US-CERT - SB19-056: Vulnerability Summary for the Week of February 18, 2019

Original release date: February 25, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- hyperflex_hx_data_platform A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a). 2019-02-20 8.3 CVE-2018-15380
BID
CISCO
cisco -- hyperflex_hx_data_platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a). 2019-02-21 7.2 CVE-2019-1664
BID
CISCO
dasannetworks -- h665_firmware The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. 2019-02-19 10.0 CVE-2019-8950
MISC
MISC
easy2map -- easy2map-photos Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables 2019-02-15 7.5 CVE-2015-4615
MISC
MISC
fastweb -- fastgate_firmware The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. 2019-02-21 10.0 CVE-2018-20122
MISC
fileutils_project -- fileutils Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. 2019-02-15 9.3 CVE-2013-2516
MISC
MISC
hotels_server_project -- hotels_server Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. 2019-02-17 7.5 CVE-2019-8393
MISC
intel -- unite Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access. 2019-02-18 7.5 CVE-2019-0101
BID
CONFIRM
kohanaframework -- kohana Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled. 2019-02-21 7.5 CVE-2019-8979
MISC
libexif_project -- libexif An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. 2019-02-20 7.8 CVE-2018-20030
MISC
MISC
libraw -- libraw An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. 2019-02-20 7.8 CVE-2018-5819
MISC
MISC
linux -- linux_kernel In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. 2019-02-22 7.5 CVE-2018-20784
MISC
MISC
MISC
linux -- linux_kernel In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. 2019-02-18 7.5 CVE-2019-8912
MISC
BID
linux -- linux_kernel A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. 2019-02-21 7.8 CVE-2019-8980
BID
MISC
MISC
linux -- linux_kernel In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. 2019-02-22 7.8 CVE-2019-9003
MISC
MISC
MISC
microfocus -- filr A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. 2019-02-20 7.2 CVE-2019-3475
MISC
MISC
netis-systems -- wf2411_firmware On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. 2019-02-21 9.0 CVE-2019-8985
MISC
papercut -- papercut_mf PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. 2019-02-19 7.5 CVE-2019-8948
MISC
MISC
pixeline -- bugs An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. 2019-02-22 7.5 CVE-2019-9002
MISC
MISC
sap -- businessobjects SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. 2019-02-15 7.5 CVE-2019-0259
BID
MISC
MISC
solarwinds -- orion_network_performance_monitor SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. 2019-02-18 10.0 CVE-2019-8917
BID
MISC
sqlalchemy -- sqlalchemy SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. 2019-02-19 7.5 CVE-2019-7164
MISC
themerig -- find_a_place_cms_directory Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. 2019-02-16 7.5 CVE-2019-8360
MISC
tintin++_project -- tintin++ Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. 2019-02-18 7.5 CVE-2019-7629
MISC
MISC
MISC
wtcms_project -- wtcms An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header. 2019-02-18 7.5 CVE-2019-8908
MISC
yingzhipython_project -- yingzhipython Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage 2019-02-15 9.4 CVE-2013-5654
MISC
MISC
zoneminder -- zoneminder ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. 2019-02-17 7.5 CVE-2019-8423
MISC
MISC
zoneminder -- zoneminder ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. 2019-02-17 7.5 CVE-2019-8424
MISC
MISC
zoneminder -- zoneminder daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. 2019-02-17 7.5 CVE-2019-8427
MISC
zoneminder -- zoneminder ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. 2019-02-17 7.5 CVE-2019-8428
MISC
MISC
zoneminder -- zoneminder ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. 2019-02-17 7.5 CVE-2019-8429
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
appneta -- tcpreplay An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8376
BID
MISC
MISC
appneta -- tcpreplay An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8377
BID
MISC
MISC
appneta -- tcpreplay An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8381
MISC
MISC
ascellamobile -- musicloud A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). 2019-02-16 4.8 CVE-2019-8389
MISC
axiosys -- bento4 An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8378
MISC
MISC
axiosys -- bento4 An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8380
MISC
MISC
axiosys -- bento4 An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 6.8 CVE-2019-8382
MISC
MISC
bagesoft -- bagecms upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. 2019-02-17 6.5 CVE-2019-8421
MISC
bosch -- smart_camera An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) 2019-02-22 5.1 CVE-2019-7728
CONFIRM
cisco -- firepower_9000_firmware A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected. 2019-02-21 5.7 CVE-2019-1700
