US-CERT - SB19-056: Vulnerability Summary for the Week of February 18, 2019
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- hyperflex_hx_data_platform | A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a). | 2019-02-20 | 8.3 | CVE-2018-15380 BID CISCO |
cisco -- hyperflex_hx_data_platform | A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a). | 2019-02-21 | 7.2 | CVE-2019-1664 BID CISCO |
dasannetworks -- h665_firmware | The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | 2019-02-19 | 10.0 | CVE-2019-8950 MISC MISC |
easy2map -- easy2map-photos | Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables | 2019-02-15 | 7.5 | CVE-2015-4615 MISC MISC |
fastweb -- fastgate_firmware | The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. | 2019-02-21 | 10.0 | CVE-2018-20122 MISC |
fileutils_project -- fileutils | Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | 2019-02-15 | 9.3 | CVE-2013-2516 MISC MISC |
hotels_server_project -- hotels_server | Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | 2019-02-17 | 7.5 | CVE-2019-8393 MISC |
intel -- unite | Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access. | 2019-02-18 | 7.5 | CVE-2019-0101 BID CONFIRM |
kohanaframework -- kohana | Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled. | 2019-02-21 | 7.5 | CVE-2019-8979 MISC |
libexif_project -- libexif | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | 2019-02-20 | 7.8 | CVE-2018-20030 MISC MISC |
libraw -- libraw | An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | 2019-02-20 | 7.8 | CVE-2018-5819 MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | 2019-02-22 | 7.5 | CVE-2018-20784 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | 2019-02-18 | 7.5 | CVE-2019-8912 MISC BID |
linux -- linux_kernel | A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. | 2019-02-21 | 7.8 | CVE-2019-8980 BID MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | 2019-02-22 | 7.8 | CVE-2019-9003 MISC MISC MISC |
microfocus -- filr | A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | 2019-02-20 | 7.2 | CVE-2019-3475 MISC MISC |
netis-systems -- wf2411_firmware | On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. | 2019-02-21 | 9.0 | CVE-2019-8985 MISC |
papercut -- papercut_mf | PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | 2019-02-19 | 7.5 | CVE-2019-8948 MISC MISC |
pixeline -- bugs | An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. | 2019-02-22 | 7.5 | CVE-2019-9002 MISC MISC |
sap -- businessobjects | SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | 2019-02-15 | 7.5 | CVE-2019-0259 BID MISC MISC |
solarwinds -- orion_network_performance_monitor | SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | 2019-02-18 | 10.0 | CVE-2019-8917 BID MISC |
sqlalchemy -- sqlalchemy | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | 2019-02-19 | 7.5 | CVE-2019-7164 MISC |
themerig -- find_a_place_cms_directory | Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | 2019-02-16 | 7.5 | CVE-2019-8360 MISC |
tintin++_project -- tintin++ | Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. | 2019-02-18 | 7.5 | CVE-2019-7629 MISC MISC MISC |
wtcms_project -- wtcms | An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header. | 2019-02-18 | 7.5 | CVE-2019-8908 MISC |
yingzhipython_project -- yingzhipython | Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage | 2019-02-15 | 9.4 | CVE-2013-5654 MISC MISC |
zoneminder -- zoneminder | ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | 2019-02-17 | 7.5 | CVE-2019-8423 MISC MISC |
zoneminder -- zoneminder | ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | 2019-02-17 | 7.5 | CVE-2019-8424 MISC MISC |
zoneminder -- zoneminder | daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. | 2019-02-17 | 7.5 | CVE-2019-8427 MISC |
zoneminder -- zoneminder | ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | 2019-02-17 | 7.5 | CVE-2019-8428 MISC MISC |
zoneminder -- zoneminder | ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | 2019-02-17 | 7.5 | CVE-2019-8429 MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
appneta -- tcpreplay | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8376 BID MISC MISC |
appneta -- tcpreplay | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8377 BID MISC MISC |
appneta -- tcpreplay | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8381 MISC MISC |
ascellamobile -- musicloud | A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). | 2019-02-16 | 4.8 | CVE-2019-8389 MISC |
axiosys -- bento4 | An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8378 MISC MISC |
axiosys -- bento4 | An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8380 MISC MISC |
axiosys -- bento4 | An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | 2019-02-16 | 6.8 | CVE-2019-8382 MISC MISC |
bagesoft -- bagecms | upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | 2019-02-17 | 6.5 | CVE-2019-8421 MISC |
bosch -- smart_camera | An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | 2019-02-22 | 5.1 | CVE-2019-7728 CONFIRM |
cisco -- firepower_9000_firmware | A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected. | 2019-02-21 | 5.7 | CVE-2019-1700 BID CISCO |
