US-CERT - SB19-049: Vulnerability Summary for the Week of February 11, 2019
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abbyy -- flexicapture | Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | 2019-02-09 | 7.5 | CVE-2018-13792 CONFIRM |
aveva -- indusoft_web_studio | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. | 2019-02-12 | 10.0 | CVE-2019-6543 MISC EXPLOIT-DB MISC |
aveva -- indusoft_web_studio | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine. | 2019-02-12 | 10.0 | CVE-2019-6545 MISC EXPLOIT-DB MISC |
cim_project -- cim | install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder. | 2019-02-10 | 7.5 | CVE-2019-7692 MISC |
dlink -- dir-600m_firmware | D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. | 2019-02-11 | 7.5 | CVE-2019-7736 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field. | 2019-02-12 | 9.0 | CVE-2019-8312 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field. | 2019-02-12 | 9.0 | CVE-2019-8313 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field. | 2019-02-12 | 9.0 | CVE-2019-8314 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field. | 2019-02-12 | 9.0 | CVE-2019-8315 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field. | 2019-02-12 | 9.0 | CVE-2019-8316 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field. | 2019-02-12 | 9.0 | CVE-2019-8318 MISC |
dlink -- dir-878_firmware | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field. | 2019-02-12 | 9.0 | CVE-2019-8319 MISC |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory. | 2019-02-11 | 7.2 | CVE-2018-11962 BID CONFIRM |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer. | 2019-02-11 | 7.2 | CVE-2018-12014 BID CONFIRM |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed | 2019-02-11 | 7.2 | CVE-2018-13889 BID CONFIRM |
google -- android | NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947. | 2019-02-13 | 9.3 | CVE-2018-6267 BID CONFIRM |
google -- android | NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161. | 2019-02-13 | 9.3 | CVE-2018-6268 BID CONFIRM |
google -- android | NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474. | 2019-02-13 | 9.3 | CVE-2018-6271 BID CONFIRM |
google -- android | In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. | 2019-02-11 | 10.0 | CVE-2018-9583 BID CONFIRM |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | 2019-02-12 | 7.5 | CVE-2019-7743 BID MISC |
mobotix -- s14_firmware | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | 2019-02-09 | 10.0 | CVE-2009-5154 MISC MISC |
mywebsql -- mywebsql | MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | 2019-02-11 | 7.5 | CVE-2019-7731 MISC |
nibbleblog -- nibbleblog | Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | 2019-02-10 | 7.5 | CVE-2019-7719 MISC |
pocoo -- jinja2 | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with in a URI. | 2019-02-15 | 7.5 | CVE-2019-8341 MISC EXPLOIT-DB |
qualcomm -- mdm9206_firmware | There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605. | 2019-02-11 | 7.2 | CVE-2018-13888 BID CONFIRM |
qualcomm -- mdm9607_firmware | Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016. | 2019-02-11 | 7.2 | CVE-2018-11888 BID CONFIRM |
taogogo -- taocms | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | 2019-02-10 | 7.5 | CVE-2019-7720 MISC |
traq -- traq | Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | 2019-02-10 | 7.5 | CVE-2018-20779 MISC |
we-con -- levistudiou | Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | 2019-02-12 | 9.3 | CVE-2019-6539 BID MISC |
webassembly -- binaryen | An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file. | 2019-02-09 | 7.1 | CVE-2019-7662 MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- cp400pb_firmware | The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. | 2019-02-13 | 6.8 | CVE-2018-19008 BID MISC |
apache -- jspwiki | A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking. | 2019-02-11 | 4.3 | CVE-2018-20242 BID MLIST |
atlassian -- confluence | Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature. | 2019-02-13 | 4.0 | CVE-2018-20237 BID CONFIRM |
atlassian -- crowd | Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | 2019-02-13 | 5.5 | CVE-2018-20238 BID CONFIRM |
atto -- fibrebridge_7500n_firmware | ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). | 2019-02-12 | 5.0 | CVE-2018-5499 CONFIRM |
axiositalia -- registro_elettronico | Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation. | 2019-02-10 | 4.3 | CVE-2019-7693 MISC MISC |
