Vulnerability Summary for the Week of February 25, 2019
Released
Mar 04, 2019
Document ID
SB19-063
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| antfin -- sofa-hessian | SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. | 2019-02-27 | 7.5 | CVE-2019-9212 MISC |
| baigo -- baigo_cms | An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BG_SITE_NAME parameter with malicious code can be written into the opt_base.inc.php file. | 2019-02-28 | 7.5 | CVE-2019-9227 MISC |
| checkpoint -- zonealarm | Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | 2019-03-01 | 7.2 | CVE-2018-8790 MISC MISC MISC |
| cisco -- rv110w_firmware | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. | 2019-02-28 | 10.0 | CVE-2019-1663 BID CISCO |
| cordaware -- bestinformed | Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | 2019-02-25 | 7.5 | CVE-2019-6266 MISC |
| d-link -- dir-825_rev.b_firmware | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | 2019-02-25 | 7.5 | CVE-2019-9123 MISC |
| d-link -- dir-878_firmware | An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | 2019-02-25 | 7.5 | CVE-2019-9124 MISC |
| d-link -- dir-878_firmware | An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header. | 2019-02-25 | 7.5 | CVE-2019-9125 MISC MISC |
| fizzday -- gorose | GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | 2019-02-23 | 7.5 | CVE-2019-9047 MISC |
| flexera -- flexnet_publisher | A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. | 2019-02-25 | 7.5 | CVE-2018-20033 SECUNIA |
| gnu -- glibc | In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. | 2019-02-25 | 7.5 | CVE-2019-9169 BID MISC MISC MISC MISC |
| google -- android | In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472. | 2019-02-28 | 9.3 | CVE-2019-1986 BID CONFIRM |
| google -- android | In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. | 2019-02-28 | 9.3 | CVE-2019-1987 BID CONFIRM |
| google -- android | In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692. | 2019-02-28 | 9.3 | CVE-2019-1988 BID CONFIRM |
| google -- android | In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268. | 2019-02-28 | 9.3 | CVE-2019-1991 BID CONFIRM |
| google -- android | In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069. | 2019-02-28 | 7.6 | CVE-2019-1992 BID CONFIRM |
| google -- android | In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889. | 2019-02-28 | 7.2 | CVE-2019-1993 BID CONFIRM |
| google -- android | In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924. | 2019-02-28 | 9.3 | CVE-2019-1994 BID CONFIRM |
| google -- android | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196. | 2019-02-28 | 7.2 | CVE-2019-1999 BID CONFIRM EXPLOIT-DB |
| google -- android | In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789. | 2019-02-28 | 7.2 | CVE-2019-2000 BID CONFIRM EXPLOIT-DB |
| j2store -- j2store | SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | 2019-02-26 | 7.5 | CVE-2019-9184 MISC |
| jamf -- self_service | Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream. | 2019-02-25 | 7.9 | CVE-2019-9146 MISC |
| linux -- linux_kernel | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | 2019-02-22 | 7.8 | CVE-2019-9003 MISC BID MISC MISC |
| live555 -- streaming_media | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | 2019-02-27 | 7.5 | CVE-2019-9215 MISC |
| micode -- xiaomi_perseus-p-oss | The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device. | 2019-02-24 | 7.1 | CVE-2018-20787 MISC |
| micode -- xiaomi_perseus-p-oss | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in drivers/gpu/drm/msm/sde_dbg.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device. | 2019-02-24 | 7.1 | CVE-2019-9111 MISC |
| micode -- xiaomi_perseus-p-oss | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in drivers/gpu/drm/msm/sde/sde_connector.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device. | 2019-02-24 | 7.1 | CVE-2019-9112 MISC |