cisco -- hyperflex_hx_data_platform | A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected. | 2019-02-21 | 4.3 | CVE-2019-1665 BID CISCO |
cisco -- hyperflex_hx_data_platform | A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected. | 2019-02-21 | 5.0 | CVE-2019-1666 BID CISCO |
cisco -- ios_xr | A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled. | 2019-02-21 | 5.0 | CVE-2019-1681 BID CISCO |
cisco -- prime_collaboration_assurance | A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2. | 2019-02-21 | 6.4 | CVE-2019-1662 BID CISCO |
cisco -- prime_infrastructure | A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default. | 2019-02-21 | 5.8 | CVE-2019-1659 BID CISCO |
cisco -- unity_connection | A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected. | 2019-02-21 | 4.3 | CVE-2019-1685 BID CISCO |
cmseasy -- cmseasy | In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | 2019-02-17 | 4.3 | CVE-2019-8432 MISC |
cmseasy -- cmseasy | In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | 2019-02-17 | 4.3 | CVE-2019-8434 MISC |
cmswing -- cmswing | global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | 2019-02-17 | 5.0 | CVE-2019-7649 MISC |
dedecms -- dedecms | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | 2019-02-16 | 5.0 | CVE-2019-8362 MISC |
dedecms -- dedecms | In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | 2019-02-18 | 6.5 | CVE-2019-8933 MISC |
dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. | 2019-02-16 | 5.0 | CVE-2019-8392 MISC |
easy2map -- easy2map-photos | Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. | 2019-02-15 | 5.0 | CVE-2015-4617 MISC MISC |
eclipse -- wakaama | In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory. | 2019-02-22 | 5.0 | CVE-2019-9004 MISC |
feifeicms -- feifeicms | FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | 2019-02-17 | 6.5 | CVE-2019-8412 MISC |
file_project -- file | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | 2019-02-18 | 6.8 | CVE-2019-8904 MISC |
file_project -- file | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | 2019-02-18 | 6.8 | CVE-2019-8905 MISC |
file_project -- file | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | 2019-02-18 | 6.8 | CVE-2019-8906 MISC MISC |
file_project -- file | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | 2019-02-18 | 6.8 | CVE-2019-8907 MISC |
google -- chrome | Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. | 2019-02-19 | 4.3 | CVE-2019-5754 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | 2019-02-19 | 5.8 | CVE-2019-5755 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | 2019-02-19 | 6.8 | CVE-2019-5756 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5757 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5758 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5759 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5760 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5761 BID REDHAT CONFIRM MISC |
google -- chrome | Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | 2019-02-19 | 6.8 | CVE-2019-5762 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5763 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5764 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. | 2019-02-19 | 4.3 | CVE-2019-5765 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2019-02-19 | 4.3 | CVE-2019-5766 REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | 2019-02-19 | 4.3 | CVE-2019-5767 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | 2019-02-19 | 4.3 | CVE-2019-5768 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5769 REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5770 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5771 BID REDHAT CONFIRM MISC |
google -- chrome | Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2019-02-19 | 6.8 | CVE-2019-5772 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 2019-02-19 | 4.3 | CVE-2019-5773 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | 2019-02-19 | 6.8 | CVE-2019-5774 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2019-02-19 | 4.3 | CVE-2019-5775 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2019-02-19 | 4.3 | CVE-2019-5776 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2019-02-19 | 4.3 | CVE-2019-5777 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. | 2019-02-19 | 4.3 | CVE-2019-5778 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2019-02-19 | 4.3 | CVE-2019-5779 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | 2019-02-19 | 4.6 | CVE-2019-5780 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2019-02-19 | 4.3 | CVE-2019-5781 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5782 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | 2019-02-19 | 6.8 | CVE-2019-5783 CONFIRM MISC DEBIAN |
hdfgroup -- hdf5 | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." | 2019-02-17 | 4.3 | CVE-2019-8396 MISC |
hdfgroup -- hdf5 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | 2019-02-17 | 4.3 | CVE-2019-8397 MISC |
hdfgroup -- hdf5 | An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | 2019-02-17 | 4.3 | CVE-2019-8398 MISC |
