Vulnerability Summary for the Week of February 4, 2019

Released
Feb 11, 2019
Document ID
SB19-042

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.2019-02-057.5CVE-2019-6519
BID
MISC
advantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.2019-02-057.5CVE-2019-6521
BID
MISC
advantech -- webaccess/scadaWebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.2019-02-057.5CVE-2019-6523
BID
MISC
articatech -- artica_proxyArtica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.2019-02-019.0CVE-2019-7300
MISC
MISC
baijiacms_project -- baijiacmsAn issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.2019-02-077.5CVE-2019-7568
MISC
bijiadao -- waimai_super_cmsAn issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.2019-02-077.5CVE-2019-7585
MISC
bo-blog -- bwBo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.2019-02-077.5CVE-2019-7587
MISC
cisco -- aironet_active_sensorA vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected.2019-02-077.8CVE-2019-1675
BID
CISCO
css-tricks -- chat2An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.2019-02-047.5CVE-2019-7316
MISC
MISC
defaults-deep_project -- defaults-deepA prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.2019-02-017.5CVE-2018-16486
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.2019-02-019.3CVE-2019-7298
BID
MISC
dlink -- dir-823g_firmwareAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.2019-02-047.8CVE-2019-7389
BID
MISC
f5 -- big-ip_local_traffic_managerOn BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.2019-02-057.1CVE-2019-6590
BID
CONFIRM
fastnet -- mailcleanerFastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server.2019-02-049.0CVE-2018-1000999
MISC
fortinet -- fortiosA format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.2019-02-087.5CVE-2018-1352
CONFIRM
haraka_project -- harakaHaraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.2019-02-057.5CVE-2016-1000282
MISC
haxx -- libcurllibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.2019-02-067.5CVE-2019-3823
BID
CONFIRM
MISC
UBUNTU
DEBIAN
lifesize -- networker_220_firmwareLifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.2019-02-089.0CVE-2019-7632
MISC
live555 -- streaming_medialiblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.2019-02-037.5CVE-2019-7314
MISC
MISC
mozilla -- firefoxA use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18500
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18501
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.2019-02-0510.0CVE-2018-18502
BID
UBUNTU
CONFIRM
mozilla -- firefoxA crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.2019-02-057.5CVE-2018-18504
BID
UBUNTU
CONFIRM
mozilla -- firefoxAn earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.2019-02-057.5CVE-2018-18505
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
opt-net -- ng-netmsOPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.2019-02-047.5CVE-2019-1000023
MISC
MISC
MISC
pizzashack -- rsshInsufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.2019-02-067.5CVE-2019-3463
BID
MLIST
MISC
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8793
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.2019-02-057.5CVE-2018-8794
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8795
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8797
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.2019-02-057.5CVE-2018-8800
BID
MISC
wibu -- wibukeyAn exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.2019-02-057.2CVE-2018-3990
MISC
zevenet -- zen_load_balancerZen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.2019-02-019.0CVE-2019-7301
BID
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversionSubversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.2019-02-055.0CVE-2018-11803
BID
CONFIRM
UBUNTU
audacityteam -- audacityAudacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled.2019-02-046.0CVE-2016-1000276
CONFIRM
MISC
bijiadao -- waimai_super_cmsAn issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.2019-02-074.3CVE-2019-7567
MISC
boolector_project -- boolectorIn parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.2019-02-074.3CVE-2019-7560
MISC
MISC
btor2tools_project -- btor2toolsIn btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.2019-02-074.3CVE-2019-7559
MISC
canvasgfx -- canvas_drawAn exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.2019-02-066.8CVE-2018-3973
BID
MISC
canvasgfx -- canvas_drawAn exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.2019-02-066.8CVE-2018-3976
BID
MISC
chamilo -- chamilo_lmsChamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.2019-02-044.0CVE-2019-1000017
MISC
MISC
cisco -- firepower_management_centerA vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2019-02-074.3CVE-2019-1671
