Vulnerability Summary for the Week of April 29, 2019
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
barco -- wepresent_wipg-1000p_firmware | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | 2019-04-30 | 10.0 | CVE-2019-3929 MISC EXPLOIT-DB MISC |
barco -- wepresent_wipg-1000p_firmware | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint. | 2019-04-30 | 10.0 | CVE-2019-3930 MISC |
billion -- 5200w-t_firmware | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter. | 2019-05-02 | 10.0 | CVE-2017-18368 MISC MISC MISC MISC MISC |
billion -- 5200w-t_firmware | The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter. | 2019-05-02 | 10.0 | CVE-2017-18369 MISC MISC MISC |
billion -- 5200w-t_firmware | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371. | 2019-05-02 | 9.0 | CVE-2017-18370 MISC MISC MISC MISC MISC |
billion -- 5200w-t_firmware | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | 2019-05-02 | 7.5 | CVE-2017-18371 MISC MISC MISC MISC |
billion -- 5200w-t_firmware | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373. | 2019-05-02 | 9.0 | CVE-2017-18372 MISC MISC MISC |
billion -- 5200w-t_firmware | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. | 2019-05-02 | 9.0 | CVE-2017-18373 MISC MISC MISC |
billion -- 5200w-t_firmware | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes. | 2019-05-02 | 9.0 | CVE-2017-18374 MISC MISC MISC MISC MISC |
checkpoint -- endpoint_security | A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | 2019-04-29 | 7.2 | CVE-2019-8454 MISC |
cisco -- nexus_93108tc-ex_firmware | A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. | 2019-05-03 | 10.0 | CVE-2019-1804 CISCO |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | 2019-04-30 | 10.0 | CVE-2019-3925 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | 2019-04-30 | 10.0 | CVE-2019-3926 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root. | 2019-04-30 | 9.0 | CVE-2019-3931 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. | 2019-04-30 | 7.5 | CVE-2019-3932 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. | 2019-04-30 | 7.5 | CVE-2019-3939 MISC |
dell -- idrac6_firmware | Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. | 2019-04-26 | 10.0 | CVE-2019-3705 MISC |
dell -- idrac9_firmware | Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface. | 2019-04-26 | 10.0 | CVE-2019-3706 MISC |
dhcpcd_project -- dhcpcd | dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. | 2019-04-28 | 7.5 | CVE-2019-11577 BID MISC MISC |
dillonkane -- tidal_workload_automation | An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems. | 2019-04-26 | 7.2 | CVE-2019-6689 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php. | 2019-04-30 | 7.5 | CVE-2019-11618 MISC |
facebook -- hhvm | Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below). | 2019-04-29 | 7.5 | CVE-2019-3561 MISC MISC |
fujifilm -- cr-ir_357_fcr_capsula_x_firmware | Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. | 2019-04-30 | 7.8 | CVE-2019-10948 MISC |
fujifilm -- cr-ir_357_fcr_capsula_x_firmware | Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system. | 2019-04-30 | 10.0 | CVE-2019-10950 BID MISC |
gitea -- gitea | Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password. | 2019-04-27 | 7.5 | CVE-2019-11576 MISC MISC |
ionos -- 1&1_online_storage | STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0. | 2019-04-30 | 9.0 | CVE-2019-9486 MISC |
linux -- linux_kernel | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. | 2019-05-02 | 10.0 | CVE-2019-11683 MLIST MLIST BID CONFIRM MISC MISC |
mozilla -- firefox | The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9791 MISC MISC MISC MISC |
mozilla -- firefox | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9792 MISC MISC MISC MISC |
mozilla -- firefox | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9794 MISC MISC MISC MISC |
mozilla -- firefox | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9795 MISC MISC MISC MISC |
mozilla -- firefox | A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9796 MISC MISC MISC MISC |
mozilla -- firefox | In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9804 MISC MISC |
mozilla -- firefox | A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. | 2019-04-26 | 7.5 | CVE-2019-9805 MISC MISC |
oracle -- weblogic_server | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2019-04-26 | 7.5 | CVE-2019-2725 MISC BID CONFIRM EXPLOIT-DB |
signing-party_project -- signing-party | gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | 2019-04-30 | 10.0 | CVE-2019-11627 MISC MLIST |
smartbear -- readyapi | The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | 2019-05-03 | 9.3 | CVE-2018-20580 MISC |
tabslab -- mailcarrier | A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. | 2019-05-02 | 7.5 | CVE-2019-11682 MISC |
