본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB19-091)] 2019년 3월 25일까지 발표된 보안 취약점

by manga0713 2019. 4. 2.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB19-091)] 2019년 3월 25일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abus -- secvest_wireless_alarm_system_fuaa50000_firmware Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. 2019-03-27 10.0 CVE-2019-9863
MISC
apache -- mesos A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host. 2019-03-25 9.3 CVE-2019-0204
BID
MLIST
atlassian -- confluence The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. 2019-03-25 7.5 CVE-2019-3395
MISC
atlassian -- confluence The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. 2019-03-25 10.0 CVE-2019-3396
MISC
bluecms_project -- bluecms A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. 2019-03-28 7.5 CVE-2019-10262
MISC
dlink -- dir-816_firmware The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. 2019-03-25 10.0 CVE-2019-10040
MISC
dlink -- dir-816_firmware The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. 2019-03-25 7.8 CVE-2019-10042
MISC
dovecot -- dovecot In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. 2019-03-28 7.2 CVE-2019-7524
MLIST
MISC
MISC
MLIST
BUGTRAQ
DEBIAN
flatpak -- flatpak Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI. 2019-03-26 7.5 CVE-2019-10063
MISC
fortinet -- fortiportal A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button 2019-03-25 7.5 CVE-2017-7342
CONFIRM
ghs -- integrity_rtos An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information). 2019-03-25 7.5 CVE-2019-7713
MISC
MISC
ghs -- integrity_rtos An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow. 2019-03-25 7.5 CVE-2019-7714
MISC
MISC
github -- github The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects. 2019-03-28 7.5 CVE-2017-18365
MISC
MISC
hospira -- mednet Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1. 2019-03-26 10.0 CVE-2014-5401
MISC
hp -- arcsight_logger Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. 2019-03-25 7.5 CVE-2019-3479
MISC
hp -- arcsight_logger Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. 2019-03-25 7.5 CVE-2019-3481
MISC
hp -- arcsight_logger Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. 2019-03-25 7.2 CVE-2019-3484
MISC
linux -- linux_kernel An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG). 2019-03-27 7.8 CVE-2019-10124
MISC
BID
MISC
MISC
linux -- linux_kernel An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. 2019-03-27 10.0 CVE-2019-10125
MISC
microfocus -- data_protector Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. 2019-03-25 7.5 CVE-2019-3476
MISC
moodle -- moodle A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. 2019-03-25 7.5 CVE-2019-3809
CONFIRM
CONFIRM
CONFIRM
ovirt -- vdsm A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. 2019-03-25 9.0 CVE-2019-3831
CONFIRM
pfizer -- symbiq_infusion_system_firmware Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. 2019-03-23 9.0 CVE-2015-3965
MISC
redhat -- ansible Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. 2019-03-27 7.5 CVE-2019-3828
CONFIRM
MISC
softnas -- cloud SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. 2019-03-23 10.0 CVE-2019-9945
MISC
teclib-edition -- gestionnaire_libre_de_parc_informatique Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. 2019-03-27 7.5 CVE-2019-10232
MISC
tianocore -- edk_ii Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. 2019-03-27 7.5 CVE-2019-0160
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
amazon_affiliate_store_project -- amazon_affiliate_store PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. 2019-03-28 4.0 CVE-2019-9864
MISC
baigo -- baigo_sso baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. 2019-03-24 6.5 CVE-2019-10015
MISC
cmsmadesimple -- cms_made_simple CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. 2019-03-24 4.3 CVE-2019-10017
MISC
MISC
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. 2019-03-26 6.8 CVE-2019-9053
MISC
CONFIRM
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. 2019-03-26 6.5 CVE-2019-9055
MISC
CONFIRM
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. 2019-03-26 6.5 CVE-2019-9057
MISC
CONFIRM
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. 2019-03-26 6.5 CVE-2019-9058
MISC
CONFIRM
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. 2019-03-26 6.5 CVE-2019-9059
MISC
CONFIRM
cmsmadesimple -- cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. 2019-03-26 6.5 CVE-2019-9061
MISC
CONFIRM
coreftp -- core_ftp An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. 2019-03-22 5.0 CVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DB
coreftp -- core_ftp An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. 2019-03-22 5.0 CVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DB
dedecms -- dedecms In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. 2019-03-24 4.0 CVE-2019-10014
MISC
dlink -- dir-816_firmware The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. 2019-03-25 5.0 CVE-2019-10039
MISC
dlink -- dir-816_firmware The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. 2019-03-25 5.0 CVE-2019-10041
MISC
dovecot -- dovecot It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. 2019-03-27 4.9 CVE-2019-3814
CONFIRM
MISC
eclipse -- jetty In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. 2019-03-27 5.0 CVE-2018-12545
CONFIRM
eclipse -- mosquitto In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. 2019-03-27 5.0 CVE-2017-7655
CONFIRM
eclipse -- mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. 2019-03-27 4.0 CVE-2018-12546
CONFIRM
eclipse -- mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. 2019-03-27 6.8 CVE-2018-12550
CONFIRM
eclipse -- mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. 2019-03-27 6.8 CVE-2018-12551
CONFIRM
elastic -- elasticsearch A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. 2019-03-25 6.8 CVE-2019-7611
MISC
MISC
faststone -- image_viewer FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. 2019-03-26 4.3 CVE-2018-15813