BID
CISCO
cisco -- meeting_serverA vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.2019-02-074.0CVE-2019-1678
BID
CISCO
cisco -- telepresence_management_suiteA vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.2019-02-074.3CVE-2019-1661
BID
CISCO
cisco -- unified_intelligence_centerA vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.2019-02-074.3CVE-2019-1670
BID
CISCO
cszcms -- csz_cmsCSZ CMS 1.1.8 has CSRF via admin/users/new/add.2019-02-076.8CVE-2019-7566
MISC
dlink -- dir-823g_firmwareAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.2019-02-045.0CVE-2019-7388
BID
MISC
express-cart_project -- express-cartA deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.2019-02-016.5CVE-2018-16483
MISC
ffmpeg -- ffmpegFFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.2019-02-044.3CVE-2019-1000016
MISC
fortiguard -- forticlientA null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.2019-02-084.9CVE-2018-9190
CONFIRM
freedesktop -- popplerIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.2019-02-026.8CVE-2019-7310
BID
MISC
MISC
gpac_project -- gpacIn GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.2019-02-066.8CVE-2018-20760
MISC
MISC
gpac_project -- gpacGPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.2019-02-066.8CVE-2018-20761
MISC
MISC
gpac_project -- gpacGPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.2019-02-066.8CVE-2018-20762
MISC
MISC
gpac_project -- gpacIn GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.2019-02-066.8CVE-2018-20763
MISC
MISC
grafana -- piechart-panelThe Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.2019-02-064.3CVE-2015-9282
MISC
MISC
MISC
MISC
gurock -- testrailindex.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.2019-02-075.0CVE-2019-7535
MISC
html-pages_project -- html-pagesA XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.2019-02-014.3CVE-2018-16481
MISC
http-live-simulator_project -- http-live-simulatorPath traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.2019-02-015.0CVE-2018-16479
MISC
ibm -- api_connectAPI Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.2019-02-075.0CVE-2019-4008
XF
CONFIRM
ibm -- integration_busIBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.2019-02-045.0CVE-2018-1801
CONFIRM
XF
ibm -- security_identity_managerIBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.2019-02-044.6CVE-2019-4038
XF
CONFIRM
ibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.2019-02-045.0CVE-2018-1675
CONFIRM
XF
imagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.2019-02-045.0CVE-2019-7395
BID
MISC
MISC
imagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.2019-02-045.0CVE-2019-7396
BID
MISC
MISC
imagemagick -- imagemagickIn ImageMagick before 7.0.8-25, several memory leaks exist in WritePDFImage in coders/pdf.c.2019-02-045.0CVE-2019-7397
BID
MISC
MISC
imagemagick -- imagemagickIn ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.2019-02-045.0CVE-2019-7398
BID
MISC
jenkins -- gitA cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.2019-02-064.3CVE-2019-1003010
CONFIRM
jenkins -- github_oauthAn session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.2019-02-064.3CVE-2019-1003019
CONFIRM
jenkins -- job_importAn XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.2019-02-066.4CVE-2019-1003015
CONFIRM
jenkins -- job_importAn exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-02-064.3CVE-2019-1003016
CONFIRM
jenkins -- monitoringA denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.2019-02-064.3CVE-2019-1003022
CONFIRM
jenkins -- script_securityA sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.2019-02-066.5CVE-2019-1003005
CONFIRM
jenkins -- token_macroAn information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.2019-02-065.5CVE-2019-1003011
CONFIRM
jenkins -- warningsA cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.2019-02-066.8CVE-2019-1003007
CONFIRM
jenkins -- warnings_next_generationA cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.2019-02-066.8CVE-2019-1003008
CONFIRM
jspmyadmin -- jspmyadmin2yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question.2019-02-044.3CVE-2019-1000004
MISC
kanboard -- kanboardapp/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.2019-02-044.3CVE-2019-7324
MISC
MISC
kindsoft -- kindeditorIn KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.2019-02-064.3CVE-2019-7543
MISC
libarchive -- libarchivelibarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.2019-02-044.3CVE-2019-1000019
MISC
MISC
MLIST
UBUNTU
libarchive -- libarchivelibarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.2019-02-044.3CVE-2019-1000020
MISC
MISC
MLIST
UBUNTU
libming -- libmingThe parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.2019-02-076.8CVE-2019-7581
