST
BID
MISCjenkins -- jenkinsA sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.2019-03-28not yet calculatedCVE-2019-1003041
MLIST
BID
MISCjenkins -- jenkins
 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.2019-03-28not yet calculatedCVE-2019-1003040
MLIST
BID
MISCjenzabar -- internet_campus_solutionICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.2019-03-25not yet calculatedCVE-2019-10011
MISCjoomla! -- joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.2019-03-29not yet calculatedCVE-2019-9921
MISC
MISCjoomla! -- joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.2019-03-29not yet calculatedCVE-2019-9922
MISC
MISCjoomla! -- joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.2019-03-29not yet calculatedCVE-2019-9920
MISC
MISCjoomla! -- joomla!
 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.2019-03-29not yet calculatedCVE-2019-9919
MISC
MISCkentico -- kentico
 An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.2019-03-26not yet calculatedCVE-2019-10068
MISCkinagacms -- kinagacms
 Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2019-03-27not yet calculatedCVE-2019-5926
MISC
MISC
MISCkubevirt -- virt-cdi-importerKubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content.2019-03-25not yet calculatedCVE-2019-3841
CONFIRM
MISClcds -- laquis_scadaOpening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.2019-03-27not yet calculatedCVE-2019-6536
MISClcds -- laquis_scada
 LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration.2019-03-27not yet calculatedCVE-2018-18994
MISClinux -- linux_kernelThe SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.2019-03-25not yet calculatedCVE-2019-3874
CONFIRMlrzip -- lrzip
 The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.2019-03-30not yet calculatedCVE-2019-10654
MISCmarel -- food_processing_systemsSystems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.2019-03-27not yet calculatedCVE-2017-9626
MISCmcafee -- network_security_managerAuthentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.2019-03-26not yet calculatedCVE-2019-3597
BID
CONFIRMmcafee -- network_security_managerData Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.2019-03-26not yet calculatedCVE-2019-3606
BID
CONFIRMmedtronic -- multiple_devicesThe Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product?s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.2019-03-25not yet calculatedCVE-2019-6538
BID
CONFIRMmedtronic -- multiple_devicesThe Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.2019-03-26not yet calculatedCVE-2019-6540
BID
MISCmicro_focus -- solutions_business_managerReflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19644
CONFIRMmicro_focus -- solutions_business_managerUnauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19641
CONFIRMmicro_focus -- solutions_business_managerInformation leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19643
CONFIRMmicro_focus -- solutions_business_managerDenial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19642
CONFIRMmoodle -- moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.2019-03-26not yet calculatedCVE-2019-3849
CONFIRM
MISCmoodle -- moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)2019-03-26not yet calculatedCVE-2019-3848
CONFIRM
MISCmybb -- mybbA reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.2019-03-29not yet calculatedCVE-2018-19201
MISCnode-opencv -- node-opencv
 utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.2019-03-25not yet calculatedCVE-2019-10061
MISC
MISC
MISCnode.js -- node.jsKeep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.2019-03-28not yet calculatedCVE-2019-5739
SUSE
MISCnode.js -- node.js
 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11.2019-03-28not yet calculatedCVE-2019-5737
SUSE
MISCnvidia -- geforce_experienceNVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.2019-03-28not yet calculatedCVE-2019-5674
BID
CONFIRMopensynergy -- blue_sdkThe L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.2019-03-29not yet calculatedCVE-2018-20378
MISC
CONFIRMopto_22 -- multiple_productsA specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.2019-03-25not yet calculatedCVE-2015-1007
MISCphoenix_contact -- multiple_productsAn issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.2019-03-26not yet calculatedCVE-2019-9743
BID
MISCphoenix_contact -- multiple_productsAn issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.2019-03-26not yet calculatedCVE-2019-9744
MISCphpfk -- phpfk
 phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.2019-03-27not yet calculatedCVE-2017-18364
MISCphpscriptsmall.com -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.2019-03-29not yet calculatedCVE-2019-9604
MISCproject_jupyter -- jupyter_notebook_and_jupyterhub
 An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.2019-03-28not yet calculatedCVE-2019-10255
MISC
MISC
MISC
MISC
MISCprometheus -- prometheus
 A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.2019-03-26not yet calculatedCVE-2019-3826
CONFIRM
CONFIRM
CONFIRMprovisio -- sitekioskAn elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.2019-03-29not yet calculatedCVE-2018-18766
CONFIRMred_hat -- ansible_towerIt was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.2019-03-25not yet calculatedCVE-2019-3838
REDHAT
MISC
CONFIRM
FEDORA
FEDORAred_hat -- ansible_towerIt was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.2019-03-25not yet calculatedCVE-2019-3835
REDHAT
MISC
CONFIRM
FEDORA
FEDORAred_hat -- openstack_platform_directorIn a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.2019-03-26not yet calculatedCVE-2018-16856
CONFIRMrobocode -- robocode
 Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.2019-03-30not yet calculatedCVE-2019-10648
MISC
MISCrockwell_automation -- ethernet/ip_web_server_modulesRockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.2019-03-27not yet calculatedCVE-2018-19016
MISCrockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2807
MISCrockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2806
MISCrockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2805
MISCrockwell_automation -- plc-5_and_slc_5/0x_controllersThe potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.2019-03-26not yet calculatedCVE-2010-5305
MISCrpm-software-management -- libcomps
 A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.2019-03-27not yet calculatedCVE-2019-3817
CONFIRM
CONFIRM
CONFIRMrubyonrails -- railsA remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.2019-03-27not yet calculatedCVE-2019-5420
CONFIRM
CONFIRMrubyonrails -- railsThere is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.2019-03-27not yet calculatedCVE-2019-5419
MLIST
CONFIRM
MLIST
CONFIRMrubyonrails -- rails
 There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.2019-03-27not yet calculatedCVE-2019-5418
MISC
MLIST
CONFIRM
MLIST
CONFIRM
EXPLOIT-DBschneider_electric -- opc_factory_serverA successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.2019-03-25not yet calculatedCVE-2015-1014
MISCshareit -- shareitThe SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."2019-03-22not yet calculatedCVE-2019-9938
MISCsiemens -- scalanceA vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions <V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availablity of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-03-26not yet calculatedCVE-2019-6569
BID
MISCsignal -- private_messenger_and_desktopOpen Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-23not yet calculatedCVE-2019-9970
BID
MISCsnipe-it -- snipe-it
 Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.2019-03-27not yet calculatedCVE-2019-10118
MISCsymantec_norton -- coreNorton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.2019-03-29not yet calculatedCVE-2019-9695
BID
CONFIRMsystem_security_services_daemon -- system_security_services_daemon
 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.2019-03-25not yet calculatedCVE-2018-16838
CONFIRMteclib_group -- glpiTeclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.2019-03-27not yet calculatedCVE-2019-10233
MISC
MISCteclib_group -- glpiTeclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).2019-03-27not yet calculatedCVE-2019-10231
MISC
MISCteclib_group -- glpiThe FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.2019-03-29not yet calculatedCVE-2019-10477
MISC
MISC
MISC
MISC
MISCtelegram -- telegramTelegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-25not yet calculatedCVE-2019-10044
BID
MISCtelemetry -- ceilometerA vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.2019-03-26not yet calculatedCVE-2019-3830
CONFIRMteltonika -- rtu9xx_devicesAn issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.2019-03-28not yet calculatedCVE-2018-19879
MISC
MISCtenable -- nagios_xiSQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.2019-03-28not yet calculatedCVE-2019-9204
CONFIRMtenable -- nagios_xiAuthorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.2019-03-28not yet calculatedCVE-2019-9203
CONFIRMtenable -- nagios_xiNagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.2019-03-28not yet calculatedCVE-2019-9202
CONFIRMtenable -- nagios_xiPrivilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.2019-03-28not yet calculatedCVE-2019-9166
CONFIRM
CONFIRMtenable -- nagios_xiCross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.2019-03-28not yet calculatedCVE-2019-9167
CONFIRM
CONFIRMtenable -- nagios_xiSQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.2019-03-28not yet calculatedCVE-2019-9165
CONFIRM
CONFIRMtesla -- model_3_vehiclesThe renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.2019-03-24not yet calculatedCVE-2019-9977
BID
MISC
MISCtibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8989
BID
MISC
MISCtibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8988
BID
MISC
MISCtibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8987
BID
MISC
MISCtp-link -- tl-wr840n_devicesTP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.2019-03-29not yet calculatedCVE-2018-15840
MISCucweb -- uc_browserUCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks.2019-03-28not yet calculatedCVE-2019-10250
MISCucweb -- uc_browserThe UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks.2019-03-28not yet calculatedCVE-2019-10251
MISC
MISCwecon_technology -- pi_studioWECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.2019-03-27not yet calculatedCVE-2018-14814
MISCwestern_bridge_cobub_razor -- western_bridge_cobub_razor
 Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.2019-03-29not yet calculatedCVE-2019-10276
MISC
MISCwikindx -- wikindx
 A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.2019-03-26not yet calculatedCVE-2019-9961
MISC
CONFIRMwolf -- cms
 Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.2019-03-29not yet calculatedCVE-2019-10646
MISCwordpress -- wordpress
 A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.2019-03-27not yet calculatedCVE-2019-1000031
MISC
BUGTRAQwordpress -- wordpress
 An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.2019-03-27not yet calculatedCVE-2019-1010257
MISC
BUGTRAQ
MISCwordpress -- wordpress
 The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.2019-03-24not yet calculatedCVE-2019-9978
MISC
MISC
MISC
MISC
MISC
MISC
MISCzoho -- manageengine_servicedesk_plusManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.2019-03-25not yet calculatedCVE-2017-9376
BID
MISCzoho -- manageengine_servicedesk_plusManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.2019-03-25not yet calculatedCVE-2017-9362
MISCzzzcms -- zzzphpZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).2019-03-30not yet calculatedCVE-2019-10647
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