MISC
faststone -- image_viewer FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. 2019-03-26 4.3 CVE-2018-15814
MISC
faststone -- image_viewer FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. 2019-03-26 4.3 CVE-2018-15815
MISC
faststone -- image_viewer FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. 2019-03-26 4.3 CVE-2018-15816
MISC
faststone -- image_viewer FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. 2019-03-26 4.3 CVE-2018-15817
MISC
fedoraproject -- fedora A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. 2019-03-27 4.3 CVE-2019-3877
CONFIRM
CONFIRM
CONFIRM
UBUNTU
fedoraproject -- fedora A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. 2019-03-26 6.8 CVE-2019-3878
CONFIRM
CONFIRM
UBUNTU
fortinet -- fortiportal A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. 2019-03-25 4.3 CVE-2017-7340
CONFIRM
gforge -- advanced_server GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. 2019-03-24 4.3 CVE-2019-10016
MISC
ghs -- integrity_rtos An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses. 2019-03-25 5.0 CVE-2019-7711
MISC
MISC
ghs -- integrity_rtos An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses. 2019-03-25 5.0 CVE-2019-7712
MISC
MISC
ghs -- integrity_rtos An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses. 2019-03-25 5.0 CVE-2019-7715
MISC
MISC
gitlab -- gitlab GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. 2019-03-26 5.0 CVE-2018-19856
MISC
MISC
gitlab -- gitlab GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. 2019-03-28 5.0 CVE-2018-20144
MISC
MISC
MISC
gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. 2019-03-25 5.0 CVE-2019-6240
MISC
MISC
gnu -- gnutls A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. 2019-03-27 5.0 CVE-2019-3829
CONFIRM
CONFIRM
FEDORA
FEDORA
MISC
gnu -- tar pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. 2019-03-22 5.0 CVE-2019-9923
MISC
MISC
MISC
harmistechnology -- je_messenger An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. 2019-03-29 6.4 CVE-2019-9918
MISC
MISC
hashicorp -- consul HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. 2019-03-26 5.8 CVE-2019-9764
MISC
hp -- arcsight_logger Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. 2019-03-25 4.3 CVE-2019-3480
MISC
hp -- arcsight_logger Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. 2019-03-25 6.8 CVE-2019-3482
MISC
hp -- arcsight_logger Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. 2019-03-25 6.8 CVE-2019-3483
MISC
hp -- isaac_mizrahi_smartwatch A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. 2019-03-27 5.0 CVE-2017-2748
CONFIRM
hp -- remote_graphics_software A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier. 2019-03-27 6.4 CVE-2018-5926
CONFIRM
hp -- support_assistant HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. 2019-03-27 4.1 CVE-2018-5927
CONFIRM
ibm -- api_connect IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. 2019-03-22 5.0 CVE-2019-4052
CONFIRM
BID
XF
ibm -- content_navigator IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. 2019-03-22 6.4 CVE-2019-4035
CONFIRM
BID
XF
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. 2019-03-25 5.0 CVE-2019-4046
BID
XF
CONFIRM
imagemagick -- imagemagick In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. 2019-03-23 6.8 CVE-2019-9956
BID
MISC
jenzabar -- internet_campus_solution Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICS\ICS.NET\ICSFileServer/moxiemanager directory. 2019-03-25 6.0 CVE-2019-10012
MISC
MISC
laravel -- framework Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. 2019-03-28 6.5 CVE-2018-6330
MISC
MISC
librenms -- librenms LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. 2019-03-28 6.5 CVE-2018-20678
MISC
MISC
libreoffice -- libreoffice It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. 2019-03-25 6.8 CVE-2018-16858
CONFIRM
MISC
libssh2 -- libssh2 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. 2019-03-25 6.8 CVE-2019-3856
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
libssh2 -- libssh2 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. 2019-03-25 6.8 CVE-2019-3857
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
libssh2 -- libssh2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. 2019-03-25 6.4 CVE-2019-3860
SUSE
CONFIRM
MLIST
CONFIRM
MISC
libssh2 -- libssh2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. 2019-03-25 6.4 CVE-2019-3861
SUSE
CONFIRM
MLIST
CONFIRM
MISC
libssh2 -- libssh2 A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. 2019-03-25 6.8 CVE-2019-3863
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
misp -- misp In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. 2019-03-28 4.3 CVE-2019-10254
MISC
MISC
moodle -- moodle A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. 2019-03-25 4.0 CVE-2019-3808
CONFIRM
CONFIRM
CONFIRM
moodle -- moodle A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted. 2019-03-25 5.0 CVE-2019-3810
CONFIRM
CONFIRM
CONFIRM
moodle -- moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. 2019-03-27 6.5 CVE-2019-3847
CONFIRM
MISC
moodle -- moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. 2019-03-26 5.8 CVE-2019-3850
CONFIRM
MISC
moodle -- moodle A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. 2019-03-26 4.0 CVE-2019-3851
CONFIRM
MISC
moodle -- moodle A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities 2019-03-26 4.0 CVE-2019-3852
CONFIRM
MISC
myadrenalin -- adrenalin A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. 2019-03-25 4.3 CVE-2018-12652
MISC
myadrenalin -- adrenalin A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter. 2019-03-25 4.3 CVE-2018-12653
MISC
nagios -- nagios_xi Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. 2019-03-28 6.5 CVE-2019-9164
CONFIRM
CONFIRM
omron -- poweract_pro_master_agent PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. 2019-03-27 4.0 CVE-2018-16207
MISC
MISC
MISC
opentext -- opentext_portal Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. 2019-03-22 4.3 CVE-2018-20165