BID
CISCO
cisco -- hyperflex_hx_data_platform A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected. 2019-02-21 4.3 CVE-2019-1665
BID
CISCO
cisco -- hyperflex_hx_data_platform A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected. 2019-02-21 5.0 CVE-2019-1666
BID
CISCO
cisco -- ios_xr A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled. 2019-02-21 5.0 CVE-2019-1681
BID
CISCO
cisco -- prime_collaboration_assurance A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2. 2019-02-21 6.4 CVE-2019-1662
BID
CISCO
cisco -- prime_infrastructure A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default. 2019-02-21 5.8 CVE-2019-1659
BID
CISCO
cisco -- unity_connection A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected. 2019-02-21 4.3 CVE-2019-1685
BID
CISCO
cmseasy -- cmseasy In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. 2019-02-17 4.3 CVE-2019-8432
MISC
cmseasy -- cmseasy In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. 2019-02-17 4.3 CVE-2019-8434
MISC
cmswing -- cmswing global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. 2019-02-17 5.0 CVE-2019-7649
MISC
dedecms -- dedecms DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). 2019-02-16 5.0 CVE-2019-8362
MISC
dedecms -- dedecms In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. 2019-02-18 6.5 CVE-2019-8933
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. 2019-02-16 5.0 CVE-2019-8392
MISC
easy2map -- easy2map-photos Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. 2019-02-15 5.0 CVE-2015-4617
MISC
MISC
eclipse -- wakaama In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory. 2019-02-22 5.0 CVE-2019-9004
MISC
feifeicms -- feifeicms FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. 2019-02-17 6.5 CVE-2019-8412
MISC
file_project -- file do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. 2019-02-18 6.8 CVE-2019-8904
MISC
file_project -- file do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. 2019-02-18 6.8 CVE-2019-8905
MISC
file_project -- file do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. 2019-02-18 6.8 CVE-2019-8906
MISC
MISC
file_project -- file do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. 2019-02-18 6.8 CVE-2019-8907
MISC
google -- chrome Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. 2019-02-19 4.3 CVE-2019-5754
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. 2019-02-19 5.8 CVE-2019-5755
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. 2019-02-19 6.8 CVE-2019-5756
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5757
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5758
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5759
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5760
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5761
BID
REDHAT
CONFIRM
MISC
google -- chrome Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. 2019-02-19 6.8 CVE-2019-5762
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5763
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5764
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. 2019-02-19 4.3 CVE-2019-5765
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-02-19 4.3 CVE-2019-5766
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. 2019-02-19 4.3 CVE-2019-5767
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. 2019-02-19 4.3 CVE-2019-5768
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5769
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5770
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5771
BID
REDHAT
CONFIRM
MISC
google -- chrome Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2019-02-19 6.8 CVE-2019-5772
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. 2019-02-19 4.3 CVE-2019-5773
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. 2019-02-19 6.8 CVE-2019-5774
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-02-19 4.3 CVE-2019-5775
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-02-19 4.3 CVE-2019-5776
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-02-19 4.3 CVE-2019-5777
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. 2019-02-19 4.3 CVE-2019-5778
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-02-19 4.3 CVE-2019-5779
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. 2019-02-19 4.6 CVE-2019-5780
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-02-19 4.3 CVE-2019-5781
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5782
BID
REDHAT
CONFIRM
MISC
DEBIAN
google -- chrome Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. 2019-02-19 6.8 CVE-2019-5783
CONFIRM
MISC
DEBIAN
hdfgroup -- hdf5 A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." 2019-02-17 4.3 CVE-2019-8396
MISC
hdfgroup -- hdf5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. 2019-02-17 4.3 CVE-2019-8397
MISC
hdfgroup -- hdf5 An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. 2019-02-17 4.3 CVE-2019-8398
MISC
hongcms_project -- hongcms HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. 2019-02-17 5.5 CVE-2019-8407