VMware Releases Security Updates

US-CERT All NCAS Products - Fri, 03/29/2019 - 17:20
Original release date: March 29, 2019

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Update for Cisco IOS XE

US-CERT All NCAS Products - Thu, 03/28/2019 - 16:23
Original release date: March 28, 2019

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Updates for Multiple Products

US-CERT All NCAS Products - Wed, 03/27/2019 - 19:02
Original release date: March 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

ASUS Releases Security Update for Live Update Software

US-CERT All NCAS Products - Tue, 03/26/2019 - 17:15
Original release date: March 26, 2019

ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. The article includes a security diagnostic tool that users can run on their device to determine whether it is affected. CISA also encourages users and administrators to review the ASUS FAQ page to confirm that their device has received the upgrade to version 3.6.8 of Live Update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Apple Releases Multiple Security Updates

US-CERT All NCAS Products - Tue, 03/26/2019 - 01:14
Original release date: March 25, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Update for Thunderbird

US-CERT All NCAS Products - Tue, 03/26/2019 - 01:13
Original release date: March 25, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

SB19-084: Vulnerability Summary for the Week of March 18, 2019

US-CERT All NCAS Products - Mon, 03/25/2019 - 15:04
Original release date: March 25, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoairmore -- airmoreThe AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.2019-03-157.8CVE-2019-9831
EXPLOIT-DB
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.2019-03-157.2CVE-2018-18252
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges.2019-03-157.2CVE-2018-18255
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.2019-03-157.2CVE-2018-18256
MISCcaret -- caretCaret before 2019-02-22 allows Remote Code Execution.2019-03-227.5CVE-2019-9927
MISCdesignchemical -- social_network_tabsThe Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.2019-03-217.5CVE-2018-20555
MISCens -- webgalambsubscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.2019-03-217.5CVE-2018-19510
MISC
MISCens -- webgalambIn Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.2019-03-219.0CVE-2018-19512
MISC
MISCens -- webgalambIn Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.2019-03-217.5CVE-2018-19514
MISC
MISCens -- webgalambIn Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.2019-03-217.5CVE-2018-19515
MISC
MISCfive9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).2019-03-177.5CVE-2018-15509
MISChidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.2019-03-217.2CVE-2018-17491
XFkioware -- kioware_serverKioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions.2019-03-217.2CVE-2018-18435
MISC
EXPLOIT-DBopenmrs -- openmrsOpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.2019-03-2110.0CVE-2018-19276
MISC
EXPLOIT-DBopensuse -- yast2-printerIn yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.2019-03-159.3CVE-2018-20106
CONFIRMportier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.2019-03-217.5CVE-2019-5722
MISC
BUGTRAQ
EXPLOIT-DB
MISCputty -- puttyIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.2019-03-217.5CVE-2019-9895
MISCputty -- puttyPotential recycling of random numbers used in cryptography exists within PuTTY before 0.71.2019-03-217.5CVE-2019-9898
BID
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.2019-03-157.5CVE-2018-20177
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20179
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20180
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20181
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20182
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANroxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows unrestricted file upload in upload.php.2019-03-217.5CVE-2018-20526
MISC
EXPLOIT-DBschool_attendance_monitoring_system_project -- school_attendance_monitoring_systemSchool Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit.2019-03-217.5CVE-2018-18798
MISC
EXPLOIT-DBsolarwinds -- serv-u_ftp_serverSolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.2019-03-219.0CVE-2018-15906
MISC
MISC
MISCthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17493
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17494
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.2019-03-217.2CVE-2018-17495
XFthresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.2019-03-217.2CVE-2018-17496
XFBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabantecart -- abantecartAbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.2019-03-214.3CVE-2018-20141
MISC
MISC
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2018-20633
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.2019-03-214.0CVE-2018-20634
MISCadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-214.0CVE-2018-20635
MISCairdrop_project -- airdropThe AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.2019-03-155.0CVE-2019-9832
EXPLOIT-DB
MISCairties -- air_5341_firmwareAirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.2019-03-216.8CVE-2019-6967
MISC
MISC
MISC
EXPLOIT-DBartifex -- ghostscriptIn Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.2019-03-216.8CVE-2019-6116
CONFIRM
CONFIRM
MISC
MLIST
MLIST
BID
REDHAT
MISC
CONFIRM
MLIST
FEDORA
FEDORA
UBUNTU
DEBIAN
EXPLOIT-DBbestpractical -- request_trackerThe email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.2019-03-215.0CVE-2018-18898
CONFIRM
FEDORA
FEDORAbooking_calendar_project -- booking_calendarSQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.2019-03-216.5CVE-2018-20556
MISC
EXPLOIT-DBbose -- soundtouchAn issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.2019-03-214.3CVE-2018-12638
MISC
MISCbroadcastboxes -- scion-8_firmwareCircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.2019-03-155.0CVE-2019-5616
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.2019-03-156.9CVE-2018-18253
MISCcapmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.2019-03-154.6CVE-2018-18254
MISCcar_rental_script_project -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.2019-03-216.8CVE-2018-20648