MISC
libming -- libmingThe readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.2019-02-076.8CVE-2019-7582
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.2019-02-076.8CVE-2019-7572
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).2019-02-076.8CVE-2019-7573
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.2019-02-076.8CVE-2019-7574
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.2019-02-076.8CVE-2019-7575
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).2019-02-076.8CVE-2019-7576
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.2019-02-076.8CVE-2019-7577
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.2019-02-076.8CVE-2019-7578
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.2019-02-086.8CVE-2019-7635
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.2019-02-086.8CVE-2019-7636
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.2019-02-086.8CVE-2019-7637
MISC
MISC
libsdl -- simple_directmedia_layerSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.2019-02-086.8CVE-2019-7638
MISC
MISC
linux -- linux_kernelIn the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.2019-02-014.7CVE-2016-10741
MISC
BID
MISC
MISC
MISC
mcafee -- epolicy_orchestratorCross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.2019-02-016.8CVE-2019-3604
BID
CONFIRM
mcstatic-project -- mcstaticA server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.2019-02-015.0CVE-2018-16482
MISC
modx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via the User Photo field.2019-02-064.3CVE-2018-20755
MISC
modx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.2019-02-064.3CVE-2018-20756
MISC
modx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.2019-02-064.3CVE-2018-20757
MISC
mozilla -- firefoxWhen JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.2019-02-056.8CVE-2018-18503
BID
UBUNTU
CONFIRM
mozilla -- firefoxWhen proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.2019-02-054.3CVE-2018-18506
BID
UBUNTU
CONFIRM
opt-net -- ng-netmsOPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity.2019-02-044.3CVE-2019-1000024
MISC
MISC
MISC
pbootcms -- pbootcmsA CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.2019-02-075.8CVE-2019-7570
MISC
phpipam -- phpipamphpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.2019-02-044.3CVE-2019-1000010
MISC
MISC
phpmywind -- phpmywindAn issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.2019-02-054.3CVE-2019-7402
MISC
phpmywind -- phpmywindAn issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.2019-02-055.5CVE-2019-7403
MISC
podofo_project -- podofoAn issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.2019-02-046.8CVE-2018-20751
MISC
MISC
rarlab -- winrarThere is an out-of-bounds writes vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.2019-02-056.8CVE-2018-20252
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.2019-02-055.0CVE-2018-8791
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8792
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8796
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.2019-02-055.0CVE-2018-8798
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).2019-02-055.0CVE-2018-8799
BID
MISC
schneider-electric -- guiconA Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7813
BID
CONFIRM
schneider-electric -- guiconA Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7814
BID
CONFIRM
schneider-electric -- guiconA Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file2019-02-066.8CVE-2018-7815
BID
CONFIRM
schneider-electric -- zelio_soft_2A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file.2019-02-064.4CVE-2018-7817
BID
CONFIRM
spice_project -- spiceSpice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.2019-02-045.4CVE-2019-3813
BID
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
sqlalchemy -- sqlalchemySQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.2019-02-066.8CVE-2019-7548
MISC
MISC
thinkcmf -- thinkcmfThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.2019-02-076.5CVE-2019-7580
MISC
MISC
topnew -- siduAn issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability.2019-02-064.3CVE-2019-7546
MISC
wdoyo -- doyoAn issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.2019-02-076.8CVE-2019-7569
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.2019-02-044.3CVE-2019-7325
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.2019-02-044.3CVE-2019-7326
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7327
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.2019-02-044.3CVE-2019-7328
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.2019-02-044.3CVE-2019-7329
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7330
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.2019-02-044.3CVE-2019-7331