axiosys -- bento4 | An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. | 2019-02-10 | 4.3 | CVE-2019-7697 MISC |
axiosys -- bento4 | An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | 2019-02-10 | 4.3 | CVE-2019-7698 MISC |
axiosys -- bento4 | A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service. | 2019-02-10 | 4.3 | CVE-2019-7699 MISC |
beescms -- beescms | BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. | 2019-02-15 | 6.8 | CVE-2019-8347 MISC |
dbninja -- dbninja | DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. | 2019-02-11 | 6.8 | CVE-2019-7747 MISC |
dbninja -- dbninja | _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. | 2019-02-11 | 4.3 | CVE-2019-7748 MISC |
elfutils_project -- elfutils | In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). | 2019-02-09 | 4.3 | CVE-2019-7664 MISC |
elfutils_project -- elfutils | In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. | 2019-02-09 | 4.3 | CVE-2019-7665 MISC MISC |
enigmail -- enigmail | Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. | 2019-02-11 | 4.3 | CVE-2018-15586 MISC |
estrongs -- es_file_explorer_file_manager | The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL. | 2019-02-15 | 4.3 | CVE-2019-8345 MISC |
f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. | 2019-02-13 | 4.3 | CVE-2019-6589 CONFIRM |
frog_cms_project -- frog_cms | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | 2019-02-10 | 6.5 | CVE-2018-20772 MISC |
frog_cms_project -- frog_cms | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | 2019-02-10 | 6.5 | CVE-2018-20773 MISC |
frog_cms_project -- frog_cms | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | 2019-02-10 | 6.5 | CVE-2018-20775 MISC |
frog_cms_project -- frog_cms | Frog CMS 0.9.5 provides a directory listing for a /public request. | 2019-02-10 | 5.0 | CVE-2018-20776 MISC |
frog_cms_project -- frog_cms | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | 2019-02-10 | 4.3 | CVE-2018-20778 MISC |
gnome -- evolution | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 2019-02-11 | 4.3 | CVE-2018-15587 MISC |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region. | 2019-02-11 | 4.6 | CVE-2018-12010 CONFIRM |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace. | 2019-02-11 | 4.6 | CVE-2018-13893 CONFIRM |
google -- android | In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362. | 2019-02-11 | 4.6 | CVE-2018-9582 BID CONFIRM |
google -- android | In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681. | 2019-02-11 | 4.6 | CVE-2018-9584 BID CONFIRM |
google -- android | In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809. | 2019-02-11 | 4.6 | CVE-2018-9585 BID CONFIRM |
google -- android | In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444. | 2019-02-11 | 4.4 | CVE-2018-9586 BID CONFIRM |
google -- android | In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344. | 2019-02-11 | 4.4 | CVE-2018-9587 BID CONFIRM |
google -- android | In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-115900043. | 2019-02-11 | 5.0 | CVE-2018-9590 BID CONFIRM |
google -- android | In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116108738. | 2019-02-11 | 5.0 | CVE-2018-9591 BID CONFIRM |
google -- android | In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076. | 2019-02-11 | 5.0 | CVE-2018-9592 BID CONFIRM |
hotels_server_project -- hotels_server | controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. | 2019-02-08 | 5.0 | CVE-2019-7648 MISC |
housegate -- house_gate | Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2019-02-13 | 5.0 | CVE-2019-5910 JVN |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this. | 2019-02-12 | 4.3 | CVE-2019-7739 BID MISC |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | 2019-02-12 | 4.3 | CVE-2019-7740 MISC |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | 2019-02-12 | 4.3 | CVE-2019-7741 MISC |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | 2019-02-12 | 4.3 | CVE-2019-7742 MISC |
joomla -- joomla! | An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | 2019-02-12 | 4.3 | CVE-2019-7744 MISC |
lexmark -- 6500e_firmware | Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. | 2019-02-11 | 6.4 | CVE-2019-6489 CONFIRM |
libtiff -- libtiff | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. | 2019-02-09 | 4.3 | CVE-2019-7663 MISC MLIST |
linux -- linux_kernel | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | 2019-02-15 | 5.8 | CVE-2019-6974 MISC MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
live555 -- streaming_media | In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed. | 2019-02-11 | 5.0 | CVE-2019-7732 MISC |