MISCcolossusxt -- colossuscoinxtColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.2019-03-215.0CVE-2018-19158
MISC
CONFIRM
MISCcoyoapp -- coyoCOYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.2019-03-214.3CVE-2018-16519
MISC
MISC
MISC
CONFIRMcryptobots -- battletokenAn Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.2019-03-155.0CVE-2018-17882
MISC
MISCdeltek -- ajeraSecure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.2019-03-216.5CVE-2018-20221
MISC
MISCdnnsoftware -- dotnetnukeDNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.2019-03-214.3CVE-2018-14486
MISC
MISCdropbear_ssh_project -- dropbear_sshIt was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.2019-03-215.0CVE-2017-2659
CONFIRM
MISCens -- webgalambwg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.2019-03-214.3CVE-2018-19509
MISC
MISCens -- webgalambwg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.2019-03-214.3CVE-2018-19511
MISC
MISCens -- webgalambIn Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.2019-03-215.0CVE-2018-19513
MISC
MISCfasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12022
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISCfasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12023
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRMfedoraproject -- fedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.2019-03-215.0CVE-2019-5885
CONFIRM
CONFIRM
CONFIRM
CONFIRMfive9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).2019-03-215.0CVE-2018-15508
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.2019-03-216.8CVE-2019-6727
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.2019-03-214.3CVE-2019-6728
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.2019-03-216.8CVE-2019-6729
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.2019-03-216.8CVE-2019-6730
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.2019-03-216.8CVE-2019-6731
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.2019-03-214.3CVE-2019-6732
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576.2019-03-214.3CVE-2019-6733
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.2019-03-214.3CVE-2019-6734
MISC
MISCfoxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.2019-03-214.3CVE-2019-6735
MISC
MISCfujitsu -- gk900_firmwareThe receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.2019-03-155.8CVE-2019-9835
BID
MISCget-simple. -- getsimplecmsGetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.2019-03-215.8CVE-2019-9915
MISC
MISChaproxy -- haproxyAn out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.2019-03-215.0CVE-2018-20615
MLIST
BID
REDHAT
UBUNTU
MLISTibm -- infosphere_streamsIBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.2019-03-214.3CVE-2017-1713
CONFIRM
XFimage_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.2019-03-215.0CVE-2019-7430
MISCimage_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7431
MISCjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17487
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17488
XFlayerbb -- layerbbLayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.2019-03-215.8CVE-2018-17996
MISC
MISC
MISC
EXPLOIT-DBlayerbb -- layerbbLayerBB 1.1.1 allows XSS via the titles of conversations (PMs).2019-03-214.3CVE-2018-17997
MISC
CONFIRM
EXPLOIT-DBmacpaw -- cleanmymac_xAn exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.2019-03-216.6CVE-2019-5011
MISCmicroweber -- microweberMicroweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.2019-03-214.3CVE-2018-19917
MISC
MISC
MISC
MISCmoodle -- moodleMoodle 3.5.x before 3.5.4 allows SSRF.2019-03-216.0CVE-2019-6970
MISCmy-netdata -- netdataThe Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user.2019-03-154.3CVE-2019-9834
EXPLOIT-DB
MISCopentext -- documentum_webtopXSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.2019-03-214.3CVE-2019-7416
MISC
FULLDISC
MISCphamm -- phammPhamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).2019-03-174.3CVE-2018-20806
MISCpodcastgenerator -- podcast_generatorPodcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.2019-03-214.3CVE-2018-20121
MISC
MISC
MISC
MISCportier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.2019-03-215.0CVE-2019-5723
MISC
BUGTRAQ
MISCproperty_rental_software_project -- property_rental_softwarePHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.2019-03-214.0CVE-2019-7429
MISCputty -- puttyA remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.2019-03-216.4CVE-2019-9894
MISCputty -- puttyIn PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.2019-03-214.6CVE-2019-9896
MISCputty -- puttyMultiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.2019-03-215.0CVE-2019-9897
MISCqemu -- qemuIn QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.2019-03-214.6CVE-2019-6778
SUSE
MISC
BID
FEDORA
MISCrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.2019-03-155.0CVE-2018-20174
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20175
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20176
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).2019-03-155.0CVE-2018-20178
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIANrental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2019-7433
MISCrental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7434
MISCreputeinfosystems -- repute_arformsAn issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.2019-03-216.4CVE-2018-15818
MISC
MISCroxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.2019-03-215.0CVE-2018-20525
MISC
EXPLOIT-DBs-cms -- s-cmsS-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.2019-03-224.3CVE-2019-9925
MISCsaltos -- saltosSaltOS 3.1 r8126 allows CSRF.2019-03-214.3CVE-2018-18762
MISC
EXPLOIT-DBscreen_stream_project -- screen_streamThe Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.2019-03-155.0CVE-2019-9833
EXPLOIT-DBsimplenia -- pagesThe Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.2019-03-214.3CVE-2018-19498
MISC
MISC
MISCtop-vision -- cc8800ce_firmwareTopvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.2019-03-155.0CVE-2018-18205
MISC
MISCtwiki -- twikibin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.2019-03-214.3CVE-2018-20212
MISC
MISC