MISC
ibm -- infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. 2019-02-15 6.0 CVE-2018-1701
XF
CONFIRM
ibm -- infosphere_information_server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. 2019-02-15 6.4 CVE-2018-1727
XF
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. 2019-02-15 5.0 CVE-2017-1695
BID
XF
CONFIRM
ibm -- rational_clearcase IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. 2019-02-15 5.0 CVE-2019-4059
XF
CONFIRM
idreamsoft -- icms An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. 2019-02-18 4.9 CVE-2019-8902
MISC
indexhibit -- indexhibit In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. 2019-02-20 6.5 CVE-2019-8954
MISC
jenkins -- cloud_foundry A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-02-20 4.0 CVE-2019-1003025
CONFIRM
jenkins -- jms_messaging A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. 2019-02-20 4.0 CVE-2019-1003028
CONFIRM
jenkins -- mattermost A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. 2019-02-20 4.0 CVE-2019-1003026
CONFIRM
jenkins -- octopusdeploy A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. 2019-02-20 4.0 CVE-2019-1003027
CONFIRM
jenkins -- script_security A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-02-20 6.5 CVE-2019-1003024
CONFIRM
jtbc -- jtbc_php JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. 2019-02-17 5.0 CVE-2019-8433
MISC
libraw -- libraw A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. 2019-02-20 5.0 CVE-2018-5817
MISC
MISC
libraw -- libraw An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. 2019-02-20 5.0 CVE-2018-5818
MISC
MISC
linux -- linux_kernel In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. 2019-02-15 5.8 CVE-2019-6974
MISC
BID
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
mambo-foundation -- mambo_cms A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. 2019-02-15 5.0 CVE-2013-2565
MISC
MISC
mcafee -- getsusp Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows. 2019-02-21 4.3 CVE-2018-6687
BID
CONFIRM
microfocus -- filr A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. 2019-02-20 4.0 CVE-2019-3474
MISC
MISC
mikrotik -- routeros MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. 2019-02-20 5.0 CVE-2019-3924
MISC
mopcms -- mopcms A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site. 2019-02-22 6.4 CVE-2019-9015
MISC
mopcms -- mopcms An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. 2019-02-22 4.3 CVE-2019-9016
MISC
octopus -- octopus_deploy An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. 2019-02-19 4.0 CVE-2019-8944
MISC
MISC
onefilecms_project -- onefilecms OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. 2019-02-17 4.0 CVE-2019-8408
MISC
ory -- hydra ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. 2019-02-17 4.3 CVE-2019-8400
MISC
MISC
MISC
MISC
MISC
pbootcms -- pbootcms A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. 2019-02-17 6.5 CVE-2019-8422
MISC
php -- php In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. 2019-02-21 5.0 CVE-2018-20783
MISC
MISC
MISC
responsive_video_news_script_project -- responsive_video_news_script PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. 2019-02-16 4.3 CVE-2019-8361
MISC
MISC
sap -- advanced_business_application_programming_platform_kernel SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. 2019-02-15 5.5 CVE-2019-0255
BID
MISC
MISC
sap -- businessobjects The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 4.3 CVE-2019-0251
BID
MISC
MISC
sap -- disclosure_management SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-02-15 6.5 CVE-2019-0258
BID
MISC
MISC
sap -- hana_extended_application_services Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. 2019-02-15 5.0 CVE-2019-0266
BID
MISC
MISC
sap -- manufacturing_integration_and_intelligence SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. 2019-02-15 6.8 CVE-2019-0267
BID
MISC
MISC
sap -- netweaver_abap Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-02-15 6.5 CVE-2019-0257
BID
MISC
MISC
seacms -- seacms SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. 2019-02-17 4.0 CVE-2019-8418
MISC
seafile -- seadroid The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. 2019-02-18 5.0 CVE-2019-8919
MISC
seafile -- seafile Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. 2019-02-20 5.0 CVE-2013-7469
MISC
MISC
sound_exchange_project -- sound_exchange An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. 2019-02-15 4.3 CVE-2019-8354
MISC
sound_exchange_project -- sound_exchange An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. 2019-02-15 4.3 CVE-2019-8355
MISC
sound_exchange_project -- sound_exchange An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. 2019-02-15 4.3 CVE-2019-8356
MISC
sound_exchange_project -- sound_exchange An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. 2019-02-15 4.3 CVE-2019-8357
MISC
tautulli -- tautulli data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. 2019-02-19 4.3 CVE-2019-8939