MISC
ovirt -- ovirt In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. 2019-03-25 4.0 CVE-2017-7510
CONFIRM
ovirt -- ovirt It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests. 2019-03-25 5.5 CVE-2019-3879
BID
CONFIRM
portainer -- portainer A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. 2019-03-27 5.0 CVE-2018-19466
MISC
MISC
MISC
python -- python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740. 2019-03-23 4.3 CVE-2019-9947
MISC
python -- python urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. 2019-03-23 6.4 CVE-2019-9948
BID
MISC
MISC
redhat -- ansible_tower When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges. 2019-03-28 4.0 CVE-2019-3869
CONFIRM
MISC
s-cms -- s-cms S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. 2019-03-27 6.8 CVE-2019-10237
MISC
select2 -- select2 In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data. 2019-03-27 4.3 CVE-2016-10744
MISC
MISC
MISC
sitemagic -- sitemagic Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. 2019-03-27 4.3 CVE-2019-10238
MISC
sqlite -- sqlite In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. 2019-03-22 5.0 CVE-2019-9936
BID
MISC
MISC
MISC
sqlite -- sqlite In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. 2019-03-22 5.0 CVE-2019-9937
BID
MISC
MISC
MISC
symfony -- twig A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. 2019-03-23 4.3 CVE-2019-9942
MISC
BUGTRAQ
MISC
DEBIAN
tianocore -- edk_ii Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. 2019-03-27 6.4 CVE-2018-12178
SUSE
CONFIRM
tianocore -- edk_ii Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. 2019-03-27 4.6 CVE-2018-12183
CONFIRM
tianocore -- edk_ii Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. 2019-03-27 4.6 CVE-2018-3613
CONFIRM
totaljs -- total.js_cms Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format). 2019-03-28 4.3 CVE-2019-10260
MISC
MISC
shareit -- shareit The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. 2019-03-22 5.8 CVE-2019-9939
MISC
verifone -- verix_multi-app_conductor The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability. 2019-03-25 6.8 CVE-2019-10060
MISC
w1.fi -- hostapd hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. 2019-03-23 5.0 CVE-2016-10743
MLIST
MISC
weban -- an Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2019-03-27 5.0 CVE-2019-5927
MISC
MISC
xnview -- xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. 2019-03-23 6.8 CVE-2019-9966
MISC
xnview -- xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. 2019-03-23 6.8 CVE-2019-9967
MISC
xnview -- xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. 2019-03-23 6.8 CVE-2019-9968
MISC
xnview -- xnview_classic XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. 2019-03-23 6.8 CVE-2019-9969
MISC
xnview -- xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. 2019-03-23 6.8 CVE-2019-9962
MISC
xnview -- xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. 2019-03-23 6.8 CVE-2019-9963
MISC
xnview -- xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. 2019-03-23 6.8 CVE-2019-9964
MISC
xnview -- xnview_mp XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. 2019-03-23 6.8 CVE-2019-9965
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. 2019-03-24 4.3 CVE-2019-10018
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. 2019-03-24 4.3 CVE-2019-10019
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. 2019-03-24 4.3 CVE-2019-10020
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. 2019-03-24 4.3 CVE-2019-10021
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. 2019-03-24 4.3 CVE-2019-10022
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. 2019-03-24 4.3 CVE-2019-10023
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. 2019-03-24 4.3 CVE-2019-10024
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. 2019-03-24 4.3 CVE-2019-10025
MISC
xpdfreader -- xpdf An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. 2019-03-24 4.3 CVE-2019-10026
MISC
znc -- znc ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. 2019-03-27 4.0 CVE-2019-9917
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abus -- secvest_wireless_alarm_system_fuaa50000_firmware An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). 2019-03-27 3.3 CVE-2019-9862
MISC
centos-webpanel -- centos_web_panel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. 2019-03-26 3.5 CVE-2019-7646
MISC
MISC
EXPLOIT-DB
cmsmadesimple -- cms_made_simple CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. 2019-03-26 3.5 CVE-2019-10105
MISC
cmsmadesimple -- cms_made_simple CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. 2019-03-26 3.5 CVE-2019-10106
MISC
cmsmadesimple -- cms_made_simple CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. 2019-03-26 3.5 CVE-2019-10107
MISC
drupal -- drupal In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. 2019-03-26 3.5 CVE-2019-6341
CONFIRM
gnome -- gvfs An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. 2019-03-25 3.3 CVE-2019-3827
CONFIRM
CONFIRM
online_lottery_php_readymade_script_project -- online_lottery_php_readymade_script PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. 2019-03-29 3.5 CVE-2019-9605
MISC
paloaltonetworks -- expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. 2019-03-26 3.5 CVE-2019-1569
BID
MISC
MISC
paloaltonetworks -- expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. 2019-03-26 3.5 CVE-2019-1570
BID
CONFIRM
MISC
paloaltonetworks -- expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. 2019-03-26 3.5 CVE-2019-1571
BID
CONFIRM
MISC
phpcms -- phpcms PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. 2019-03-24 3.5 CVE-2019-10027
MISC
MISC
redhat -- libvirt A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. 2019-03-27 3.5 CVE-2019-3840
CONFIRM
CONFIRM
CONFIRM
tianocore -- edk_ii Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. 2019-03-27 2.1 CVE-2019-0161
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abine_blur -- abine_blur
 