zohocorp -- manageengine_firewall_analyzer | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | 2019-05-02 | 7.5 | CVE-2019-11677 MISC |
zohocorp -- manageengine_firewall_analyzer | The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | 2019-05-02 | 7.5 | CVE-2019-11678 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aikcms -- aikcms | An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI. | 2019-04-27 | 6.5 | CVE-2019-11567 MISC |
aikcms -- aikcms | An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type. | 2019-04-27 | 6.8 | CVE-2019-11568 MISC |
anomali -- agave | Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system. | 2019-05-01 | 5.0 | CVE-2019-11641 MISC |
apache -- archiva | In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. | 2019-04-30 | 5.5 | CVE-2019-0213 MISC MISC MLIST BID MLIST MLIST MLIST MLIST BUGTRAQ |
apache -- archiva | In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. | 2019-04-30 | 5.5 | CVE-2019-0214 CONFIRM MISC MLIST BID MLIST MLIST MLIST MLIST BUGTRAQ |
apache -- axis | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | 2019-05-01 | 5.4 | CVE-2019-0227 MISC |
apache -- camel | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. | 2019-04-30 | 5.0 | CVE-2019-0194 MLIST MLIST MLIST MISC MLIST |
apache -- pluto | The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file | 2019-04-26 | 4.3 | CVE-2019-0186 MLIST MISC BID MLIST MISC EXPLOIT-DB MLIST |
apache -- unstructured_information_management_architecture_distributed_uima_cluster_computing | This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | 2019-05-01 | 4.3 | CVE-2018-8035 CONFIRM |
atlassian -- jira | The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | 2019-05-03 | 4.3 | CVE-2018-20824 MISC |
atlassian -- jira | The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | 2019-04-30 | 5.0 | CVE-2019-3399 MISC |
atlassian -- jira | The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | 2019-05-03 | 4.3 | CVE-2019-3400 MISC |
bpcbt -- smartvista | BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | 2019-04-30 | 6.8 | CVE-2018-15206 MISC |
bpcbt -- smartvista | BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | 2019-04-30 | 6.5 | CVE-2018-15207 MISC |
bpcbt -- smartvista | BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. | 2019-04-30 | 5.1 | CVE-2018-15208 MISC |
buffalo -- open_xdmod | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | 2019-05-02 | 4.3 | CVE-2018-16960 MISC |
buffalo -- open_xdmod | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | 2019-05-02 | 5.0 | CVE-2018-16961 MISC |
buffalo -- open_xdmod | An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. | 2019-05-02 | 5.0 | CVE-2018-16988 MISC |
cisco -- hx220c_af_m5_firmware | A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. | 2019-05-03 | 6.8 | CVE-2019-1857 CISCO |
cisco -- network_registrar | A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | 2019-05-03 | 4.3 | CVE-2019-1852 CISCO |
cisco -- prime_collaboration_assurance | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external devices to the web-based management interface of an affected PCA device. An attacker in control of devices integrated with an affected PCA device could exploit this vulnerability by using crafted data in certain fields of the controlled devices. A successful exploit could allow the attacker to execute arbitrary script code in the context of the PCA web-based management interface or allow the attacker to access sensitive browser-based information. | 2019-05-03 | 4.3 | CVE-2019-1856 BID CISCO |
cisco -- telepresence_video_communication_server | A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface. | 2019-05-03 | 4.0 | CVE-2019-1854 CISCO |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface. | 2019-04-30 | 5.0 | CVE-2019-3927 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. | 2019-04-30 | 5.0 | CVE-2019-3928 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. | 2019-04-30 | 5.0 | CVE-2019-3933 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. | 2019-04-30 | 5.0 | CVE-2019-3934 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. | 2019-04-30 | 6.4 | CVE-2019-3935 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. | 2019-04-30 | 5.0 | CVE-2019-3936 MISC |
dhcpcd_project -- dhcpcd | auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. | 2019-04-28 | 4.3 | CVE-2019-11578 BID MISC MISC MISC MISC |
dhcpcd_project -- dhcpcd | dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. | 2019-04-28 | 5.0 | CVE-2019-11579 BID MISC MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | 2019-04-30 | 5.0 | CVE-2019-11606 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | 2019-04-30 | 5.0 | CVE-2019-11607 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | 2019-04-30 | 6.4 | CVE-2019-11608 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | 2019-04-30 | 6.4 | CVE-2019-11609 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | 2019-04-30 | 5.0 | CVE-2019-11610 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | 2019-04-30 | 5.0 | CVE-2019-11611 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files. | 2019-04-30 | 6.4 | CVE-2019-11612 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 4.0 | CVE-2019-11613 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 5.0 | CVE-2019-11614 MISC |