live555 -- streaming_media | In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. | 2019-02-11 | 5.0 | CVE-2019-7733 MISC |
metinfo -- metinfo | An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily. | 2019-02-10 | 6.8 | CVE-2019-7718 MISC |
mobotix -- s14_firmware | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. | 2019-02-09 | 5.0 | CVE-2019-7673 MISC |
mobotix -- s14_firmware | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | 2019-02-09 | 5.0 | CVE-2019-7674 MISC |
mobotix -- s14_firmware | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. | 2019-02-09 | 5.0 | CVE-2019-7675 MISC |
mywebsql -- mywebsql | MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | 2019-02-11 | 4.9 | CVE-2019-7730 MISC |
nasm -- netwide_assembler | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | 2019-02-15 | 6.8 | CVE-2019-8343 MISC |
nconsulting -- nc-cms | lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | 2019-02-10 | 5.0 | CVE-2019-7721 MISC |
nttdocomo -- v20_pro_l-01j_firmware | V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point. | 2019-02-13 | 5.7 | CVE-2019-5914 JVN MISC |
omron -- cx-supervisor | An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | 2019-02-12 | 6.0 | CVE-2018-19018 MISC |
qualcomm -- mdm9206_firmware | While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | 2019-02-11 | 4.6 | CVE-2018-11899 CONFIRM |
rarlab -- winrar | In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2019-02-12 | 6.8 | CVE-2018-20253 MISC |
schoolcms -- schoolcms | An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | 2019-02-13 | 4.3 | CVE-2019-8334 MISC |
schoolcms -- schoolcms | An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | 2019-02-13 | 4.3 | CVE-2019-8335 MISC |
symantec -- ghost_solution_suite | Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. | 2019-02-08 | 6.0 | CVE-2018-18364 BID CONFIRM |
traq -- traq | Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | 2019-02-10 | 6.8 | CVE-2018-20780 MISC |
verydows -- verydows | A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | 2019-02-11 | 6.8 | CVE-2019-7737 MISC |
verydows -- verydows | Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | 2019-02-12 | 4.3 | CVE-2019-7753 MISC |
we-con -- levistudiou | A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | 2019-02-12 | 6.8 | CVE-2019-6541 BID MISC |
webassembly -- binaryen | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. | 2019-02-10 | 4.3 | CVE-2019-7700 MISC |
webassembly -- binaryen | A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. | 2019-02-10 | 4.3 | CVE-2019-7701 MISC |
webassembly -- binaryen | A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | 2019-02-10 | 4.3 | CVE-2019-7702 MISC |
webassembly -- binaryen | In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge. | 2019-02-10 | 4.3 | CVE-2019-7703 MISC |
webassembly -- binaryen | wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | 2019-02-10 | 4.3 | CVE-2019-7704 MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
atlassian -- jira | The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | 2019-02-13 | 3.5 | CVE-2018-13403 CONFIRM |
atlassian -- jira | The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | 2019-02-13 | 3.5 | CVE-2018-20232 BID CONFIRM |
cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at http://bit.ly/2GvQEZH. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. | 2019-02-08 | 3.5 | CVE-2019-1673 BID CISCO |
frog_cms_project -- frog_cms | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | 2019-02-10 | 3.5 | CVE-2018-20774 MISC |
frog_cms_project -- frog_cms | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | 2019-02-10 | 3.5 | CVE-2018-20777 MISC |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function. | 2019-02-11 | 2.1 | CVE-2018-12006 CONFIRM |
google -- android | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. | 2019-02-11 | 2.1 | CVE-2018-12011 CONFIRM |
google -- android | In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156. | 2019-02-11 | 3.3 | CVE-2018-9588 BID CONFIRM |
google -- android | In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132. | 2019-02-11 | 2.1 | CVE-2018-9589 BID CONFIRM |
google -- android | In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267. | 2019-02-11 | 3.3 | CVE-2018-9593 BID CONFIRM |
google -- android | In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157. | 2019-02-11 | 3.3 | CVE-2018-9594 BID CONFIRM |
mcafee -- true_key | Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. | 2019-02-13 | 2.1 | CVE-2019-3610 CONFIRM |