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. 2019-03-29 not yet calculated CVE-2019-6481
MISC
FULLDISC
MISC
MISC
abus -- secvest_remote_control Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. 2019-03-27 not yet calculated CVE-2019-9860
MISC
adtran -- netconf_pmaa_access_management An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. 2019-03-27 not yet calculated CVE-2018-19648
CONFIRM
apache -- activemq In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. 2019-03-28 not yet calculated CVE-2019-0222
CONFIRM
MLIST
BID
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- hbase_rest_server In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. 2019-03-28 not yet calculated CVE-2019-0212
MLIST
BID
CONFIRM
apache -- jspwiki A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details. 2019-03-28 not yet calculated CVE-2019-0225
MLIST
BID
CONFIRM
MLIST
MLIST
MLIST
MLIST
apache -- jspwiki In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser. 2019-03-28 not yet calculated CVE-2019-0224
BID
CONFIRM
MLIST
MLIST
apache -- kibana Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. 2019-03-25 not yet calculated CVE-2019-7608
MISC
MISC
apache -- kibana Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. 2019-03-25 not yet calculated CVE-2019-7609
MISC
MISC
apache -- kibana Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. 2019-03-25 not yet calculated CVE-2019-7610
MISC
MISC
atlassian -- crowd The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection. 2019-03-29 not yet calculated CVE-2017-18108
MISC
atlassian -- crowd The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability. 2019-03-29 not yet calculated CVE-2017-18105
MISC
atlassian -- crowd The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability. 2019-03-29 not yet calculated CVE-2017-18110
MISC
atlassian -- crowd The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. 2019-03-29 not yet calculated CVE-2017-18109
MISC
atlassian -- crowd The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash. 2019-03-29 not yet calculated CVE-2017-18106
MISC
atlassian_application_links The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. 2019-03-29 not yet calculated CVE-2017-18111
MISC
axtls -- axtls
 