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7332
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7333
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7334
MISC
zoneminder -- zoneminderSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.2019-02-044.3CVE-2019-7335
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.2019-02-044.3CVE-2019-7336
MISC
zoneminder -- zoneminderSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.2019-02-044.3CVE-2019-7338
MISC
zoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7339
MISC
zoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7340
MISC
zoneminder -- zoneminderReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7341
MISC
zoneminder -- zoneminderPOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7342
MISC
zoneminder -- zoneminderReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7343
MISC
zoneminder -- zoneminderReflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.2019-02-044.3CVE-2019-7344
MISC
zoneminder -- zoneminderA CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.2019-02-046.8CVE-2019-7346
MISC
zoneminder -- zoneminderA Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).2019-02-046.0CVE-2019-7347
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7348
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.2019-02-044.3CVE-2019-7349
MISC
zoneminder -- zoneminderSession fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.2019-02-044.9CVE-2019-7350
MISC
zoneminder -- zoneminderLog Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.2019-02-044.3CVE-2019-7351
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.2019-02-044.3CVE-2019-7352
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- sparkWhen using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.2019-02-042.1CVE-2018-11760
BID
MLIST
cisco -- webex_meetingsA vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.2019-02-071.9CVE-2019-1677
BID
CISCO
dbninja -- dbninjaIn DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.2019-02-063.5CVE-2019-7545
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.2019-02-053.5CVE-2019-6591
CONFIRM
gnu -- glibcIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.2019-02-022.1CVE-2019-7309
BID
MISC
MISC
jenkins -- config_file_providerAn cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.2019-02-063.5CVE-2019-1003014
CONFIRM
libpng -- libpngpng_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.2019-02-042.6CVE-2019-7317
MISC
MISC
modx -- modx_revolutionMODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.2019-02-063.5CVE-2018-20758
MISC
mywebsql -- mywebsqlAn issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field.2019-02-063.5CVE-2019-7544
MISC
schneider-electric -- iiot_monitorA Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.2019-02-062.1CVE-2018-7839
CONFIRM
topnew -- siduAn issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.2019-02-063.5CVE-2019-7547
MISC
zoneminder -- zoneminderReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.2019-02-043.5CVE-2019-7337
MISC
zoneminder -- zoneminderSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.2019-02-043.5CVE-2019-7345
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
42gears -- suremdmAn SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.2019-02-04not yet calculatedCVE-2018-15657
MISC
EXPLOIT-DB
42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.2019-02-04not yet calculatedCVE-2018-15655
MISC
42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.2019-02-04not yet calculatedCVE-2018-15659
MISC
42gears -- suremdmAn issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header.2019-02-04not yet calculatedCVE-2018-15656
MISC
42gears -- suremdmAn issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.2019-02-04not yet calculatedCVE-2018-15658
MISC
abbyy -- flexicaptureMultiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.2019-02-09not yet calculatedCVE-2018-13792
CONFIRM
aioxmpp -- aioxmppaioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3.2019-02-04not yet calculatedCVE-2019-1000007
MISC
apache -- gauacamolePrior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.2019-02-07not yet calculatedCVE-2018-1340
BID
MISC
apache -- hadoopIn Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.2019-02-07not yet calculatedCVE-2018-1296
BID
MISC
api_platform -- api_platformAPI Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.2019-02-04not yet calculatedCVE-2019-1000011
MISC
MISC
avaya -- aura_communication_managerA vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.2019-02-01not yet calculatedCVE-2018-15617
BID
CONFIRM
becton,_dickinson_and_company -- facslyricBD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.2019-02-06not yet calculatedCVE-2019-6517