hongcms_project -- hongcms | HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | 2019-02-17 | 5.5 | CVE-2019-8407 MISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. | 2019-02-15 | 6.0 | CVE-2018-1701 XF CONFIRM |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. | 2019-02-15 | 6.4 | CVE-2018-1727 XF CONFIRM |
ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. | 2019-02-15 | 5.0 | CVE-2017-1695 BID XF CONFIRM |
ibm -- rational_clearcase | IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. | 2019-02-15 | 5.0 | CVE-2019-4059 XF CONFIRM |
idreamsoft -- icms | An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | 2019-02-18 | 4.9 | CVE-2019-8902 MISC |
indexhibit -- indexhibit | In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. | 2019-02-20 | 6.5 | CVE-2019-8954 MISC |
jenkins -- cloud_foundry | A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-02-20 | 4.0 | CVE-2019-1003025 CONFIRM |
jenkins -- jms_messaging | A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | 2019-02-20 | 4.0 | CVE-2019-1003028 CONFIRM |
jenkins -- mattermost | A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | 2019-02-20 | 4.0 | CVE-2019-1003026 CONFIRM |
jenkins -- octopusdeploy | A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | 2019-02-20 | 4.0 | CVE-2019-1003027 CONFIRM |
jenkins -- script_security | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 2019-02-20 | 6.5 | CVE-2019-1003024 CONFIRM |
jtbc -- jtbc_php | JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. | 2019-02-17 | 5.0 | CVE-2019-8433 MISC |
libraw -- libraw | A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | 2019-02-20 | 5.0 | CVE-2018-5817 MISC MISC |
libraw -- libraw | An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. | 2019-02-20 | 5.0 | CVE-2018-5818 MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | 2019-02-15 | 5.8 | CVE-2019-6974 MISC BID MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
mambo-foundation -- mambo_cms | A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | 2019-02-15 | 5.0 | CVE-2013-2565 MISC MISC |
mcafee -- getsusp | Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows. | 2019-02-21 | 4.3 | CVE-2018-6687 BID CONFIRM |
microfocus -- filr | A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | 2019-02-20 | 4.0 | CVE-2019-3474 MISC MISC |
mikrotik -- routeros | MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. | 2019-02-20 | 5.0 | CVE-2019-3924 MISC |
mopcms -- mopcms | A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site. | 2019-02-22 | 6.4 | CVE-2019-9015 MISC |
mopcms -- mopcms | An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | 2019-02-22 | 4.3 | CVE-2019-9016 MISC |
octopus -- octopus_deploy | An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | 2019-02-19 | 4.0 | CVE-2019-8944 MISC MISC |
onefilecms_project -- onefilecms | OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. | 2019-02-17 | 4.0 | CVE-2019-8408 MISC |
ory -- hydra | ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | 2019-02-17 | 4.3 | CVE-2019-8400 MISC MISC MISC MISC MISC |
pbootcms -- pbootcms | A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | 2019-02-17 | 6.5 | CVE-2019-8422 MISC |
php -- php | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. | 2019-02-21 | 5.0 | CVE-2018-20783 MISC MISC MISC |
responsive_video_news_script_project -- responsive_video_news_script | PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | 2019-02-16 | 4.3 | CVE-2019-8361 MISC MISC |
sap -- advanced_business_application_programming_platform_kernel | SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. | 2019-02-15 | 5.5 | CVE-2019-0255 BID MISC MISC |
sap -- businessobjects | The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | 4.3 | CVE-2019-0251 BID MISC MISC |
sap -- disclosure_management | SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2019-02-15 | 6.5 | CVE-2019-0258 BID MISC MISC |
sap -- hana_extended_application_services | Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | 2019-02-15 | 5.0 | CVE-2019-0266 BID MISC MISC |
sap -- manufacturing_integration_and_intelligence | SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | 2019-02-15 | 6.8 | CVE-2019-0267 BID MISC MISC |
sap -- netweaver_abap | Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2019-02-15 | 6.5 | CVE-2019-0257 BID MISC MISC |
seacms -- seacms | SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | 2019-02-17 | 4.0 | CVE-2019-8418 MISC |
seafile -- seadroid | The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 2019-02-18 | 5.0 | CVE-2019-8919 MISC |
seafile -- seafile | Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 2019-02-20 | 5.0 | CVE-2013-7469 MISC MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. | 2019-02-15 | 4.3 | CVE-2019-8354 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. | 2019-02-15 | 4.3 | CVE-2019-8355 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. | 2019-02-15 | 4.3 | CVE-2019-8356 MISC |
sound_exchange_project -- sound_exchange | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | 2019-02-15 | 4.3 | CVE-2019-8357 MISC |
tautulli -- tautulli | data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | 2019-02-19 | 4.3 | CVE-2019-8939 MISC |