doorgets -- doorgets_cms | /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. | 2019-04-30 | 6.5 | CVE-2019-11615 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password. | 2019-04-30 | 5.0 | CVE-2019-11616 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification. | 2019-04-30 | 6.8 | CVE-2019-11617 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 4.0 | CVE-2019-11619 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre. | 2019-04-30 | 4.0 | CVE-2019-11620 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 4.0 | CVE-2019-11621 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre. | 2019-04-30 | 4.0 | CVE-2019-11622 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 4.0 | CVE-2019-11623 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. | 2019-04-30 | 5.5 | CVE-2019-11624 MISC |
doorgets -- doorgets_cms | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. | 2019-04-30 | 4.0 | CVE-2019-11625 MISC |
doorgets -- doorgets_cms | routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. | 2019-04-30 | 5.0 | CVE-2019-11626 MISC |
esotalk -- esotalk | esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. | 2019-04-29 | 4.3 | CVE-2015-9285 MISC MISC |
facebook -- fizz | An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. | 2019-04-29 | 5.0 | CVE-2019-3560 MISC |
freedesktop -- systemd | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | 2019-04-26 | 4.6 | CVE-2019-3843 BID CONFIRM FEDORA |
freedesktop -- systemd | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled. | 2019-04-26 | 4.6 | CVE-2019-3844 BID CONFIRM |
gnu -- recutils | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. | 2019-05-01 | 4.3 | CVE-2019-11637 MISC MISC |
gnu -- recutils | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. | 2019-05-01 | 4.3 | CVE-2019-11638 MISC MISC |
gnu -- recutils | An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. | 2019-05-01 | 6.8 | CVE-2019-11639 MISC MISC |
gnu -- recutils | An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. | 2019-05-01 | 6.8 | CVE-2019-11640 MISC MISC |
groonga -- groonga-httpd | The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server. | 2019-05-02 | 6.9 | CVE-2019-11675 MISC |
honeypress_project -- honeypress | HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. This allows attackers to discover and avoid this honeypot system. | 2019-05-01 | 5.0 | CVE-2019-11633 MISC |
ibm -- api_connect | IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | 2019-04-29 | 5.0 | CVE-2018-2007 CONFIRM XF |
ibm -- api_connect | IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195. | 2019-05-02 | 4.3 | CVE-2018-2015 BID XF CONFIRM |
ibm -- emptoris_contract_management | IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657. | 2019-04-29 | 5.0 | CVE-2018-1961 XF CONFIRM |
ibm -- jazz_reporting_service | IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. | 2019-04-29 | 4.0 | CVE-2019-4047 BID XF CONFIRM |
ibm -- rational_engineering_lifecycle_manager | IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. | 2019-05-01 | 5.0 | CVE-2018-1608 XF CONFIRM |
ibm -- storediq | IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | 2019-04-30 | 5.8 | CVE-2019-4166 CONFIRM BID XF |
ilnkp2p_project -- ilnkp2p | The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices. | 2019-04-26 | 6.4 | CVE-2019-11219 MISC |
ilnkp2p_project -- ilnkp2p | An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. | 2019-04-26 | 4.3 | CVE-2019-11220 MISC |
imagemagick -- imagemagick | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. | 2019-04-29 | 5.8 | CVE-2019-11597 BID MISC |
imagemagick -- imagemagick | In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. | 2019-04-29 | 5.8 | CVE-2019-11598 BID MISC |
infinitumit -- directadmin | The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. | 2019-04-30 | 6.8 | CVE-2019-11193 MISC MISC EXPLOIT-DB |
iobit -- malware_fighter | IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls. | 2019-04-30 | 5.5 | CVE-2019-6494 MISC |
jenkins -- ansible_tower | A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 2019-04-30 | 6.8 | CVE-2019-10310 MLIST MISC |
jenkins -- ansible_tower | A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-04-30 | 4.0 | CVE-2019-10311 MLIST MISC |
jenkins -- ansible_tower | A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | 2019-04-30 | 4.0 | CVE-2019-10312 MLIST MISC |
jenkins -- aqua_microscanner | Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-04-30 | 4.0 | CVE-2019-10316 MLIST MISC |