| mozilla -- firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | 2019-02-28 | 7.5 | CVE-2018-12390 BID BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST GENTOO GENTOO UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | 2019-02-28 | 9.3 | CVE-2018-12391 BID BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | 2019-02-28 | 7.5 | CVE-2018-12392 BID BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST GENTOO GENTOO UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | 2019-02-28 | 7.5 | CVE-2018-12405 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64. | 2019-02-28 | 7.5 | CVE-2018-12407 BID CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | 2019-02-28 | 7.5 | CVE-2018-18492 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | 2019-02-28 | 7.5 | CVE-2018-18493 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | 2019-02-28 | 7.5 | CVE-2018-18498 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges. | 2019-02-27 | 7.2 | CVE-2019-5665 CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges. | 2019-02-27 | 7.2 | CVE-2019-5666 CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges. | 2019-02-27 | 7.2 | CVE-2019-5667 CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges. | 2019-02-27 | 7.2 | CVE-2019-5668 CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges. | 2019-02-27 | 7.2 | CVE-2019-5669 CONFIRM |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure. | 2019-02-27 | 7.2 | CVE-2019-5670 CONFIRM |
| opensourcebms -- open_source_background_management_system | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 2019-02-24 | 10.0 | CVE-2019-9082 MISC |
| pangea-comm -- fax_ata | Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | 2019-02-28 | 7.8 | CVE-2019-6551 BID MISC |
| phoenixcontact -- axc_1050_firmware | Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 2019-02-26 | 9.0 | CVE-2019-9201 MISC |
| php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. | 2019-02-22 | 7.5 | CVE-2019-9020 BID MISC MISC DEBIAN |
| php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. | 2019-02-22 | 7.5 | CVE-2019-9021 BID BID MISC DEBIAN |
| php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. | 2019-02-22 | 7.5 | CVE-2019-9023 BID MISC MISC MISC MISC MISC MISC MISC DEBIAN |
| qualcomm -- ipq8074_firmware | Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 7.2 | CVE-2018-11289 BID CONFIRM |
| qualcomm -- mdm9150_firmware | Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 7.2 | CVE-2018-11931 BID CONFIRM |
| qualcomm -- mdm9150_firmware | Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 7.5 | CVE-2018-11945 BID CONFIRM |
| qualcomm -- mdm9150_firmware | Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | 2019-02-25 | 7.2 | CVE-2018-13900 BID CONFIRM |
| qualcomm -- mdm9206_firmware | Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130. | 2019-02-25 | 7.5 | CVE-2018-13904 BID CONFIRM |
| qualcomm -- mdm9206_firmware | KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24. | 2019-02-25 | 7.2 | CVE-2018-13905 BID CONFIRM |
| std42 -- elfinder | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | 2019-02-26 | 7.5 | CVE-2019-9194 CONFIRM CONFIRM CONFIRM |
| webkitgtk -- webkitgtk | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). | 2019-02-24 | 7.5 | CVE-2019-8375 MISC MISC MISC MISC |
| zzzcms -- zzzphp | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | 2019-02-23 | 7.5 | CVE-2019-9041 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advancemame -- advancecomp | In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | 2019-02-27 | 4.3 | CVE-2019-9210 MLIST MISC |
| auction_website_script_project -- auction_website_script | PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. | 2019-02-23 | 4.0 | CVE-2019-9063 MISC |
| b3log -- symphony | An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | 2019-02-25 | 4.3 | CVE-2019-9142 MISC |
| baigo -- baigo_cms | An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to the bg_console/index.php?m=opt&c=request URI. | 2019-02-28 | 4.3 | CVE-2019-9226 MISC |
| british_airways -- entertainment_system | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact. | 2019-02-22 | 4.6 | CVE-2019-9019 MISC |
| ca -- privileged_access_manager | An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | 2019-02-26 | 6.4 | CVE-2019-7392 BID MISC |
| cab_booking_script_project -- cab_booking_script | PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | 2019-02-23 | 5.0 | CVE-2019-9064 MISC |
| canonical -- ubuntu_linux | A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | 2019-02-28 | 5.0 | CVE-2018-12393 BID BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST GENTOO GENTOO UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| carel -- pcoweb_card_firmware | The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | 2019-03-01 | 5.0 | CVE-2019-9484 MISC |
| cisco -- spa112_firmware | A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. | 2019-02-25 | 5.8 | CVE-2019-1683 BID CISCO |
| citrix -- netscaler_application_delivery_controller_firmware | Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | 2019-02-22 | 4.3 | CVE-2019-6485 BID MISC MISC |