torproject -- tor | In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. | 2019-02-21 | 5.0 | CVE-2019-8955 BID MISC MISC |
verydows -- verydows | Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | 2019-02-16 | 4.3 | CVE-2019-8363 MISC |
vnote_project -- vnote | VNote 2.2 has XSS via a new text note. | 2019-02-17 | 4.3 | CVE-2019-8419 MISC |
wavemaker -- wavemarker_studio | com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | 2019-02-21 | 6.8 | CVE-2019-8982 EXPLOIT-DB |
wordpress -- wordpress | WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | 2019-02-19 | 6.5 | CVE-2019-8942 BID MISC |
wordpress -- wordpress | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. | 2019-02-19 | 4.0 | CVE-2019-8943 BID MISC |
wtcms_project -- wtcms | An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. | 2019-02-18 | 5.0 | CVE-2019-8909 MISC |
wtcms_project -- wtcms | An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | 2019-02-18 | 6.8 | CVE-2019-8910 MISC |
wtcms_project -- wtcms | An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). | 2019-02-18 | 4.3 | CVE-2019-8911 MISC |
xiaomi -- mi_mix_2_firmware | On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | 2019-02-17 | 4.9 | CVE-2019-8413 MISC |
zabbix -- zabbix | Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 2019-02-17 | 5.8 | CVE-2016-10742 MISC MISC |
zoneminder -- zoneminder | includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | 2019-02-17 | 4.3 | CVE-2019-8425 MISC MISC |
zoneminder -- zoneminder | skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | 2019-02-17 | 4.3 | CVE-2019-8426 MISC MISC |
zzcms -- zzcms | admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | 2019-02-17 | 6.4 | CVE-2019-8411 MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
atlassian -- crucible | The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | 2019-02-20 | 3.5 | CVE-2018-20240 BID CONFIRM CONFIRM |
atlassian -- crucible | The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | 2019-02-20 | 3.5 | CVE-2018-20241 BID CONFIRM CONFIRM |
bosch -- smart_camera | An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | 2019-02-22 | 2.1 | CVE-2019-7729 CONFIRM |
cisco -- hyperflex_hx_data_platform | A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. | 2019-02-21 | 2.1 | CVE-2019-1667 BID CISCO |
ibm -- infosphere_information_governance_catalog | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. | 2019-02-15 | 3.5 | CVE-2018-1895 CONFIRM XF |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. | 2019-02-19 | 3.5 | CVE-2018-1996 XF CONFIRM |
intel -- openvino | Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access. | 2019-02-18 | 2.1 | CVE-2019-0127 BID CONFIRM |
intel -- proset/wireless | Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access. | 2019-02-18 | 2.1 | CVE-2018-12159 CONFIRM |
o-dyn -- collabtive | Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | 2019-02-19 | 3.5 | CVE-2019-8935 MISC |
phpmywind -- phpmywind | admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | 2019-02-17 | 3.5 | CVE-2019-8435 MISC |
qemu -- qemu | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. | 2019-02-19 | 2.1 | CVE-2019-3812 BID CONFIRM |
sap -- businessobjects_bi_platform | SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | 3.5 | CVE-2019-0262 BID MISC MISC |
splunk -- splunk | Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | 2019-02-20 | 3.5 | CVE-2019-5727 BID MISC |
txjia -- imcat | imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | 2019-02-17 | 3.5 | CVE-2019-8436 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
vembu -- storegrid | Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | 2019-02-23 | not yet calculated | CVE-2014-10078 MISC MISC |
vembu -- storegrid | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | 2019-02-23 | not yet calculated | CVE-2014-10079 MISC MISC MISC |
semco_software_engineering -- semcosoft | A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | 2019-02-23 | not yet calculated | CVE-2018-18692 MISC |
avi_networks -- avi_vantage | Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | 2019-02-19 | not yet calculated | CVE-2018-19106 MISC |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386. | 2019-02-21 | not yet calculated | CVE-2018-1944 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. | 2019-02-21 | not yet calculated | CVE-2018-1945 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. | 2019-02-21 | not yet calculated | CVE-2018-1946 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427. | 2019-02-21 | not yet calculated | CVE-2018-1947 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428. | 2019-02-21 | not yet calculated | CVE-2018-1948 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429. | 2019-02-21 | not yet calculated | CVE-2018-1949 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430. | 2019-02-21 | not yet calculated | CVE-2018-1950 XF CONFIRM |
codesys_group -- codesys_products | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. | 2019-02-19 | not yet calculated | CVE-2018-20025 BID MISC |
codesys_group -- codesys_products | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | 2019-02-19 | not yet calculated | CVE-2018-20026 BID MISC |