MISCwowza -- streaming_engineThe REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.2019-03-215.0CVE-2018-19365
MISCzenphoto -- zenphotoZenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.2019-03-214.3CVE-2018-20140
MISC
MISC
MISC
MISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.2019-03-214.3CVE-2019-7422
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.2019-03-214.3CVE-2019-7423
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.2019-03-214.3CVE-2019-7424
MISC
FULLDISC
MISCzohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.2019-03-214.3CVE-2019-7425
MISC
FULLDISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.2019-03-213.5CVE-2018-20632
MISCavast -- free_antivirusAvast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.2019-03-212.1CVE-2018-12572
MISCenvoy -- passportEnvoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.2019-03-212.1CVE-2018-17499
XFhidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.2019-03-212.1CVE-2018-17489
XFhidglobal -- easylobby_soloEasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.2019-03-213.6CVE-2018-17490
XFhidglobal -- easylobby_soloEasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17492
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.2019-03-212.1CVE-2018-17482
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.2019-03-212.1CVE-2018-17483
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.2019-03-213.6CVE-2018-17484
XFjollytech -- lobby_trackLobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17485
XFjollytech -- lobby_trackLobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.2019-03-213.6CVE-2018-17486
XFopensuse -- yast2-samba-provisionIn yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list2019-03-152.1CVE-2018-17956
CONFIRMqemu -- qemuIn Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.2019-03-212.1CVE-2018-18849
SUSE
SUSE
SUSE
MISC
FEDORA
MISC
UBUNTUsecurenvoy -- securaccessAn issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone.2019-03-211.9CVE-2018-18466
MISCthresholdsecurity -- evisitorpasseVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17497
XFwebmin -- webminWebmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.2019-03-213.5CVE-2018-19191
MISC
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- hadoop
 In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.2019-03-21not yet calculatedCVE-2018-11767
MLIST
MLIST
MLISTapache -- heron
 When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.2019-03-21not yet calculatedCVE-2018-11789
BID
MLISTapache -- karaf
 Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.2019-03-21not yet calculatedCVE-2019-0191
BID
MLISTaudiocodes -- ip_phone_420hd_devices
 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.2019-03-21not yet calculatedCVE-2018-10093
MISC
MISC
MISCaudiocodes -- ip_phone_420hd_devices
 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.2019-03-21not yet calculatedCVE-2018-10091
MISC
MISCbarracuda -- vpn_clientThe barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.2019-03-21not yet calculatedCVE-2019-6724
CONFIRM
MISC
CONFIRMbash -- bash
 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.2019-03-22not yet calculatedCVE-2019-9924
MISC
MISCblackberry -- athoc
 An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.2019-03-21not yet calculatedCVE-2019-8997
MISCblogengine.net -- blogengine.net
 An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.2019-03-21not yet calculatedCVE-2019-6714
MISC
MISC
MISC
EXPLOIT-DBbmc -- remedy_mid-tier
 BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.2019-03-21not yet calculatedCVE-2018-18862
MISC
MISC
CONFIRMchinamobile -- plc_wireless_routerChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6282
MISC
MISC
EXPLOIT-DB
MISCchinamobile -- plc_wireless_router
 ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6279
MISC
MISC
EXPLOIT-DB
MISCcisco -- ip_phone_7800_series_and_ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.2019-03-22not yet calculatedCVE-2019-1716
CISCOcisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.2019-03-22not yet calculatedCVE-2019-1766
CISCOcisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.2019-03-22not yet calculatedCVE-2019-1765
CISCOcisco -- ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1763
CISCOcisco -- ip_phone_8800_series
 A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1764
CISCOckeditor -- ckeditor
 plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.2019-03-21not yet calculatedCVE-2019-9870
MISC
MISCcontrolbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_moduleA stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.2019-03-21not yet calculatedCVE-2018-18882
BID
MISCcontrolbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_module
 A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state.2019-03-21not yet calculatedCVE-2018-18881
BID
MISCcore_ftp -- core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.2019-03-22not yet calculatedCVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DBcore_ftp -- core_ftp
 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.2019-03-22not yet calculatedCVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DBcoturn -- coturn
 An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.2019-03-21not yet calculatedCVE-2018-4059
MISCcoturn -- coturn
 An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4058
MISCcujo -- smart_firewall
 An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-3985
MISCcujo -- smart_firewall
 An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4003
MISCcujo -- smart_firewall
 An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.2019-03-21not yet calculatedCVE-2018-3963
MISCcujo -- smart_firewall
 An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4011
MISCcujo -- smart_firewall
 An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.2019-03-21not yet calculatedCVE-2018-4030
MISCcujo -- smart_firewall
 An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.2019-03-21not yet calculatedCVE-2018-3969
MISCdenx -- das_u-boot
 An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.2019-03-21not yet calculatedCVE-2018-3968
MISCdigi -- transport_lr54
 Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.2019-03-21not yet calculatedCVE-2018-20162