| cordaware -- bestinformed | The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges. | 2019-02-25 | 4.6 | CVE-2019-6265 MISC |
| custom_t-shirt_ecommerce_script_project -- custom_t-shirt_ecommerce_script | PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. | 2019-02-23 | 4.0 | CVE-2019-9065 MISC |
| d-link -- dir-825_rev.b_firmware | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | 2019-02-25 | 6.5 | CVE-2019-9122 MISC |
| d-link -- dir-825_rev.b_firmware | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. | 2019-02-25 | 5.0 | CVE-2019-9126 MISC |
| deltaww -- screeneditor | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | 2019-02-28 | 4.3 | CVE-2019-6547 BID MISC |
| etsi -- enterprise_transport_security | The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy. | 2019-02-26 | 4.3 | CVE-2019-9191 BID MISC |
| exiv2 -- exiv2 | An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-25 | 6.8 | CVE-2019-9143 BID MISC MISC |
| exiv2 -- exiv2 | An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-25 | 6.8 | CVE-2019-9144 BID MISC MISC |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. | 2019-02-26 | 6.4 | CVE-2019-6592 BID CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.) | 2019-02-26 | 4.3 | CVE-2019-6593 CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances. | 2019-02-26 | 4.3 | CVE-2019-6594 CONFIRM |
| f5 -- big-ip_access_policy_manager | Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. | 2019-02-26 | 4.3 | CVE-2019-6595 BID CONFIRM |
| freedesktop -- poppler | A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-26 | 6.8 | CVE-2019-9200 BID MISC MISC |
| gnu -- binutils | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. | 2019-02-23 | 6.8 | CVE-2019-9070 BID MISC MISC |
| gnu -- binutils | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | 2019-02-23 | 4.3 | CVE-2019-9071 BID MISC MISC |
| gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | 2019-02-23 | 4.3 | CVE-2019-9072 MISC MISC MISC |
| gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | 2019-02-23 | 4.3 | CVE-2019-9073 MISC |
| gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | 2019-02-23 | 4.3 | CVE-2019-9074 MISC |
| gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | 2019-02-23 | 6.8 | CVE-2019-9075 MISC |
| gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. | 2019-02-23 | 4.3 | CVE-2019-9076 MISC |
| gnu -- binutils | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | 2019-02-23 | 6.8 | CVE-2019-9077 BID MISC |
| gnu -- glibc | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | 2019-02-25 | 5.0 | CVE-2009-5155 MISC MISC MISC MISC MISC MISC MISC |
| gnu -- glibc | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | 2019-02-25 | 5.0 | CVE-2018-20796 BID MISC MISC |
| gnu -- glibc | ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. | 2019-02-26 | 5.0 | CVE-2019-9192 MISC |
| gnu -- pspp | There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | 2019-02-27 | 4.3 | CVE-2019-9211 BID MISC |
| google -- android | In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900. | 2019-02-28 | 5.0 | CVE-2019-1997 BID CONFIRM |
| google -- android | In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338. | 2019-02-28 | 4.9 | CVE-2019-1998 BID CONFIRM |
| gurock -- testrail | An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration). | 2019-02-25 | 6.5 | CVE-2018-20063 MISC |
| hdfgroup -- hdf5 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. | 2019-02-25 | 6.8 | CVE-2019-9151 MISC |
| hdfgroup -- hdf5 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. | 2019-02-25 | 6.8 | CVE-2019-9152 MISC |
| hornerautomation -- cscape | Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code. | 2019-02-28 | 6.8 | CVE-2019-6555 BID MISC |
| hsycms -- hsycms | An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page. | 2019-02-25 | 4.3 | CVE-2019-9145 MISC |
| ibm -- bigfix_platform | IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869. | 2019-02-27 | 5.0 | CVE-2019-4061 CONFIRM BID XF |
| leonerd -- libvterm | libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c. | 2019-02-24 | 5.0 | CVE-2018-20786 MISC MISC |
| libming -- ming | Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. | 2019-02-24 | 6.8 | CVE-2019-9113 MISC |
| libming -- ming | Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a. | 2019-02-24 | 6.8 | CVE-2019-9114 MISC |
| linux -- linux_kernel | In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. | 2019-02-25 | 4.6 | CVE-2019-9162 MISC BID MISC MISC MISC MISC |