ibm -- robotic_process_automation_with_automation_anywhere | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008. | 2019-02-21 | not yet calculated | CVE-2018-2006 BID XF CONFIRM |
liquidware_labs -- profileunity | An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. | 2019-02-20 | not yet calculated | CVE-2018-20146 MISC |
wordpress -- wordpress |
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. | 2019-02-17 | not yet calculated | CVE-2018-20782 MISC EXPLOIT-DB |
neato_robotics -- neato_botvac_connected_devices | Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials. | 2019-02-23 | not yet calculated | CVE-2018-20785 MISC |
intel -- usb_3.0_extensible_host_controller_driver | Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. | 2019-02-18 | not yet calculated | CVE-2018-3700 BID CONFIRM |
sonicwall -- sonicos_gen_5 | In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier. | 2019-02-19 | not yet calculated | CVE-2018-9867 CONFIRM MISC |
intel -- data_center_manager_sdk | Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2019-02-18 | not yet calculated | CVE-2019-0102 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | 2019-02-18 | not yet calculated | CVE-2019-0103 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | 2019-02-18 | not yet calculated | CVE-2019-0104 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. | 2019-02-18 | not yet calculated | CVE-2019-0105 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-02-18 | not yet calculated | CVE-2019-0106 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-02-18 | not yet calculated | CVE-2019-0107 BID CONFIRM |
intel -- data_center_manager_sdk | Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. | 2019-02-18 | not yet calculated | CVE-2019-0108 BID CONFIRM |
intel -- data_center_manager_sdk | Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-02-18 | not yet calculated | CVE-2019-0109 BID CONFIRM |
intel -- data_center_manager_sdk | Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | 2019-02-18 | not yet calculated | CVE-2019-0110 BID CONFIRM |
intel -- data_center_manager_sdk | Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | 2019-02-18 | not yet calculated | CVE-2019-0111 BID CONFIRM |
intel -- data_center_manager_sdk | Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access. | 2019-02-18 | not yet calculated | CVE-2019-0112 BID CONFIRM |
sap -- disclosure_management | SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-02-15 | not yet calculated | CVE-2019-0254 BID MISC MISC |
cisco -- ip_phone_7800_and_8800_series | A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected. | 2019-02-21 | not yet calculated | CVE-2019-1684 BID CISCO |
cisco -- firepower_threat_defense_software | A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected. | 2019-02-21 | not yet calculated | CVE-2019-1691 BID CISCO |
cisco -- internet_of_things_field_network_director_software | A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. | 2019-02-21 | not yet calculated | CVE-2019-1698 BID CISCO |
drupal -- drupal |
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) | 2019-02-21 | not yet calculated | CVE-2019-6340 BID CONFIRM CONFIRM |
mirc -- mirc |
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable). | 2019-02-18 | not yet calculated | CVE-2019-6453 MISC MISC MISC MISC EXPLOIT-DB MISC |
citrix -- netscaler_gateway | Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | 2019-02-22 | not yet calculated | CVE-2019-6485 BID MISC |
amazon -- fire_os | Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | 2019-02-16 | not yet calculated | CVE-2019-7399 BID MISC |
bootstrap -- bootstrap | In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | 2019-02-20 | not yet calculated | CVE-2019-8331 MISC MISC |
hiawatha -- hiawatha | In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | 2019-02-16 | not yet calculated | CVE-2019-8358 CONFIRM |
lg -- device_manager | The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. | 2019-02-18 | not yet calculated | CVE-2019-8372 MISC MISC MISC |
advancecomp -- advancecomp | An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | 2019-02-16 | not yet calculated | CVE-2019-8379 MISC MISC |
advancecomp -- advancecomp | An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | 2019-02-16 | not yet calculated | CVE-2019-8383 MISC MISC |
zoho_manageengine -- servicedesk_plus | Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 2019-02-16 | not yet calculated | CVE-2019-8394 BID EXPLOIT-DB CONFIRM |
zoho_manageengine -- servicedesk_plus | An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 2019-02-16 | not yet calculated | CVE-2019-8395 CONFIRM |
total.js -- total.js |
index.js in Total.js Platform before 3.2.3 allows path traversal. | 2019-02-18 | not yet calculated | CVE-2019-8903 MISC MISC |
pfsense -- pfsense |
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | 2019-02-20 | not yet calculated | CVE-2019-8953 MISC MISC MISC MISC |
mdaemon_technologies -- mdaemon_webmail | MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | 2019-02-21 | not yet calculated | CVE-2019-8983 MISC |