MISC
torproject -- tor In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. 2019-02-21 5.0 CVE-2019-8955
BID
MISC
MISC
verydows -- verydows Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. 2019-02-16 4.3 CVE-2019-8363
MISC
vnote_project -- vnote VNote 2.2 has XSS via a new text note. 2019-02-17 4.3 CVE-2019-8419
MISC
wavemaker -- wavemarker_studio com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. 2019-02-21 6.8 CVE-2019-8982
EXPLOIT-DB
wordpress -- wordpress WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. 2019-02-19 6.5 CVE-2019-8942
BID
MISC
wordpress -- wordpress WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. 2019-02-19 4.0 CVE-2019-8943
BID
MISC
wtcms_project -- wtcms An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. 2019-02-18 5.0 CVE-2019-8909
MISC
wtcms_project -- wtcms An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. 2019-02-18 6.8 CVE-2019-8910
MISC
wtcms_project -- wtcms An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). 2019-02-18 4.3 CVE-2019-8911
MISC
xiaomi -- mi_mix_2_firmware On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). 2019-02-17 4.9 CVE-2019-8413
MISC
zabbix -- zabbix Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. 2019-02-17 5.8 CVE-2016-10742
MISC
MISC
zoneminder -- zoneminder includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. 2019-02-17 4.3 CVE-2019-8425
MISC
MISC
zoneminder -- zoneminder skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. 2019-02-17 4.3 CVE-2019-8426
MISC
MISC
zzcms -- zzcms admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. 2019-02-17 6.4 CVE-2019-8411
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atlassian -- crucible The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. 2019-02-20 3.5 CVE-2018-20240
BID
CONFIRM
CONFIRM
atlassian -- crucible The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. 2019-02-20 3.5 CVE-2018-20241
BID
CONFIRM
CONFIRM
bosch -- smart_camera An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) 2019-02-22 2.1 CVE-2019-7729
CONFIRM
cisco -- hyperflex_hx_data_platform A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. 2019-02-21 2.1 CVE-2019-1667
BID
CISCO
ibm -- infosphere_information_governance_catalog IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. 2019-02-15 3.5 CVE-2018-1895
CONFIRM
XF
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. 2019-02-19 3.5 CVE-2018-1996
XF
CONFIRM
intel -- openvino Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access. 2019-02-18 2.1 CVE-2019-0127
BID
CONFIRM
intel -- proset/wireless Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access. 2019-02-18 2.1 CVE-2018-12159
CONFIRM
o-dyn -- collabtive Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. 2019-02-19 3.5 CVE-2019-8935
MISC
phpmywind -- phpmywind admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. 2019-02-17 3.5 CVE-2019-8435
MISC
qemu -- qemu QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. 2019-02-19 2.1 CVE-2019-3812
BID
CONFIRM
sap -- businessobjects_bi_platform SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 3.5 CVE-2019-0262
BID
MISC
MISC
splunk -- splunk Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. 2019-02-20 3.5 CVE-2019-5727
BID
MISC
txjia -- imcat imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. 2019-02-17 3.5 CVE-2019-8436
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
vembu -- storegrid Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. 2019-02-23 not yet calculated CVE-2014-10078
MISC
MISC
vembu -- storegrid In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. 2019-02-23 not yet calculated CVE-2014-10079
MISC
MISC
MISC
semco_software_engineering -- semcosoft A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. 2019-02-23 not yet calculated CVE-2018-18692
MISC
avi_networks -- avi_vantage Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. 2019-02-19 not yet calculated CVE-2018-19106
MISC
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386. 2019-02-21 not yet calculated CVE-2018-1944
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. 2019-02-21 not yet calculated CVE-2018-1945
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388. 2019-02-21 not yet calculated CVE-2018-1946
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427. 2019-02-21 not yet calculated CVE-2018-1947
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428. 2019-02-21 not yet calculated CVE-2018-1948
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429. 2019-02-21 not yet calculated CVE-2018-1949
XF
CONFIRM
ibm -- security_identity_governance_and_intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430. 2019-02-21 not yet calculated CVE-2018-1950
XF
CONFIRM
codesys_group -- codesys_products Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. 2019-02-19 not yet calculated CVE-2018-20025
BID
MISC
codesys_group -- codesys_products Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. 2019-02-19 not yet calculated CVE-2018-20026
BID
MISC