| maccms -- maccms | Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | 2019-02-27 | 4.3 | CVE-2019-8410 MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c. | 2019-02-23 | 5.0 | CVE-2019-9026 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. | 2019-02-23 | 5.0 | CVE-2019-9027 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. | 2019-02-23 | 6.4 | CVE-2019-9028 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. | 2019-02-23 | 5.0 | CVE-2019-9029 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | 2019-02-23 | 6.4 | CVE-2019-9030 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. | 2019-02-23 | 5.0 | CVE-2019-9031 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. | 2019-02-23 | 5.0 | CVE-2019-9032 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | 2019-02-23 | 6.4 | CVE-2019-9033 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | 2019-02-23 | 6.4 | CVE-2019-9034 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | 2019-02-23 | 6.4 | CVE-2019-9035 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. | 2019-02-23 | 5.0 | CVE-2019-9036 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | 2019-02-23 | 6.4 | CVE-2019-9037 MISC MISC |
| matio_project -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. | 2019-02-23 | 5.0 | CVE-2019-9038 MISC MISC |
| mcafee -- agent | Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. | 2019-02-28 | 5.0 | CVE-2019-3598 BID CONFIRM |
| mcafee -- agent | Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | 2019-02-28 | 4.3 | CVE-2019-3599 CONFIRM |
| mcafee -- endpoint_security | Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances. | 2019-02-28 | 6.1 | CVE-2019-3582 CONFIRM |
| micode -- xiaomi_perseus-p-oss | drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted application for denial of service. | 2019-02-24 | 4.3 | CVE-2018-20788 MISC |
| mozilla -- firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63. | 2019-02-28 | 6.8 | CVE-2018-12388 BID SECTRACK CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | 2019-02-28 | 5.0 | CVE-2018-12395 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox | A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | 2019-02-28 | 4.3 | CVE-2018-12396 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63. | 2019-02-28 | 4.3 | CVE-2018-12398 BID SECTRACK CONFIRM CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. | 2019-02-28 | 4.3 | CVE-2018-12399 BID SECTRACK CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63. | 2019-02-28 | 5.0 | CVE-2018-12400 BID SECTRACK CONFIRM CONFIRM |
| mozilla -- firefox | Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63. | 2019-02-28 | 5.0 | CVE-2018-12401 BID SECTRACK CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63. | 2019-02-28 | 4.3 | CVE-2018-12402 BID SECTRACK CONFIRM CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | 2019-02-28 | 5.0 | CVE-2018-12403 BID SECTRACK CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. | 2019-02-28 | 6.8 | CVE-2018-12406 BID CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | 2019-02-28 | 4.3 | CVE-2018-18494 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. | 2019-02-28 | 4.3 | CVE-2018-18495 BID CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64. | 2019-02-28 | 6.8 | CVE-2018-18496 BID CONFIRM CONFIRM |
| mozilla -- firefox | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64. | 2019-02-28 | 4.3 | CVE-2018-18497 BID CONFIRM UBUNTU CONFIRM |
| mozilla -- firefox | A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | 2019-02-28 | 4.3 | CVE-2018-18499 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_esr | Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. | 2019-02-28 | 6.8 | CVE-2018-12389 BID BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST GENTOO GENTOO UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
| neatorobotics -- botvac_connected_firmware | Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials. | 2019-02-23 | 4.4 | CVE-2018-20785 MISC |
| netapp -- clustered_data_ontap | Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. | 2019-02-27 | 5.0 | CVE-2019-5491 BID CONFIRM |
| netgate -- pfsense | The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions. | 2019-03-01 | 5.0 | CVE-2018-20798 MISC |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service. | 2019-02-27 | 4.9 | CVE-2019-5671 CONFIRM |
| online_food_ordering_script_project -- online_food_ordering_script | PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | 2019-02-23 | 6.0 | CVE-2019-9062 MISC |
| openssl -- openssl | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | 2019-02-27 | 4.3 | CVE-2019-1559 BID CONFIRM MLIST CONFIRM UBUNTU DEBIAN CONFIRM |