mdaemon_technologies -- mdaemon_webmail | MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | 2019-02-21 | not yet calculated | CVE-2019-8984 MISC |
signiant -- manager+agents | In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | 2019-02-21 | not yet calculated | CVE-2019-8996 MISC |
british_airways -- entertainment_system | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact. | 2019-02-22 | not yet calculated | CVE-2019-9019 MISC |
php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. | 2019-02-22 | not yet calculated | CVE-2019-9020 MISC MISC |
php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. | 2019-02-22 | not yet calculated | CVE-2019-9021 MISC |
php -- php | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. | 2019-02-22 | not yet calculated | CVE-2019-9022 MISC |
php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. | 2019-02-22 | not yet calculated | CVE-2019-9023 MISC MISC MISC MISC MISC MISC MISC |
php -- php | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. | 2019-02-22 | not yet calculated | CVE-2019-9024 MISC |
php -- php | An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data. | 2019-02-22 | not yet calculated | CVE-2019-9025 MISC |
matio -- matio |
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9026 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9027 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9028 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9029 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9030 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. | 2019-02-23 | not yet calculated | CVE-2019-9031 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. | 2019-02-23 | not yet calculated | CVE-2019-9032 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9033 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9034 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9035 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9036 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | 2019-02-23 | not yet calculated | CVE-2019-9037 MISC MISC |
matio -- matio | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. | 2019-02-23 | not yet calculated | CVE-2019-9038 MISC MISC |
s-cms -- s-cms_php | S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | 2019-02-23 | not yet calculated | CVE-2019-9040 MISC |
zzzcms -- zzzphp | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | 2019-02-23 | not yet calculated | CVE-2019-9041 MISC |
sitemagic_cms -- sitemagic_cms | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. | 2019-02-23 | not yet calculated | CVE-2019-9042 MISC |
gorose -- gorose |
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | 2019-02-23 | not yet calculated | CVE-2019-9047 MISC |
pluck -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | 2019-02-23 | not yet calculated | CVE-2019-9048 MISC |
pluck -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | 2019-02-23 | not yet calculated | CVE-2019-9049 MISC |
pluck -- pluck | An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. | 2019-02-23 | not yet calculated | CVE-2019-9050 MISC |
pluck -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | 2019-02-23 | not yet calculated | CVE-2019-9051 MISC |
pluck -- pluck | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | 2019-02-23 | not yet calculated | CVE-2019-9052 MISC |
phpscriptsmall.com -- online_food_ordering_script | PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | 2019-02-23 | not yet calculated | CVE-2019-9062 MISC |
phpscriptsmall.com -- auction_website_script | PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. | 2019-02-23 | not yet calculated | CVE-2019-9063 MISC |
phpscriptsmall.com -- cab_booking_script | PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | 2019-02-23 | not yet calculated | CVE-2019-9064 MISC |
phpscriptsmall.com -- custom_t-shirt_ecommerce_script | PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. | 2019-02-23 | not yet calculated | CVE-2019-9065 MISC |
phpscriptsmall.com -- php_appointment_booking_script | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | 2019-02-23 | not yet calculated | CVE-2019-9066 MISC |
gnu -- binutils | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. | 2019-02-23 | not yet calculated | CVE-2019-9070 MISC MISC |
gnu -- binutils | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | 2019-02-23 | not yet calculated | CVE-2019-9071 MISC MISC |
gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | 2019-02-23 | not yet calculated | CVE-2019-9072 MISC MISC MISC |
gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | 2019-02-23 | not yet calculated | CVE-2019-9073 MISC |
gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | 2019-02-23 | not yet calculated | CVE-2019-9074 MISC |
gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | 2019-02-23 | not yet calculated | CVE-2019-9075 MISC |
gnu -- binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. | 2019-02-23 | not yet calculated | CVE-2019-9076 MISC |
gnu -- binutils | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | 2019-02-23 | not yet calculated | CVE-2019-9077 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB19-056
Comments
Post a Comment