BID
MISC
brancz -- kube-rbac-proxyThe kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.2019-02-05not yet calculatedCVE-2019-3818
BID
CONFIRM
CONFIRM
buildbot -- buildbotwww/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.2019-02-03not yet calculatedCVE-2019-7313
MISC
ca_technologies -- automic_workload_automationInsufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.2019-02-05not yet calculatedCVE-2019-6504
BID
MISC
BUGTRAQ
MISC
MISC
FULLDISC
MISC
canvas -- drawAn exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.2019-02-06not yet calculatedCVE-2018-3980
MISC
chamilo -- chamilo-lmsChamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.2019-02-04not yet calculatedCVE-2019-1000015
MISC
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.2019-02-08not yet calculatedCVE-2019-1673
BID
CISCO
cisco -- meeting_serverA vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.2019-02-08not yet calculatedCVE-2019-1676
BID
CISCO
cisco -- telepresence_conductor_and_expressway_series_and_telepresence_video_communication_server_softwareA vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.2019-02-07not yet calculatedCVE-2019-1679
BID
CISCO
cisco -- telepresence_management_suiteA vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.2019-02-07not yet calculatedCVE-2019-1660
BID
CISCO
cisco -- web_security_applianceA vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.2019-02-08not yet calculatedCVE-2019-1672
BID
CISCO
cisco -- webex_business_suiteA vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.2019-02-07not yet calculatedCVE-2019-1680
BID
CISCO
connectwise -- manageditsyncConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.2019-02-05not yet calculatedCVE-2017-18362
MISC
MISC
MISC
coturn -- coturnAn exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-4056
MISC
DEBIAN
cvsweb -- cvswebFreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.2019-02-04not yet calculatedCVE-2018-1000998
MISC
d-link -- dir-823g_devicesAn issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.2019-02-04not yet calculatedCVE-2019-7390
BID
MISC
debain -- tmpreaperDebian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.2019-02-04not yet calculatedCVE-2019-3461
MISC
MLIST
DEBIAN
dell_emc -- dell_os10Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).2019-02-04not yet calculatedCVE-2018-15778
MISC
dell_emc -- vnx2_operating_environmentVNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.2019-02-07not yet calculatedCVE-2019-3704
BID
FULLDISC
elfutils -- elfutilsIn elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.2019-02-09not yet calculatedCVE-2019-7665
MISC
MISC
elfutils -- elfutilsIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).2019-02-09not yet calculatedCVE-2019-7664
MISC
emsisoft -- emsisoft_anti-malwareEPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\EPP device are not properly protected, leading to unintended impersonation or object creation.2019-02-08not yet calculatedCVE-2019-7651
MISC
MISC
MISC
enphase_energy -- envoyA weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.2019-02-09not yet calculatedCVE-2019-7676
MISC
MISC
MISC
enphase_energy -- envoyA directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7678
MISC
MISC
enphase_energy -- envoyXSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7677
MISC
MISC
extend -- extendA prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16492
MISC
forcepoint -- forcepoint_user_idForcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.2019-02-07not yet calculatedCVE-2019-6139
MISC
genivia -- gsoapGenivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.2019-02-09not yet calculatedCVE-2019-7659
CONFIRM
gitea -- giteaGitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.2019-02-04not yet calculatedCVE-2019-1000002
MISC
gnome -- gdmA vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.2019-02-06not yet calculatedCVE-2019-3825
CONFIRM
gnome -- gnome-shellIt was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.2019-02-06not yet calculatedCVE-2019-3820
CONFIRM
MISC
gsi-openssh-server -- gsi_openssh_serverAn issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.2019-02-08not yet calculatedCVE-2019-7639
MISC
helm -- chartmuseumHelm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1.2019-02-04not yet calculatedCVE-2019-1000009
MISC
helm -- helmAll versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.2019-02-04not yet calculatedCVE-2019-1000008
MISC
hex -- hex_coreHex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.2019-02-04not yet calculatedCVE-2019-1000013
MISC
MISC
hex -- hex_coreHex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.2019-02-04not yet calculatedCVE-2019-1000012
MISC
MISC