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. 2019-03-25 not yet calculated CVE-2019-8981
MISC
MISC
MISC
bash -- bash
 
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. 2019-03-22 not yet calculated CVE-2019-9924
MISC
MISC
MLIST
baxter -- sigma_spectrum_infusion_system Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. 2019-03-26 not yet calculated CVE-2014-5434
MISC
baxter -- sigma_spectrum_infusion_system An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. 2019-03-26 not yet calculated CVE-2014-5433
MISC
baxter -- sigma_spectrum_infusion_system Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. 2019-03-26 not yet calculated CVE-2014-5432
MISC
baxter -- sigma_spectrum_infusion_system Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. 2019-03-26 not yet calculated CVE-2014-5431
MISC
burrows-wheeler_aligner -- burrows-wheeler_aligner
 
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. 2019-03-29 not yet calculated CVE-2019-10269
MISC
cisco -- aggregation_services_router_900_route_switch_processor_3 A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition. 2019-03-27 not yet calculated CVE-2019-1749
BID
CISCO
cisco -- catalyst_4500_series_switches A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-03-27 not yet calculated CVE-2019-1750
BID
CISCO
cisco -- catalyst_6500_series_switches A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network. 2019-03-27 not yet calculated CVE-2019-1758
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. 2019-03-27 not yet calculated CVE-2019-1757
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically. 2019-03-27 not yet calculated CVE-2019-1746
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-03-27 not yet calculated CVE-2019-1739
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-03-27 not yet calculated CVE-2019-1738
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. 2019-03-27 not yet calculated CVE-2019-1745
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. 2019-03-27 not yet calculated CVE-2019-1752
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions. 2019-03-27 not yet calculated CVE-2019-1747
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software. 2019-03-27 not yet calculated CVE-2019-1748
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. 2019-03-27 not yet calculated CVE-2019-1737
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. 2019-03-27 not yet calculated CVE-2019-1762
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. 2019-03-27 not yet calculated CVE-2019-1761
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-03-27 not yet calculated CVE-2019-1740
BID
CISCO
cisco -- ios_software A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition. 2019-03-27 not yet calculated CVE-2019-1751
BID
CISCO
cisco -- ios_xe_software A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. 2019-03-27 not yet calculated CVE-2019-1741
BID
CISCO
cisco -- ios_xe_software A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. 2019-03-27 not yet calculated CVE-2019-1754
BID
CISCO
cisco -- ios_xe_software A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. 2019-03-27 not yet calculated CVE-2019-1760
BID
CISCO
cisco -- ios_xe_software A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface. 2019-03-27 not yet calculated CVE-2019-1759
CISCO
cisco -- ios_xe_software A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. 2019-03-27 not yet calculated CVE-2019-1742
BID
CISCO
cisco -- ios_xe_software A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device. 2019-03-27 not yet calculated CVE-2019-1755
BID
CISCO
cisco -- ios_xe_software A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. 2019-03-27 not yet calculated CVE-2019-1756
BID
CISCO
cisco -- ios_xe_software A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. 2019-03-27 not yet calculated CVE-2019-1743
BID
CISCO
cisco -- ios_xe_software A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. 2019-03-27 not yet calculated CVE-2019-1753
BID
CISCO
civetweb -- civetweb
 
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. 2019-03-27 not yet calculated CVE-2019-3821
CONFIRM
MISC
cockpit-project -- cockpit It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. 2019-03-26 not yet calculated CVE-2019-3804
CONFIRM
CONFIRM
CONFIRM
commonmark -- commonmark
 
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. 2019-03-24 not yet calculated CVE-2019-10010
MISC
MISC
d-link -- routers
 