jenkins -- azure_ad | Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | 2019-04-30 | 4.0 | CVE-2019-10318 MLIST MISC |
jenkins -- github_authentication | Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 2019-04-30 | 6.8 | CVE-2019-10315 MLIST MISC |
jenkins -- koji | Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 2019-04-30 | 4.3 | CVE-2019-10314 MLIST MISC |
jenkins -- self-organizing_swarm_modules | Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | 2019-04-30 | 4.8 | CVE-2019-10309 MLIST MISC |
jenkins -- sitemonitor | Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 2019-04-30 | 4.3 | CVE-2019-10317 MLIST MISC |
jenkins -- static_analysis_utilities | A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | 2019-04-30 | 4.3 | CVE-2019-10307 MLIST MISC |
jenkins -- static_analysis_utilities | A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. | 2019-04-30 | 4.0 | CVE-2019-10308 MLIST MISC |
jenkins -- twitter | Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-04-30 | 4.0 | CVE-2019-10313 MLIST MISC |
linux -- linux_kernel | The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. | 2019-04-29 | 6.9 | CVE-2019-11599 MISC MLIST MLIST MLIST BID MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
memcached -- memcached | In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | 2019-04-29 | 5.0 | CVE-2019-11596 MISC MISC MISC UBUNTU |
microfocus -- network_automation | A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | 2019-04-29 | 6.5 | CVE-2019-3493 CONFIRM |
moodle -- moodle | Moodle 3.6.3 allows remote authenticated administrators to execute arbitrary PHP code via a ZIP archive, containing a theme_*.php file, to repository/repository_ajax.php?action=upload and admin/tool/installaddon/index.php. | 2019-04-30 | 6.5 | CVE-2019-11631 MISC BID MISC EXPLOIT-DB |
mozilla -- firefox | Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. | 2019-04-26 | 4.3 | CVE-2018-18511 MISC MISC |
mozilla -- firefox | Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | 2019-04-26 | 4.3 | CVE-2018-5124 MISC |
mozilla -- firefox | A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | 2019-04-26 | 5.0 | CVE-2018-5179 MISC |
mozilla -- firefox | A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 4.3 | CVE-2019-9793 MISC MISC MISC MISC |
mozilla -- firefox | Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9797 MISC MISC |
mozilla -- firefox | On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.8 | CVE-2019-9798 MISC MISC |
mozilla -- firefox | Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9799 MISC MISC |
mozilla -- firefox | Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9801 MISC MISC MISC MISC |
mozilla -- firefox | If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9802 MISC MISC |
mozilla -- firefox | The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.8 | CVE-2019-9803 MISC MISC MISC MISC |
mozilla -- firefox | A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9806 MISC MISC |
mozilla -- firefox | When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. | 2019-04-26 | 4.3 | CVE-2019-9807 MISC MISC |
mozilla -- firefox | If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9808 MISC MISC |
mozilla -- firefox | If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. | 2019-04-26 | 5.0 | CVE-2019-9809 MISC MISC MISC |
mozilla -- firefox | Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | 2019-04-26 | 6.8 | CVE-2019-9810 MISC MISC MISC MISC |
mozilla -- firefox | Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | 2019-04-26 | 6.8 | CVE-2019-9813 MISC MISC MISC MISC |
mozilla -- network_security_services | When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. | 2019-04-29 | 4.3 | CVE-2018-12384 CONFIRM |
mozilla -- network_security_services | A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. | 2019-05-02 | 4.3 | CVE-2018-12404 BID MISC |
mozilla -- thunderbird | A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1. | 2019-04-26 | 5.0 | CVE-2018-18509 MISC FULLDISC MLIST MISC MISC |
mozilla -- thunderbird | A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. | 2019-04-26 | 5.0 | CVE-2018-18513 MISC MISC |
netapp -- hyper_converged_infrastructure_compute_node | Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. | 2019-04-29 | 5.0 | CVE-2019-5492 BID CONFIRM |
nodebb -- nodebb | Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | 2019-04-30 | 4.3 | CVE-2015-9286 MISC MISC MISC MISC |
octopus -- octopus_deploy | In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) | 2019-05-01 | 5.5 | CVE-2019-11632 MISC MISC |
omniauth_project -- omniauth | The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | 2019-04-26 | 6.8 | CVE-2015-9284 MISC MISC MLIST |
phpbb -- phpbb | The fulltext search component in phpBB before 3.2.6 allows Denial of Service. | 2019-05-02 | 5.0 | CVE-2019-9826 MLIST MLIST CONFIRM |