hotels_server_project -- hotels_servercontroller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.2019-02-08not yet calculatedCVE-2019-7648
MISC
ibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.2019-02-05not yet calculatedCVE-2017-1177
XF
CONFIRM
ibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.2019-02-05not yet calculatedCVE-2017-1198
XF
CONFIRM
ibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.2019-02-05not yet calculatedCVE-2017-1200
XF
CONFIRM
ibm -- bigfix_complianceIBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.2019-02-05not yet calculatedCVE-2017-1202
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.2019-02-07not yet calculatedCVE-2018-1666
XF
CONFIRM
ibm -- security_identity_managerIBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.2019-02-04not yet calculatedCVE-2018-1970
CONFIRM
XF
ibm -- security_identity_managerIBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.2019-02-04not yet calculatedCVE-2018-1962
CONFIRM
BID
XF
inxedu -- inxeduinxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg.2019-02-09not yet calculatedCVE-2019-7684
MISC
jenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.2019-02-06not yet calculatedCVE-2019-1003018
CONFIRM
jenkins -- jenkinsAn cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.2019-02-06not yet calculatedCVE-2019-1003013
CONFIRM
jenkins -- jenkinsAn improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.2019-02-06not yet calculatedCVE-2019-1003009
CONFIRM
jenkins -- jenkinsA data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.2019-02-06not yet calculatedCVE-2019-1003017
CONFIRM
jenkins -- jenkinsA data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.2019-02-06not yet calculatedCVE-2019-1003012
CONFIRM
jenkins -- jenkinsA sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.2019-02-06not yet calculatedCVE-2019-1003006
CONFIRM
jenkins -- jenkinsAn exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.2019-02-06not yet calculatedCVE-2019-1003021
CONFIRM
jenkins -- jenkinsA server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.2019-02-06not yet calculatedCVE-2019-1003020
CONFIRM
jenkins -- jenkinsA cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.2019-02-06not yet calculatedCVE-2019-1003023
CONFIRM
joomla -- joomlaJoomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.2019-02-04not yet calculatedCVE-2016-1000271
MISC
just-extend -- just-extendA prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.2019-02-01not yet calculatedCVE-2018-16489
MISC
kaseya -- vsa_rmmKaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.2019-02-05not yet calculatedCVE-2018-20753
MISC
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.2019-02-05not yet calculatedCVE-2018-19002
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.2019-02-05not yet calculatedCVE-2018-18992
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution.2019-02-05not yet calculatedCVE-2018-18986
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.2019-02-05not yet calculatedCVE-2018-19029
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.2019-02-01not yet calculatedCVE-2018-18988
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.2019-02-05not yet calculatedCVE-2018-18996
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.2019-02-05not yet calculatedCVE-2018-18998
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.2019-02-05not yet calculatedCVE-2018-19000
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.2019-02-05not yet calculatedCVE-2018-18990
BID
MISC
libcurl -- libcurllibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.2019-02-06not yet calculatedCVE-2018-16890
BID
CONFIRM
MISC
UBUNTU
DEBIAN
libcurl -- libcurllibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.2019-02-06not yet calculatedCVE-2019-3822
BID
CONFIRM
MISC
UBUNTU
DEBIAN
libtiff -- libtiffAn Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.2019-02-09not yet calculatedCVE-2019-7663
MISC
lightsoft -- logmxGUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file.2019-02-04not yet calculatedCVE-2019-7323
MISC
MISC
MISC
linux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.2019-02-01not yet calculatedCVE-2019-7308
MISC
MISC
BID
MISC
MISC
MISC
MISC
lodash -- lodashA prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.2019-02-01not yet calculatedCVE-2018-16487
MISC
m-server -- m-serverPath Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.2019-02-01not yet calculatedCVE-2018-16485
MISC
m-server -- m-serverA XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.2019-02-01not yet calculatedCVE-2018-16484
MISC
mapsvg -- mapsvg_liteMapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later.2019-02-04not yet calculatedCVE-2019-1000003
MISC
MISC
mitsubishi -- multiple_productsMitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.2019-02-05not yet calculatedCVE-2019-6535