MISC
MISC
MISCdonfig -- donfigAn issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.2019-03-21not yet calculatedCVE-2019-7537
MISC
MISCdoorkeeper -- openidconnect
 Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.2019-03-21not yet calculatedCVE-2019-9837
MISC
MISC
MISCenvoy -- passport_for_android_and_passport_for_iphone
 Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.2019-03-21not yet calculatedCVE-2018-17500
XFericsson -- active_library_explorer
 XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.2019-03-21not yet calculatedCVE-2019-7417
MISC
FULLDISC
MISCfatek -- automation_pm_designer_and_automation_fv_designer
 A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.2019-03-21not yet calculatedCVE-2016-5800
MISCflexera_software -- flexnet_publisherA Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20034
CONFIRMflexera_software -- flexnet_publisherA Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20032
CONFIRMflexera_software -- flexnet_publisher
 A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20031
CONFIRMgl.inet -- gl-ar300m-lite_devicesCommand injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6275
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devicesDirectory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.2019-03-21not yet calculatedCVE-2019-6274
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devicesdownload_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.2019-03-21not yet calculatedCVE-2019-6273
MISC
EXPLOIT-DBgl.inet -- gl-ar300m-lite_devices
 Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6272
MISC
EXPLOIT-DBgnu -- tar
 pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.2019-03-22not yet calculatedCVE-2019-9923
MISC
MISC
MISCgraphviz -- graphviz
 An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.2019-03-21not yet calculatedCVE-2019-9904
MISC
MISCheimdal_security -- thor_agent
 Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.2019-03-21not yet calculatedCVE-2019-8351
MISChms_industrial_networks -- netbiter_ws100_devices
 HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.2019-03-21not yet calculatedCVE-2018-19694
MISC
MISC
CONFIRM
MISChospira -- symbiq_infusion_system
 Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.2019-03-23not yet calculatedCVE-2015-3965
MISChostapd -- hostapd
 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.2019-03-23not yet calculatedCVE-2016-10743
MISChumhub -- humhubA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.2019-03-21not yet calculatedCVE-2019-9094
MISChumhub -- humhub
 A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.2019-03-21not yet calculatedCVE-2019-9093
MISCibm -- api_connect
 IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.2019-03-22not yet calculatedCVE-2019-4052
CONFIRM
XFibm -- content_navigator
 IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.2019-03-22not yet calculatedCVE-2019-4035
CONFIRM
XFibm -- db2_for_linux_and_unix_and_windows
 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.2019-03-21not yet calculatedCVE-2019-4094
XF
CONFIRMibm -- power_9_systems
 The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.2019-03-21not yet calculatedCVE-2018-1992
XF
CONFIRMibm -- websphere_mq
 IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.2019-03-21not yet calculatedCVE-2018-1836
BID
XF
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.2019-03-23not yet calculatedCVE-2019-9956
BID
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16253
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.2019-03-21not yet calculatedCVE-2017-16255
MISCinsteon -- hub
 An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16254
MISCinvoiceplane -- invoiceplane
 InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.2019-03-21not yet calculatedCVE-2019-7223
MISCiobit -- smart_defrag
 SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.2019-03-21not yet calculatedCVE-2019-6492
MISCipycache -- ipycacheA code injection issue was discovered in ipycache through 2016-05-31.2019-03-21not yet calculatedCVE-2019-7539
CONFIRMjiofi -- 4g_m2s_devicesJioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).2019-03-21not yet calculatedCVE-2019-7440
MISCkentix -- multisensor-lan_devices
 Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.2019-03-21not yet calculatedCVE-2018-19783
MISC
MISCkill-port -- kill-portIf an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.2019-03-21not yet calculatedCVE-2019-5414
MISClenovo -- dynamic_power_reduction_utility
 An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.2019-03-17not yet calculatedCVE-2019-6149
BID
CONFIRMlibseccomp -- libseccomp
 libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.2019-03-21not yet calculatedCVE-2019-9893
MISC
MISClibsndfile -- libsndfile
 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.2019-03-21not yet calculatedCVE-2019-3832
CONFIRM
CONFIRM
CONFIRMlibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3858
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3859
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3862
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClibssh2 -- libssh2
 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-21not yet calculatedCVE-2019-3855
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISClimesurvey -- limesurvey
 The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.2019-03-23not yet calculatedCVE-2019-9960
MISClinux -- kernel
 In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.2019-03-21not yet calculatedCVE-2019-9857
BID
MISC
MISClinux -- kernel
 The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.2019-03-21not yet calculatedCVE-2018-19985
MISC
MISC
MISC
MISC
MISClinux -- kernel
 An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.2019-03-21not yet calculatedCVE-2018-20669
MISC
MLIST
MLIST
BID
MISClinux -- kernel
 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.2019-03-21not yet calculatedCVE-2019-7222
SUSE
MISC
MLIST
BID
CONFIRM
CONFIRM
MISC
FEDORA
FEDORAlinux -- kernel
 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.2019-03-21not yet calculatedCVE-2019-7221
SUSE
MISC
MISC
CONFIRM
CONFIRM
MISC
FEDORA
FEDORAlocalhost-now -- localhost-now
 A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5416