ibm -- robotic_process_automation_with_automation_anywhere IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008. 2019-02-21 not yet calculated CVE-2018-2006
BID
XF
CONFIRM
liquidware_labs -- profileunity An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. 2019-02-20 not yet calculated CVE-2018-20146
MISC
wordpress -- wordpress
 
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. 2019-02-17 not yet calculated CVE-2018-20782
MISC
EXPLOIT-DB
neato_robotics -- neato_botvac_connected_devices Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials. 2019-02-23 not yet calculated CVE-2018-20785
MISC
intel -- usb_3.0_extensible_host_controller_driver Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. 2019-02-18 not yet calculated CVE-2018-3700
BID
CONFIRM
sonicwall -- sonicos_gen_5 In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier. 2019-02-19 not yet calculated CVE-2018-9867
CONFIRM
MISC
intel -- data_center_manager_sdk Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2019-02-18 not yet calculated CVE-2019-0102
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. 2019-02-18 not yet calculated CVE-2019-0103
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. 2019-02-18 not yet calculated CVE-2019-0104
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. 2019-02-18 not yet calculated CVE-2019-0105
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. 2019-02-18 not yet calculated CVE-2019-0106
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. 2019-02-18 not yet calculated CVE-2019-0107
BID
CONFIRM
intel -- data_center_manager_sdk Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. 2019-02-18 not yet calculated CVE-2019-0108
BID
CONFIRM
intel -- data_center_manager_sdk Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-02-18 not yet calculated CVE-2019-0109
BID
CONFIRM
intel -- data_center_manager_sdk Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. 2019-02-18 not yet calculated CVE-2019-0110
BID
CONFIRM
intel -- data_center_manager_sdk Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. 2019-02-18 not yet calculated CVE-2019-0111
BID
CONFIRM
intel -- data_center_manager_sdk Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access. 2019-02-18 not yet calculated CVE-2019-0112
BID
CONFIRM
sap -- disclosure_management SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 not yet calculated CVE-2019-0254
BID
MISC
MISC
cisco -- ip_phone_7800_and_8800_series A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected. 2019-02-21 not yet calculated CVE-2019-1684
BID
CISCO
cisco -- firepower_threat_defense_software A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected. 2019-02-21 not yet calculated CVE-2019-1691
BID
CISCO
cisco -- internet_of_things_field_network_director_software A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. 2019-02-21 not yet calculated CVE-2019-1698
BID
CISCO
drupal -- drupal
 
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) 2019-02-21 not yet calculated CVE-2019-6340
BID
CONFIRM
CONFIRM
mirc -- mirc
 
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable). 2019-02-18 not yet calculated CVE-2019-6453
MISC
MISC
MISC
MISC
EXPLOIT-DB
MISC
citrix -- netscaler_gateway Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. 2019-02-22 not yet calculated CVE-2019-6485
BID
MISC
amazon -- fire_os Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. 2019-02-16 not yet calculated CVE-2019-7399
BID
MISC
bootstrap -- bootstrap In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. 2019-02-20 not yet calculated CVE-2019-8331
MISC
MISC
hiawatha -- hiawatha In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. 2019-02-16 not yet calculated CVE-2019-8358
CONFIRM
lg -- device_manager The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. 2019-02-18 not yet calculated CVE-2019-8372
MISC
MISC
MISC
advancecomp -- advancecomp An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. 2019-02-16 not yet calculated CVE-2019-8379
MISC
MISC
advancecomp -- advancecomp An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. 2019-02-16 not yet calculated CVE-2019-8383
MISC
MISC
zoho_manageengine -- servicedesk_plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. 2019-02-16 not yet calculated CVE-2019-8394
BID
EXPLOIT-DB
CONFIRM
zoho_manageengine -- servicedesk_plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. 2019-02-16 not yet calculated CVE-2019-8395
CONFIRM
total.js -- total.js
 
index.js in Total.js Platform before 3.2.3 allows path traversal. 2019-02-18 not yet calculated CVE-2019-8903
MISC
MISC
pfsense -- pfsense
 
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. 2019-02-20 not yet calculated CVE-2019-8953
MISC
MISC
MISC
MISC
mdaemon_technologies -- mdaemon_webmail MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). 2019-02-21 not yet calculated CVE-2019-8983
MISC
mdaemon_technologies -- mdaemon_webmail MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). 2019-02-21 not yet calculated CVE-2019-8984
MISC