omron -- cx-supervisor | When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. | 2019-02-12 | 3.5 | CVE-2018-19020 MISC |
sap -- business_one | Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 2019-02-15 | 2.1 | CVE-2019-0256 BID MISC MISC |
tenable -- nessus | Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. | 2019-02-11 | 3.5 | CVE-2019-3923 CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advancecomp -- advancecomp | An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | 2019-02-16 | not yet calculated | CVE-2019-8383 MISC MISC |
advancecomp -- advancecomp |
An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | 2019-02-16 | not yet calculated | CVE-2019-8379 MISC MISC |
amazon -- fire_os | Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | 2019-02-16 | not yet calculated | CVE-2019-7399 BID MISC |
atlassian -- jira |
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. | 2019-02-13 | not yet calculated | CVE-2018-13404 CONFIRM |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8382 MISC MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8380 MISC MISC |
bento4 -- bento4 |
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8378 MISC MISC |
bitcoin -- bitcoin_core_and_bitcoin_knots |
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port. | 2019-02-11 | not yet calculated | CVE-2018-20587 MISC MISC |
c.p.sub_project -- c.p.sub | C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | 2019-02-11 | not yet calculated | CVE-2019-7738 MISC MISC |
cisco -- meeting_server |
A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected. | 2019-02-08 | not yet calculated | CVE-2019-1676 BID CISCO |
cisco -- network_assurance_engine |
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). | 2019-02-12 | not yet calculated | CVE-2019-1688 BID CISCO |
cloud_foundry -- credhub_cli |
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | 2019-02-13 | not yet calculated | CVE-2019-3782 BID CONFIRM |
d-circle -- power_egg | Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors. | 2019-02-13 | not yet calculated | CVE-2019-5916 JVN MISC |
d-link -- dir-823g_devices | An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. | 2019-02-16 | not yet calculated | CVE-2019-8392 MISC |
d-link -- dir-878_devices | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field. | 2019-02-12 | not yet calculated | CVE-2019-8317 MISC |
dedecms -- dedecms |
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | 2019-02-16 | not yet calculated | CVE-2019-8362 MISC |
dell -- wyse_password_encoder |
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | 2019-02-13 | not yet calculated | CVE-2018-15781 MISC |
django -- django | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | 2019-02-11 | not yet calculated | CVE-2019-6975 BID MISC MISC UBUNTU MISC MISC |
dundas_data_visualization -- dundas_bi |
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks. | 2019-02-11 | not yet calculated | CVE-2018-18569 MISC |
eclipse -- openj9 |
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. | 2019-02-11 | not yet calculated | CVE-2018-12547 CONFIRM |
eclipse -- openj9 |
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | 2019-02-11 | not yet calculated | CVE-2018-12549 CONFIRM |
enphase_energy -- envoy | XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | 2019-02-09 | not yet calculated | CVE-2019-7677 MISC MISC |
enphase_energy -- envoy | A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | 2019-02-09 | not yet calculated | CVE-2019-7678 MISC MISC |
flatpak -- flatpak | Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | 2019-02-12 | not yet calculated | CVE-2019-8308 MISC MISC MISC |
freebsd -- freebsd | In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. | 2019-02-12 | not yet calculated | CVE-2019-5596 FREEBSD |
freebsd -- freebsd | In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. | 2019-02-12 | not yet calculated | CVE-2019-5595 FREEBSD |
genivia -- gsoap | Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. | 2019-02-09 | not yet calculated | CVE-2019-7659 CONFIRM |
gnome -- keyring |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | 2019-02-12 | not yet calculated | CVE-2018-20781 MISC MISC MISC MISC |
hgiga -- oaklouds_mailsherlock |
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | 2019-02-11 | not yet calculated | CVE-2018-17542 CONFIRM CONFIRM |
hiawatha -- hiawatha |
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | 2019-02-16 | not yet calculated | CVE-2019-8358 CONFIRM |
ibm -- qradar_siem |