| php -- php | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. | 2019-02-22 | 5.0 | CVE-2019-9022 MISC DEBIAN |
| php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. | 2019-02-22 | 5.0 | CVE-2019-9024 BID MISC DEBIAN |
| pluck-cms -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | 2019-02-23 | 5.8 | CVE-2019-9048 MISC |
| pluck-cms -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | 2019-02-23 | 5.8 | CVE-2019-9049 MISC |
| pluck-cms -- pluck | An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. | 2019-02-23 | 6.5 | CVE-2019-9050 MISC |
| pluck-cms -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | 2019-02-23 | 5.8 | CVE-2019-9051 MISC |
| pluck-cms -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | 2019-02-23 | 5.8 | CVE-2019-9052 MISC |
| podofo_project -- podofo | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. | 2019-02-27 | 4.3 | CVE-2018-20797 MISC |
| podofo_project -- podofo | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-26 | 6.8 | CVE-2019-9199 MISC MISC |
| qualcomm -- ipq8074_firmware | Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 4.9 | CVE-2018-11820 BID CONFIRM |
| qualcomm -- ipq8074_firmware | Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 4.9 | CVE-2018-11864 BID CONFIRM |
| qualcomm -- ipq8074_firmware | Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 4.6 | CVE-2018-11938 BID CONFIRM |
| qualcomm -- mdm9150_firmware | Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 4.9 | CVE-2018-11845 BID CONFIRM |
| qualcomm -- mdm9150_firmware | Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | 2019-02-25 | 4.6 | CVE-2018-13913 CONFIRM |
| qualcomm -- mdm9150_firmware | Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20. | 2019-02-25 | 4.6 | CVE-2018-13914 CONFIRM |
| qualcomm -- mdm9150_firmware | Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130. | 2019-02-25 | 6.6 | CVE-2018-5839 BID CONFIRM |
| qualcomm -- mdm9607_firmware | Improper input validation might result in incorrect app id returned to the caller Instead of returning failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130. | 2019-02-25 | 5.0 | CVE-2018-11935 BID CONFIRM |
| qualcomm -- mdm9650_firmware | Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650, MDM9655, MSM8996AU, QCS605, SD 410/12, SD 615/16/SD 415, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SXR1130. | 2019-02-25 | 6.4 | CVE-2018-11932 BID CONFIRM |
| qualcomm -- msm8996au_firmware | Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MSM8996AU, QCS605, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | 2019-02-25 | 4.9 | CVE-2018-11948 BID CONFIRM |
| s-cms -- s-cms | S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | 2019-02-23 | 6.8 | CVE-2019-9040 MISC |
| schoolcms -- schoolcms | SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code. | 2019-02-26 | 6.5 | CVE-2019-9181 MISC |
| semcosoft -- semcosoft | A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | 2019-02-23 | 4.3 | CVE-2018-18692 MISC |
| sitemagic -- sitemagic_cms | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. | 2019-02-23 | 6.5 | CVE-2019-9042 MISC |
| sublimetext -- sublime_text_3 | ** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched." | 2019-02-25 | 6.8 | CVE-2019-9116 MISC |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | 2019-02-25 | 6.4 | CVE-2018-20789 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | 2019-02-25 | 6.4 | CVE-2018-20790 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | 2019-02-25 | 4.3 | CVE-2018-20791 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | 2019-02-25 | 5.0 | CVE-2018-20792 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | 2019-02-25 | 5.0 | CVE-2018-20793 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | 2019-02-25 | 5.0 | CVE-2018-20794 EXPLOIT-DB |
| tecrail -- responsive_filemanager | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | 2019-02-25 | 5.0 | CVE-2018-20795 EXPLOIT-DB |
| vembu -- storegrid | Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | 2019-02-23 | 4.3 | CVE-2014-10078 MISC MISC |
| vembu -- storegrid | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | 2019-02-23 | 5.0 | CVE-2014-10079 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. | 2019-02-27 | 5.0 | CVE-2019-9208 BID MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. | 2019-02-27 | 5.0 | CVE-2019-9209 BID MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. | 2019-02-27 | 5.0 | CVE-2019-9214 BID MISC MISC MISC |
| woocommerce -- woocommerce | WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | 2019-02-25 | 4.3 | CVE-2019-9168 MISC |