polarisft -- intellect_core_banking | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | 2019-04-30 | 6.5 | CVE-2018-14874 MISC |
polarisft -- intellect_core_banking | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. | 2019-04-30 | 6.8 | CVE-2018-14930 MISC |
polarisft -- intellect_core_banking | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | 2019-04-30 | 5.8 | CVE-2018-14931 MISC |
projectsend -- projectsend | ProjectSend before r1070 writes user passwords to the server logs. | 2019-04-26 | 5.0 | CVE-2019-11492 CONFIRM |
projectsend -- projectsend | Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. | 2019-04-26 | 4.3 | CVE-2019-11533 BID CONFIRM |
rapid7 -- metasploit | Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions. | 2019-04-30 | 6.5 | CVE-2019-5624 MISC CONFIRM CONFIRM |
solarwinds -- damewire_mini_remote_control | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | 2019-05-02 | 5.0 | CVE-2019-9017 MISC MISC EXPLOIT-DB |
sonicwall -- global_management_system | A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | 2019-04-26 | 6.8 | CVE-2019-7476 CONFIRM |
ublock -- ublock | In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | 2019-04-29 | 6.8 | CVE-2019-11595 MISC MISC |
w1.fi -- hostapd | The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. | 2019-04-26 | 4.3 | CVE-2019-11555 MLIST MISC MISC MISC |
weaver -- e-cology | An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. | 2019-04-30 | 4.3 | CVE-2019-10272 MISC CONFIRM |
webidsupport -- webid | WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php. | 2019-04-29 | 4.3 | CVE-2019-11592 MISC |
z.cash -- zcash | Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. | 2019-05-01 | 5.0 | CVE-2019-11636 MISC MISC |
zimbra -- collaboration_server | Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. | 2019-04-30 | 5.0 | CVE-2019-9621 MISC MISC MISC MISC MISC CONFIRM EXPLOIT-DB |
zohocorp -- manageengine_admanager_plus | Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | 2019-04-30 | 6.9 | CVE-2018-19374 MISC |
zohocorp -- manageengine_firewall_analyzer | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | 2019-05-02 | 4.3 | CVE-2019-11676 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
atlassian -- application_links | Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. | 2019-04-30 | 3.5 | CVE-2018-20239 MISC |
cisco -- application_policy_infrastructure_controller | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i). | 2019-05-03 | 3.5 | CVE-2019-1838 CISCO |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data. | 2019-04-30 | 2.1 | CVE-2019-3937 MISC |
crestron -- am-100_firmware | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | 2019-04-30 | 2.1 | CVE-2019-3938 MISC |
ibm -- jazz_reporting_service | IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006. | 2019-04-29 | 3.5 | CVE-2018-2004 BID XF CONFIRM |
ibm -- planning_analytics | IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177. | 2019-05-01 | 3.5 | CVE-2018-1933 CONFIRM XF |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946. | 2019-05-01 | 3.5 | CVE-2019-4258 CONFIRM XF |
imagemagick -- imagemagick | An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. | 2019-04-30 | 3.6 | CVE-2019-10131 BID CONFIRM CONFIRM |
linux -- linux_kernel | The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file. | 2019-04-30 | 2.1 | CVE-2018-20509 MISC MLIST |
linux -- linux_kernel | The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file. | 2019-04-30 | 2.1 | CVE-2018-20510 BID MISC |
philips -- tasy_emr | In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | 2019-05-01 | 3.5 | CVE-2019-6562 MISC |
polarisft -- intellect_core_banking | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter. | 2019-04-30 | 3.5 | CVE-2018-14875 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adblock_plus -- adblock | In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | 2019-04-29 | not yet calculated | CVE-2019-11594 MISC MISC MISC |
adblock_plus -- adblock_plus | In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | 2019-04-29 | not yet calculated | CVE-2019-11593 MISC MISC MISC MISC MISC |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition. | 2019-05-03 | not yet calculated | CVE-2018-15388 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. | 2019-05-03 | not yet calculated | CVE-2019-1708 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device. | 2019-05-03 | not yet calculated | CVE-2019-1715 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry. | 2019-05-03 | not yet calculated | CVE-2019-1695 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. | 2019-05-03 | not yet calculated | CVE-2019-1694 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1693 BID CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1687 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device. | 2019-05-03 | not yet calculated | CVE-2019-1714 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1697 CISCO |