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. | 2019-02-15 | not yet calculated | CVE-2017-1695 XF CONFIRM |
ibm -- infosphere_information_server |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. | 2019-02-15 | not yet calculated | CVE-2018-1895 CONFIRM XF |
ibm -- infosphere_information_server |
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. | 2019-02-15 | not yet calculated | CVE-2018-1701 XF CONFIRM |
ibm -- infosphere_information_server |
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. | 2019-02-15 | not yet calculated | CVE-2018-1727 XF CONFIRM |
ibm -- rational_clearcase |
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. | 2019-02-15 | not yet calculated | CVE-2019-4059 XF CONFIRM |
jforum -- jforum | In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued. | 2019-02-12 | not yet calculated | CVE-2019-7550 MISC |
kunbus -- pr100088_modbus_gateway | An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. | 2019-02-12 | not yet calculated | CVE-2019-6549 MISC |
kunbus -- pr100088_modbus_gateway | Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166). | 2019-02-12 | not yet calculated | CVE-2019-6533 MISC |
kunbus -- pr100088_modbus_gateway | PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted. | 2019-02-12 | not yet calculated | CVE-2019-6527 MISC |
mailmate -- mailmate |
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. | 2019-02-11 | not yet calculated | CVE-2018-15588 MISC |
mambo -- cms |
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | 2019-02-15 | not yet calculated | CVE-2013-2565 MISC MISC |
micco -- lhmelting | Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2019-02-13 | not yet calculated | CVE-2019-5913 JVN MISC |
micco -- unarj32.dll | Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2019-02-13 | not yet calculated | CVE-2019-5912 JVN MISC |
micco -- unlha32.dll | Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2019-02-13 | not yet calculated | CVE-2019-5911 JVN MISC |
micco -- unlha32.dll | Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2019-02-13 | not yet calculated | CVE-2018-16189 JVN MISC |
micco -- unlha32.dll_and_unarj32.dll_and_lhmelting_and_lmlzh32.dll |
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2019-02-13 | not yet calculated | CVE-2018-16190 JVN MISC MISC MISC MISC |
micro_focus -- solutions_business_manager |
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 2019-02-12 | not yet calculated | CVE-2018-19645 CONFIRM |
msmtp -- msmtp |
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | 2019-02-13 | not yet calculated | CVE-2019-8337 CONFIRM |
multiple_vendors -- runc |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | 2019-02-11 | not yet calculated | CVE-2019-5736 BID REDHAT REDHAT MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC EXPLOIT-DB EXPLOIT-DB MISC MISC |
musicloud -- musicloud |
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). | 2019-02-16 | not yet calculated | CVE-2019-8389 MISC |
open_source_solution_technology_corporation -- openam | Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | 2019-02-13 | not yet calculated | CVE-2019-5915 JVN MISC MISC |
open_source_solution_technology_corporation -- openam | OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors. | 2019-02-13 | not yet calculated | CVE-2018-0696 JVN MISC MISC |
phpscriptsmall.com -- responsive_video_news_script | PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | 2019-02-16 | not yet calculated | CVE-2019-8361 MISC MISC |
pmd -- pmd |
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) | 2019-02-11 | not yet calculated | CVE-2019-7722 MISC |
qualcomm -- snapdragon | If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660. | 2019-02-11 | not yet calculated | CVE-2018-11855 CONFIRM |
qualcomm -- snapdragon | Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016 | 2019-02-11 | not yet calculated | CVE-2018-11847 BID CONFIRM |
rubygems -- fileutils | Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | 2019-02-15 | not yet calculated | CVE-2013-2516 MISC MISC |
sap -- abap_platform |
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. | 2019-02-15 | not yet calculated | CVE-2019-0265 BID MISC MISC |
sap -- businessobjects |
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | 2019-02-15 | not yet calculated | CVE-2019-0259 BID MISC MISC |
sap -- disclosure_management |
SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2019-02-15 | not yet calculated | CVE-2019-0258 BID MISC MISC |
sap -- disclosure_management |