BID
MISC
mobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.2019-02-09not yet calculatedCVE-2019-7674
MISC
mobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.2019-02-09not yet calculatedCVE-2019-7675
MISC
mobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.2019-02-09not yet calculatedCVE-2019-7673
MISC
mobotix -- s14_mx-v4.2.1.61_devicesAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.2019-02-09not yet calculatedCVE-2009-5154
MISC
MISC
mpath -- mpathA prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16490
MISC
mpdf -- mpdfmPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.2019-02-04not yet calculatedCVE-2019-1000005
MISC
netapp -- clustered_data_ontapClustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.2019-02-01not yet calculatedCVE-2018-5498
CONFIRM
nginx -- nginx_unitNGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.2019-02-07not yet calculatedCVE-2019-7401
MISC
MISC
MISC
BID
node.extend -- node.extendA prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16491
MISC
pagure -- pagurePagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)2019-02-07not yet calculatedCVE-2019-7628
MISC
MISC
MISC
MISC
MISC
primx -- zed_enterpriseLimited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.2019-02-03not yet calculatedCVE-2019-7312
MISC
public -- publicA XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.2019-02-01not yet calculatedCVE-2018-16480
MISC
MISC
rarlab -- winrarA validation function (in WinRAR code) is being called before extraction of ACE archives. The validation function inspects the filename field for each compressed file in the ACE archive. In case the filename is disallow by the validator function (for example, the filename contains path traversal patterns) The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after the creation of files and folders. It prevent the write operation to the extracted files only.2019-02-05not yet calculatedCVE-2018-20251
BID
MISC
rebar3 -- rebar3Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.2019-02-04not yet calculatedCVE-2019-1000014
MISC
recon-ng -- recon-ngAn issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.2019-02-04not yet calculatedCVE-2018-20752
MISC
MISC
redflib -- redflibThe Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.2019-02-08not yet calculatedCVE-2019-7653
MISC
riot -- riot-osRIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity.2019-02-04not yet calculatedCVE-2019-1000006
MISC
rssh -- rsshrssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.2019-02-04not yet calculatedCVE-2019-1000018
MISC
MLIST
DEBIAN
rssh -- rsshInsufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.2019-02-06not yet calculatedCVE-2019-3464
BID
MLIST
MISC
DEBIAN
rukovoditel -- rukovoditelRukovoditel before 2.4.1 allows XSS.2019-02-05not yet calculatedCVE-2019-7400
CONFIRM
slixmpp -- slixmppslixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.2019-02-04not yet calculatedCVE-2019-1000021
MISC
MISC
symantec -- ghost_solution_suiteSymantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.2019-02-08not yet calculatedCVE-2018-18364
BID
CONFIRM
systrome -- mulitple_cumilon_devicesA local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.2019-02-04not yet calculatedCVE-2019-7387
MISC
MISC
taoensso -- senateTaoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later.2019-02-04not yet calculatedCVE-2019-1000022
MISC
tcpcrypt -- tcpcryptA buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.2019-02-08not yet calculatedCVE-2018-20764
CONFIRM
teampass -- teampassTeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.2019-02-04not yet calculatedCVE-2019-1000001
MISC
trend_micro -- dr_safetyA vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations.2019-02-05not yet calculatedCVE-2018-18334
CONFIRM
trend_micro -- security_2019A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations.2019-02-05not yet calculatedCVE-2018-18333
CONFIRM
MISC
MISC
webassembly -- binaryenAn assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.2019-02-09not yet calculatedCVE-2019-7662
MISC
wibu-systems -- wibukeyAn exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-3991
MISC
wibu-systems -- wibukeyAn exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.2019-02-05not yet calculatedCVE-2018-3989
MISC
win.rar -- winrarBy crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution.2019-02-05not yet calculatedCVE-2018-20250
BID
MISC
wordpress -- wordpressIn the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)2019-02-05not yet calculatedCVE-2019-7413
MISC
wordpress -- wordpressThe PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.2019-02-05not yet calculatedCVE-2019-7412
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.