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. | 2019-05-03 | not yet calculated | CVE-2019-1701 BID CISCO |
cisco -- adaptive_security_appliance_software | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1713 CISCO |
cisco -- adaptive_security_appliance_software | A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1705 BID CISCO |
cisco -- adaptive_security_virtual_appliance_and_firepower_2100_series | A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1706 CISCO |
cisco -- application_policy_infrastructure_controller_software | A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1682 CISCO |
cisco -- application_policy_infrastructure_controller_software | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1692 CISCO |
cisco -- application_policy_infrastructure_controller_software | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | 2019-05-03 | not yet calculated | CVE-2019-1586 BID CISCO |
cisco -- email_security_appliance | A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users. | 2019-05-03 | not yet calculated | CVE-2019-1844 BID CISCO |
cisco -- firepower_2100_series | A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may prevent ingress buffers from being replenished under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to consume all input buffers, which are shared between all interfaces, leading to a queue wedge condition in all active interfaces. This situation would cause an affected device to stop processing any incoming traffic and result in a DoS condition until the device is reloaded manually. | 2019-05-03 | not yet calculated | CVE-2019-1703 CISCO |
cisco -- firepower_threat_defense_software | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-05-03 | not yet calculated | CVE-2019-1696 CISCO |
cisco -- firepower_threat_defense_software | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | 2019-05-03 | not yet calculated | CVE-2019-1709 CISCO |
cisco -- firepower_threat_defense_software | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | 2019-05-03 | not yet calculated | CVE-2019-1699 CISCO |
cisco -- firepower_threat_defense_software | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-05-03 | not yet calculated | CVE-2019-1704 CISCO |
cisco -- firepower_threat_defense_software | A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device. | 2019-05-03 | not yet calculated | CVE-2018-15462 CISCO |
cisco -- ip_phone_7800_series_and_8800_series_session_initiation_protocol_software | A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1635 CISCO |
cisco -- nexus_9000_series_application_centric_infrastructure_mode_switch_software | A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device. | 2019-05-03 | not yet calculated | CVE-2019-1803 CISCO |
cisco -- nexus_9000_series_fabric_switches | A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. | 2019-05-03 | not yet calculated | CVE-2019-1587 CISCO |
cisco -- nexus_9000_series_fabric_switches | A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i). | 2019-05-03 | not yet calculated | CVE-2019-1836 BID CISCO |
cisco -- nexus_9000_series_fabric_switches_in_application_centric_infrastructure_mode_switch_software | A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1592 CISCO |
cisco -- nexus_9000_series_fabric_switches_in_application_centric_infrastructure_mode_switch_software | A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1590 CISCO |
cisco -- nexus_9000_series_fabric_switches_software | A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device. | 2019-05-03 | not yet calculated | CVE-2019-1589 CISCO |
cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers | A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session. | 2019-05-03 | not yet calculated | CVE-2019-1724 CISCO |
cisco -- small_business_switches_software | A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. | 2019-05-03 | not yet calculated | CVE-2019-1859 CISCO |
cisco -- umbrella_dashboard | A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required. | 2019-05-03 | not yet calculated | CVE-2019-1807 CISCO |
cisco -- web_security_appliance | A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | 2019-05-03 | not yet calculated | CVE-2019-1816 CISCO |
cisco -- web_security_appliance | A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition. | 2019-05-03 | not yet calculated | CVE-2019-1817 CISCO |
cjson -- cjson | parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. | 2019-04-29 | not yet calculated | CVE-2016-10749 MISC MISC MISC |
das_u-boot -- das_u-boot | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. | 2019-05-03 | not yet calculated | CVE-2019-11690 MISC |
dell_emc -- idrac9 | Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface. | 2019-04-26 | not yet calculated | CVE-2019-3707 MISC |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. | 2019-05-03 | not yet calculated | CVE-2019-6614 CONFIRM |