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | not yet calculated | CVE-2019-0254 BID MISC MISC |
sap -- fiori_launchpad |
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | not yet calculated | CVE-2019-0251 BID MISC MISC |
sap -- hana_extended_application_services |
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | 2019-02-15 | not yet calculated | CVE-2019-0266 BID MISC MISC |
sap -- hana_extended_application_services |
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). | 2019-02-15 | not yet calculated | CVE-2019-0261 BID MISC MISC |
sap -- manufacturing_integration_and_intelligence |
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | 2019-02-15 | not yet calculated | CVE-2019-0267 BID MISC MISC |
sap -- netweaver_as_abap_platform |
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2019-02-15 | not yet calculated | CVE-2019-0257 BID MISC MISC |
sap -- netweaver_as_abap_platform |
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. | 2019-02-15 | not yet calculated | CVE-2019-0255 BID MISC MISC |
sap -- webintelligence_bilaunchpad |
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | not yet calculated | CVE-2019-0262 BID MISC MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | 2019-02-15 | not yet calculated | CVE-2019-8357 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. | 2019-02-15 | not yet calculated | CVE-2019-8354 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. | 2019-02-15 | not yet calculated | CVE-2019-8356 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. | 2019-02-15 | not yet calculated | CVE-2019-8355 MISC |
tcpcrypt -- boks |
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. | 2019-02-08 | not yet calculated | CVE-2018-20764 CONFIRM |
tcpreplay -- tcpreplay | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8381 MISC MISC |
tcpreplay -- tcpreplay | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8377 MISC MISC |
tcpreplay -- tcpreplay |
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | not yet calculated | CVE-2019-8376 MISC MISC |
themerig -- find_a_place_cms_directory | Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | 2019-02-16 | not yet calculated | CVE-2019-8360 MISC |
tibco -- silver_fabric |
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1. | 2019-02-13 | not yet calculated | CVE-2018-12409 BID MISC CONFIRM |
ua_parser_project -- uap_core |
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.) | 2019-02-13 | not yet calculated | CVE-2018-20164 MISC MISC MISC |
ubiquiti_networks -- airmax_and_edgemax |
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. | 2019-02-12 | not yet calculated | CVE-2017-0938 MISC MISC MISC |
verydows -- verydows |
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | 2019-02-16 | not yet calculated | CVE-2019-8363 MISC |
wecon -- levistudiou | Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | 2019-02-12 | not yet calculated | CVE-2019-6537 BID MISC |
wordpress -- wordpress | Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. | 2019-02-15 | not yet calculated | CVE-2015-4617 MISC MISC |
wordpress -- wordpress |
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables | 2019-02-15 | not yet calculated | CVE-2015-4615 MISC MISC |
xerox -- workcentre |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. | 2019-02-10 | not yet calculated | CVE-2018-20767 CONFIRM |
xerox -- workcentre |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. | 2019-02-10 | not yet calculated | CVE-2018-20768 CONFIRM |
xerox -- workcentre |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | 2019-02-10 | not yet calculated | CVE-2018-20769 CONFIRM |
xerox -- workcentre |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. | 2019-02-10 | not yet calculated | CVE-2018-20771 CONFIRM |
xerox -- workcentre |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | 2019-02-10 | not yet calculated | CVE-2018-20770 CONFIRM |
yingzhi -- python_programming_language | Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage | 2019-02-15 | not yet calculated | CVE-2013-5654 MISC MISC |
yokogawa -- multiple_products | License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors. | 2019-02-13 | not yet calculated | CVE-2019-5909 MISC BID MISC |
zoho_manageengine -- servicedesk_plus | Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 2019-02-16 | not yet calculated | CVE-2019-8394 CONFIRM |
zoho_manageengine -- servicedesk_plus | An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 2019-02-16 | not yet calculated | CVE-2019-8395 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB19-049
Comments
Post a Comment