signiant -- manager+agents In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. 2019-02-21 not yet calculated CVE-2019-8996
MISC
british_airways -- entertainment_system The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact. 2019-02-22 not yet calculated CVE-2019-9019
MISC
php -- php An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. 2019-02-22 not yet calculated CVE-2019-9020
MISC
MISC
php -- php An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. 2019-02-22 not yet calculated CVE-2019-9021
MISC
php -- php An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. 2019-02-22 not yet calculated CVE-2019-9022
MISC
php -- php An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. 2019-02-22 not yet calculated CVE-2019-9023
MISC
MISC
MISC
MISC
MISC
MISC
MISC
php -- php An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. 2019-02-22 not yet calculated CVE-2019-9024
MISC
php -- php An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data. 2019-02-22 not yet calculated CVE-2019-9025
MISC
matio -- matio
 
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c. 2019-02-23 not yet calculated CVE-2019-9026
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9027
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. 2019-02-23 not yet calculated CVE-2019-9028
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9029
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9030
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. 2019-02-23 not yet calculated CVE-2019-9031
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. 2019-02-23 not yet calculated CVE-2019-9032
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9033
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9034
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9035
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9036
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. 2019-02-23 not yet calculated CVE-2019-9037
MISC
MISC
matio -- matio An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. 2019-02-23 not yet calculated CVE-2019-9038
MISC
MISC
s-cms -- s-cms_php S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. 2019-02-23 not yet calculated CVE-2019-9040
MISC
zzzcms -- zzzphp An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. 2019-02-23 not yet calculated CVE-2019-9041
MISC
sitemagic_cms -- sitemagic_cms An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. 2019-02-23 not yet calculated CVE-2019-9042
MISC
gorose -- gorose
 
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. 2019-02-23 not yet calculated CVE-2019-9047
MISC
pluck -- pluck An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. 2019-02-23 not yet calculated CVE-2019-9048
MISC
pluck -- pluck An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. 2019-02-23 not yet calculated CVE-2019-9049
MISC
pluck -- pluck An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. 2019-02-23 not yet calculated CVE-2019-9050
MISC
pluck -- pluck An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. 2019-02-23 not yet calculated CVE-2019-9051
MISC
pluck -- pluck An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. 2019-02-23 not yet calculated CVE-2019-9052
MISC
phpscriptsmall.com -- online_food_ordering_script PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. 2019-02-23 not yet calculated CVE-2019-9062
MISC
phpscriptsmall.com -- auction_website_script PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. 2019-02-23 not yet calculated CVE-2019-9063
MISC
phpscriptsmall.com -- cab_booking_script PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. 2019-02-23 not yet calculated CVE-2019-9064
MISC
phpscriptsmall.com -- custom_t-shirt_ecommerce_script PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. 2019-02-23 not yet calculated CVE-2019-9065
MISC
phpscriptsmall.com -- php_appointment_booking_script PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. 2019-02-23 not yet calculated CVE-2019-9066
MISC
gnu -- binutils An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. 2019-02-23 not yet calculated CVE-2019-9070
MISC
MISC
gnu -- binutils An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. 2019-02-23 not yet calculated CVE-2019-9071
MISC
MISC
gnu -- binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. 2019-02-23 not yet calculated CVE-2019-9072
MISC
MISC
MISC
gnu -- binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. 2019-02-23 not yet calculated CVE-2019-9073
MISC
gnu -- binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. 2019-02-23 not yet calculated CVE-2019-9074
MISC
gnu -- binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. 2019-02-23 not yet calculated CVE-2019-9075
MISC
gnu -- binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. 2019-02-23 not yet calculated CVE-2019-9076
MISC
gnu -- binutils An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. 2019-02-23 not yet calculated CVE-2019-9077
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB19-056

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"