MISClogonbox -- nervepoint_access_manager
 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.2019-03-21not yet calculatedCVE-2019-6716
MISC
EXPLOIT-DB
MISCmailcleaner -- mailcleaner_community_edition
 www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.2019-03-21not yet calculatedCVE-2018-20323
MISC
MISCmastercard -- qkr!_with_masterpass
 The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.2019-03-21not yet calculatedCVE-2019-6702
MISC
FULLDISC
MISC
MISCmorgan -- morgan
 An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.2019-03-21not yet calculatedCVE-2019-5413
MISCmoxa -- oncell_g3100v2_series_and_oncell g3111/g3151/g3211/g3251_series
 Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server.2019-03-21not yet calculatedCVE-2016-5819
MISCmoxa -- softcms
 Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6457
MISCmoxa -- softcms
 Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6458
MISCmybb -- mybb
 In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.2019-03-21not yet calculatedCVE-2018-14724
EXPLOIT-DBmybb -- mybb
 Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.2019-03-21not yet calculatedCVE-2018-14575
MISC
MISC
MISCnetapp -- service_processor
 Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.2019-03-21not yet calculatedCVE-2019-5490
CONFIRMnetiq -- edirectory
 NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.2019-03-21not yet calculatedCVE-2016-9166
CONFIRMnokia -- 8810_4g_devices
 A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.2019-03-21not yet calculatedCVE-2019-7386
MISC
FULLDISC
MISC
MISC
MISCopen-xchange -- ox_app_suite
 OX App Suite 7.8.4 and earlier allows SSRF.2019-03-21not yet calculatedCVE-2018-13103
MISC
MISCopen-xchange -- ox_app_suite
 OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)2019-03-21not yet calculatedCVE-2018-13104
MISC
MISCopentext -- portal
 Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.2019-03-22not yet calculatedCVE-2018-20165
MISCopera_software -- opera
 Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.2019-03-21not yet calculatedCVE-2018-18913
CONFIRM
MISCpatlite -- nbm-d88n_and_nhl-3fb1_and_nhl-3fv1n_devices
 A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices allows attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.2019-03-21not yet calculatedCVE-2018-18473
MISCphpscriptsmall.com -- advance_crowdfunding_scriptPHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20630
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.2019-03-21not yet calculatedCVE-2018-20644
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.2019-03-21not yet calculatedCVE-2018-20645
MISCphpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.2019-03-21not yet calculatedCVE-2018-20646
MISCphpscriptsmall.com -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.2019-03-21not yet calculatedCVE-2018-20647
MISCphpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20628
MISCphpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20629
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.2019-03-21not yet calculatedCVE-2018-20637
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20638
MISCphpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.2019-03-21not yet calculatedCVE-2018-20636
MISCphpscriptsmall.com -- consumer_reviews_scriptPHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.2019-03-21not yet calculatedCVE-2018-20627
MISCphpscriptsmall.com -- consumer_reviews_script
 PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20626
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.2019-03-21not yet calculatedCVE-2018-20642
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.2019-03-21not yet calculatedCVE-2018-20639
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-21not yet calculatedCVE-2018-20641
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.2019-03-21not yet calculatedCVE-2018-20640
MISCphpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20643
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.2019-03-21not yet calculatedCVE-2019-7436
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.2019-03-21not yet calculatedCVE-2019-7435
MISCphpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.2019-03-21not yet calculatedCVE-2019-7437
MISCphpscriptsmall.com -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.2019-03-21not yet calculatedCVE-2019-7432
MISCphpscriptsmall.com -- website_seller_script
 PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.2019-03-21not yet calculatedCVE-2018-20631
MISCplohni -- advanced_comment_system
 internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.2019-03-21not yet calculatedCVE-2018-18845
MISC
MISCpoppler -- poppler
 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.2019-03-21not yet calculatedCVE-2019-9903
MISC
MISCpowerdns -- authoritative_server
 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response2019-03-21not yet calculatedCVE-2019-3871
MLIST
BID
CONFIRM
MISCprinteron -- enterprise
 PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.2019-03-21not yet calculatedCVE-2018-17167
MISCpuppet -- chloride
 Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.2019-03-21not yet calculatedCVE-2018-6517
CONFIRMpuppet -- discovery
 Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.2019-03-21not yet calculatedCVE-2018-11747
CONFIRMpython -- pythonurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.2019-03-23not yet calculatedCVE-2019-9948
MISC
MISCpython -- python
 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.2019-03-23not yet calculatedCVE-2019-9947
MISCpython-gnupg -- python-gnupg
 python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.2019-03-21not yet calculatedCVE-2019-6690
SUSE
SUSE
MISC
BID
MLIST
MISC
BUGTRAQqemu -- qemu
 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.2019-03-21not yet calculatedCVE-2019-8934
MISC
MISC
MISCqemu -- qemu
 In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.2019-03-21not yet calculatedCVE-2019-6501
MLIST
MLISTqt -- qt
 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.2019-03-21not yet calculatedCVE-2018-19872
CONFIRMraisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7384
MISC
FULLDISC
MISC
MISC
BID
MISCraisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7385
MISC
MISC
FULLDISC
MISC
BID
MISC