f5 -- big-ip | When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured with a virtual server using a PPTP profile is exposed to this vulnerability. | 2019-05-03 | not yet calculated | CVE-2019-6611 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. | 2019-05-03 | not yet calculated | CVE-2019-6612 CONFIRM |
f5 -- big-ip | On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. | 2019-05-03 | not yet calculated | CVE-2019-6613 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. | 2019-05-03 | not yet calculated | CVE-2019-6616 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. | 2019-05-03 | not yet calculated | CVE-2019-6615 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. | 2019-05-03 | not yet calculated | CVE-2019-6617 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions. | 2019-05-03 | not yet calculated | CVE-2019-6618 CONFIRM |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero. | 2019-05-03 | not yet calculated | CVE-2019-6619 CONFIRM |
facebook_technologies -- oculus_browser_ui | A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | 2019-04-29 | not yet calculated | CVE-2019-3562 MISC |
filezilla_project -- filezilla | Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. | 2019-04-29 | not yet calculated | CVE-2019-5429 MISC MISC |
lantronix -- securelinx_spider_devices | Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. | 2019-05-02 | not yet calculated | CVE-2018-10383 MISC |
lenovo -- xclarity_administrator | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | 2019-05-03 | not yet calculated | CVE-2019-6158 MISC |
microfocus -- open_enterprise_server | A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | 2019-05-02 | not yet calculated | CVE-2019-3490 MISC |
mozilla -- bugzilla | A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | 2019-04-29 | not yet calculated | CVE-2018-5123 CONFIRM |
national_center_for_biotechnology_information -- toolbox | A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | 2019-05-02 | not yet calculated | CVE-2018-16717 MISC |
national_center_for_biotechnology_information -- toolbox | An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | 2019-05-02 | not yet calculated | CVE-2018-16718 MISC |
national_center_for_biotechnology_information -- toolbox | A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | 2019-05-02 | not yet calculated | CVE-2018-16716 MISC |
national_electrical_manufacturers_association -- digital_imaging_and_communications_in_medicine_part_10_file_format | An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files. | 2019-05-02 | not yet calculated | CVE-2019-11687 MISC MISC MISC |
node-tar -- node-tar | A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | 2019-04-30 | not yet calculated | CVE-2018-20834 MISC MISC MISC |
php -- php | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | 2019-05-03 | not yet calculated | CVE-2019-11036 MISC |
php -- php | In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. | 2019-05-03 | not yet calculated | CVE-2019-11037 MISC |
qliktech_international -- qlikview_server_and_qlik_sense_enterprise_and_qlik_analytics_platform | An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests. | 2019-04-30 | not yet calculated | CVE-2019-11628 MISC |
rockwell_automation -- compactlogix_and_compact_guardlogix_and_armor_compact_guardlogix_controllers | An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems. | 2019-05-01 | not yet calculated | CVE-2019-10952 BID MISC |
rockwell_automation -- compactlogix_and_compact_guardlogix_and_armor_compact_guardlogix_controllers | An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier. | 2019-05-01 | not yet calculated | CVE-2019-10954 BID MISC |
tar-fs -- tar-fs | A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | 2019-04-30 | not yet calculated | CVE-2018-20835 MISC MISC MISC |
wangle -- wangle | Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 | 2019-04-29 | not yet calculated | CVE-2019-3563 MISC |
wildfly -- wildfly | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. | 2019-05-03 | not yet calculated | CVE-2019-3805 CONFIRM |
wildfly -- wildfly | It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. | 2019-05-03 | not yet calculated | CVE-2019-3894 CONFIRM |
wordpress -- wordpress | The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 2019-04-26 | not yet calculated | CVE-2019-11557 MISC MISC MISC |
wordpress -- wordpress | The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 2019-04-29 | not yet calculated | CVE-2019-11591 MISC MISC MISC |
wordpress -- wordpress | Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | 2019-04-27 | not yet calculated | CVE-2019-11565 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 2019-04-29 | not yet calculated | CVE-2019-11590 MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.