| wuzhicms -- wuzhi_cms | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | 2019-02-24 | 4.3 | CVE-2019-9107 MISC MISC |
| wuzhicms -- wuzhi_cms | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | 2019-02-24 | 4.3 | CVE-2019-9109 MISC MISC |
| wuzhicms -- wuzhi_cms | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | 2019-02-24 | 4.3 | CVE-2019-9110 MISC MISC |
| wuzhicms -- wuzhicms | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | 2019-02-24 | 4.3 | CVE-2019-9108 MISC MISC |
| zzzcms -- zzzphp | There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | 2019-02-26 | 6.8 | CVE-2019-9182 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- airflow | In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 2019-02-27 | 3.5 | CVE-2018-20244 MISC |
| avaya -- one-x_communicator | Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. | 2019-02-26 | 2.1 | CVE-2019-7006 BID CONFIRM CONFIRM |
| google -- android | In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229. | 2019-02-28 | 2.1 | CVE-2019-1995 BID CONFIRM |
| google -- android | In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | 2019-02-28 | 3.3 | CVE-2019-1996 BID CONFIRM |
| google -- android | The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211. | 2019-02-28 | 2.1 | CVE-2019-2001 BID CONFIRM |
| misp -- misp | In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). | 2019-03-01 | 3.5 | CVE-2019-9482 MISC |
| mozilla -- firefox | A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | 2019-02-28 | 3.6 | CVE-2018-12397 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO UBUNTU DEBIAN CONFIRM CONFIRM |
| php_appointment_booking_script_project -- php_appointment_booking_script | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | 2019-02-23 | 3.5 | CVE-2019-9066 MISC |
| qualcomm -- mdm9150_firmware | Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | 2019-02-25 | 2.1 | CVE-2018-13912 CONFIRM |
| zzcms -- zzcms | zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | 2019-02-24 | 3.5 | CVE-2019-9078 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amazon -- ring_doorbell | Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | 2019-03-01 | not yet calculated | CVE-2019-9483 MISC MISC |
| bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-03-01 | not yet calculated | CVE-2019-9544 MISC MISC |
| cisco -- webex_meetings_desktop_app_and_webex_productivity_tools_for_windows | A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7. | 2019-02-28 | not yet calculated | CVE-2019-1674 BID CISCO |
| cisco -- webex_teams | A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. | 2019-02-25 | not yet calculated | CVE-2019-1689 BID CISCO |
| grin -- grin | util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files in an archive. | 2019-02-26 | not yet calculated | CVE-2019-9195 MISC MISC |
| ibm -- san_volume_controller_and _storwize_and_spectrum_virtualize_and_flashsystem_products | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. | 2019-02-27 | not yet calculated | CVE-2018-1775 BID XF CONFIRM |
| invision -- power_board | Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | 2019-03-01 | not yet calculated | CVE-2019-8278 MISC |
| irisnet-crypto -- irisnet-crypto | In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage. | 2019-02-24 | not yet calculated | CVE-2019-9115 MISC |
| laravel_framework -- laravel_framework | The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php. | 2019-02-24 | not yet calculated | CVE-2019-9081 MISC MISC |
| pfsense -- pfsense | In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions. | 2019-03-01 | not yet calculated | CVE-2018-20799 MISC |
| php -- php | An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data. | 2019-02-22 | not yet calculated | CVE-2019-9025 MISC |
| poppler -- poppler | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. | 2019-03-01 | not yet calculated | CVE-2019-9545 MISC MISC |
| poppler -- poppler | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | 2019-03-01 | not yet calculated | CVE-2019-9543 MISC MISC |
| solarwinds -- orion_platform | SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | 2019-03-01 | not yet calculated | CVE-2019-9546 CONFIRM |
| storage_performance_development_kit -- storage_performance_development_kit | In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains. | 2019-03-01 | not yet calculated | CVE-2019-9547 CONFIRM CONFIRM |
| vanilla -- forums | Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | 2019-03-01 | not yet calculated | CVE-2019-8279 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.