reliance_jio_infocomm -- jiofi_4g_m2s_devices

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7439
MISCreliance_jio_infocomm -- jiofi_4g_m2s_devicescgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7438
MISC
MISCrisi -- gestao_de_horarios
 RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.2019-03-21not yet calculatedCVE-2019-6491
MISCsamsung -- galaxy_s6Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.2019-03-21not yet calculatedCVE-2018-14745
MISC
MISC
CONFIRMsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.2019-03-21not yet calculatedCVE-2019-7421
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.2019-03-21not yet calculatedCVE-2019-7420
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.2019-03-21not yet calculatedCVE-2019-7419
MISC
FULLDISC
MISC
MISCsamsung -- x7400gx_syncthru_web_service
 XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.2019-03-21not yet calculatedCVE-2019-7418
MISC
FULLDISC
MISC
MISCschneider_electric -- modicon_plc_productsReflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.2019-03-21not yet calculatedCVE-2015-6462
MISCschneider_electric -- modicon_plc_products
 Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.2019-03-21not yet calculatedCVE-2015-6461
MISCserve -- serveA bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.2019-03-21not yet calculatedCVE-2019-5415
MISCserve -- serve
 A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5417
MISC

shareit -- shareit_for_android

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.2019-03-22not yet calculatedCVE-2019-9939
MISCshareit -- shareit_for_android
 The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."2019-03-22not yet calculatedCVE-2019-9938
MISCshellinabox -- shellinabox
 libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.2019-03-21not yet calculatedCVE-2018-16789
MISC
MISC
CONFIRM
CONFIRMshenzhen_electronics_coship -- multiple_devices
 An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.2019-03-21not yet calculatedCVE-2019-6441
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DBshenzhen_skyworth -- multiple_devices
 An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.2019-03-21not yet calculatedCVE-2018-19524
MISC
MISC
MISC
MISC
MISCsiemens -- multiple_products
 A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-03-21not yet calculatedCVE-2018-16563
CONFIRMsiemens -- sicam_products
 A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.2019-03-21not yet calculatedCVE-2018-13798
CONFIRMsignal_messenger -- open_whisper_and_private_messenger
 Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-23not yet calculatedCVE-2019-9970
MISCsoftnas -- cloud
 SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.2019-03-23not yet calculatedCVE-2019-9945
MISCsolarwinds -- serv-u_ftp_server
 SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.2019-03-21not yet calculatedCVE-2018-19934
MISC
MISC
MISCsonatype -- nexus_repository_manager
 Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.2019-03-21not yet calculatedCVE-2019-7238
MISCsplunk -- splunk-sdk-python
 Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.2019-03-21not yet calculatedCVE-2019-5729
CONFIRMsqlite -- sqliteIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.2019-03-22not yet calculatedCVE-2019-9937
MISC
MISC
MISCsqlite -- sqlite
 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.2019-03-22not yet calculatedCVE-2019-9936
MISC
MISC
MISCsqlitemanager -- sqlitemanager
 SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.2019-03-21not yet calculatedCVE-2019-9083
MISCsricam -- ip_cctv_cameras
 Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.2019-03-21not yet calculatedCVE-2019-6973
MISC
MISC
EXPLOIT-DBsynaptics -- touchpad_drivers
 SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.2019-03-21not yet calculatedCVE-2018-15532
MISC
MISC
MISC
CONFIRMsystemd -- systemd
 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).2019-03-21not yet calculatedCVE-2019-6454
SUSE
MLIST
MLIST
BID
REDHAT
MISC
MLIST
FEDORA
UBUNTU
DEBIANsystrome -- cumilon_isg-600c_and_isg-600h_and_isg-800w_devices
 An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.2019-03-21not yet calculatedCVE-2019-7383
MISC
MISC
FULLDISC
MISC
BID
MISCsystrome -- multiple_devices
 An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.2019-03-21not yet calculatedCVE-2018-19525
MISC
MISC
MISCteracue -- enc-400_devicesAn issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.2019-03-21not yet calculatedCVE-2018-20219
MISC
MISC
MISCteracue -- enc-400_devices
 An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.2019-03-21not yet calculatedCVE-2018-20220
MISC
MISC
MISCteracue -- enc-400_devices
 An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.2019-03-21not yet calculatedCVE-2018-20218
MISC
MISCthe_receptionist -- the_receptionist_for_ipad
 The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.2019-03-21not yet calculatedCVE-2018-17502
XFtwig -- twig
 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.2019-03-23not yet calculatedCVE-2019-9942
MISC
MISCvanilla -- vanilla
 In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.2019-03-21not yet calculatedCVE-2019-9889
MISC
MISC
MISCveritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9868
MISCveritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9867
MISCvertrigoserv -- vertrigoserv
 VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.2019-03-21not yet calculatedCVE-2019-8938
MISC
MISC
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3496
MISC
MLIST
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3497
MISC
MLIST
MISCwifi-soft -- unibox_controller
 An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3495
MISC
MLIST
MISCwordpress -- wordpressThe wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.2019-03-21not yet calculatedCVE-2019-9912
FULLDISC
MISC
MISCwordpress -- wordpressThe yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.2019-03-21not yet calculatedCVE-2019-9914
FULLDISC
MISC
MISCwordpress -- wordpressThe wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.2019-03-21not yet calculatedCVE-2019-9913
FULLDISC
MISC
MISCwordpress -- wordpress
 The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.2019-03-21not yet calculatedCVE-2019-9908
FULLDISC
MISC
MISC
MISCwordpress -- wordpress
 The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.2019-03-21not yet calculatedCVE-2018-19488
MISCwordpress -- wordpress
 The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.2019-03-21not yet calculatedCVE-2018-19487
MISCwordpress -- wordpress
 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.2019-03-21not yet calculatedCVE-2019-7441
MISCwordpress -- wordpress
 The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.2019-03-21not yet calculatedCVE-2019-9911
FULLDISC
MISC
MISCwordpress -- wordpress
 A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.2019-03-21not yet calculatedCVE-2019-7299
MISC
MISC
MISCwordpress -- wordpress
 The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.2019-03-21not yet calculatedCVE-2019-9909
FULLDISC
MISC
MISC
MISCwordpress -- wordpress
 The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.2019-03-21not yet calculatedCVE-2019-9910
FULLDISC
MISC
MISCwso2 -- api_manager
 An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.2019-03-21not yet calculatedCVE-2018-20736
CONFIRM
CONFIRM
MISCwso2 -- api_manager
 An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.2019-03-21not yet calculatedCVE-2018-20737
CONFIRM
CONFIRM
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.2019-03-23not yet calculatedCVE-2019-9969
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.2019-03-23not yet calculatedCVE-2019-9966
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.2019-03-23not yet calculatedCVE-2019-9967
MISCxnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.2019-03-23not yet calculatedCVE-2019-9968
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.2019-03-23not yet calculatedCVE-2019-9964
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.2019-03-23not yet calculatedCVE-2019-9965
MISCxnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.2019-03-23not yet calculatedCVE-2019-9963
MISCxnview -- xnview_mp
 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.2019-03-23not yet calculatedCVE-2019-9962
MISCxpdf -- xpdfThere is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9878
MISC
MISCxpdf -- xpdf
 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9877
MISC
MISCyast -- yast2-multipath
 In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection2019-03-15not yet calculatedCVE-2018-17955
CONFIRMysoft -- safeq_server
 YSoft SafeQ Server 6 allows a replay attack.2019-03-21not yet calculatedCVE-2018-15498
MISCyubico -- libu2f-host
 Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.2019-03-21not yet calculatedCVE-2018-20340
CONFIRM
MISC
MISC
CONFIRMzoho_manageengine -- adselfservice_plus
 An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.2019-03-21not yet calculatedCVE-2019-7161
MISC
CONFIRMzyxel -- vmg3312-b10b_dsl-491hnu-b1b_modem
 ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.2019-03-21not yet calculatedCVE-2019-7391
MISC
MISC
EXPLOIT-DB
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Updates for Firefox

US-CERT All NCAS Products - Fri, 03/22/2019 - 22:35
Original release date: March 22, 2019

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1  and Firefox 66.0.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Drupal Releases Security Updates

US-CERT All NCAS Products - Wed, 03/20/2019 - 22:51
Original release date: March 20, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Cisco Releases Security Advisories for Multiple Products

US-CERT All NCAS Products - Wed, 03/20/2019 - 21:50
Original release date: March 20, 2019

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Mozilla Releases Security Updates for Firefox

US-CERT All NCAS Products - Tue, 03/19/2019 - 19:32
Original release date: March 19, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: LATEST ALERT

Pages