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). 2019-03-25 not yet calculated CVE-2019-7642
MISC
dell -- networking_os10 Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system. 2019-03-28 not yet calculated CVE-2019-3710
MISC
digium -- asterisk An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. 2019-03-28 not yet calculated CVE-2019-7251
CONFIRM
CONFIRM
elastic -- logstach A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. 2019-03-25 not yet calculated CVE-2019-7612
MISC
MISC
elastic -- winlogbeat
 
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event. 2019-03-25 not yet calculated CVE-2019-7613
MISC
MISC
electric_coin_company -- zcash Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. 2019-03-26 not yet calculated CVE-2019-7167
MISC
MISC
enttec -- datagate_mk2_and_storm_24_and_pixelator ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. 2019-03-28 not yet calculated CVE-2019-6542
MISC
extensible_firmware_interface -- development_kit Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. 2019-03-27 not yet calculated CVE-2018-12182
CONFIRM
extensible_firmware_interface -- development_kit Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. 2019-03-27 not yet calculated CVE-2018-12181
CONFIRM
extensible_firmware_interface -- development_kit Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. 2019-03-27 not yet calculated CVE-2018-12180
SUSE
CONFIRM
extensible_firmware_interface -- development_kit
 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. 2019-03-27 not yet calculated CVE-2018-12179
CONFIRM
f5 -- multiple_big-ip_products In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. 2019-03-28 not yet calculated CVE-2019-6602
BID
MISC
f5 -- multiple_big-ip_products On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service. 2019-03-28 not yet calculated CVE-2019-6605
BID
MISC
f5 -- multiple_big-ip_products On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory. 2019-03-28 not yet calculated CVE-2019-6606
BID
MISC
f5 -- multiple_big-ip_products On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. 2019-03-28 not yet calculated CVE-2019-6607
BID
MISC
f5 -- multiple_products On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests. 2019-03-28 not yet calculated CVE-2019-6608
MISC
f5 -- multiple_products In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. 2019-03-28 not yet calculated CVE-2019-6603
BID
MISC
f5 -- multiple_products On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge. 2019-03-28 not yet calculated CVE-2019-6604
MISC
flatcore -- flatcore-cms
 
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature. 2019-03-30 not yet calculated CVE-2019-10652
MISC
forcepoint -- email_security A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. 2019-03-28 not yet calculated CVE-2018-16529
MISC
CONFIRM
gnuboard5 -- gnuboard5 Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. 2019-03-25 not yet calculated CVE-2018-15583
CONFIRM
CONFIRM
gnuboard5 -- gnuboard5 Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. 2019-03-27 not yet calculated CVE-2018-15585
MISC
MISC
MISC
grandstream -- gwn7000_and_gwn7610_devices Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. 2019-03-30 not yet calculated CVE-2019-10657
MISC
grandstream -- gwn7000_devices Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. 2019-03-30 not yet calculated CVE-2019-10656
MISC
grandstream -- gwn7610_devices Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. 2019-03-30 not yet calculated CVE-2019-10658
MISC
grandstream -- gxv3370_and_wp80_devices Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. 2019-03-30 not yet calculated CVE-2019-10659
MISC
grandstream -- gxv3611ir_hd_devices Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. 2019-03-30 not yet calculated CVE-2019-10660
MISC
grandstream -- gxv3611ir_hd_devices On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. 2019-03-30 not yet calculated CVE-2019-10661
MISC
grandstream -- multiple_devices
 
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. 2019-03-30 not yet calculated CVE-2019-10655
MISC
MISC
grandstream -- ucm6204_devices Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. 2019-03-30 not yet calculated CVE-2019-10662
MISC
grandstream -- ucm6204_devices Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. 2019-03-30 not yet calculated CVE-2019-10663
MISC
honeywell -- experion_pks Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. 2019-03-25 not yet calculated CVE-2014-9187
MISC
honeywell -- experion_pks Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. 2019-03-25 not yet calculated CVE-2014-9189
MISC
hospira -- lifecare_pca_infusion_system Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. 2019-03-25 not yet calculated CVE-2015-1012
MISC
hospira -- plum_and_symbiq_infusion_systems Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. 2019-03-25 not yet calculated CVE-2015-3952
MISC
hospira -- plum_and_symbiq_infusion_systems Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. 2019-03-25 not yet calculated CVE-2015-3953
MISC
hospira -- plum_and_symbiq_infusion_systems Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. 2019-03-25 not yet calculated CVE-2015-3954
MISC
hospira -- plum_and_symbiq_infusion_systems Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. 2019-03-25 not yet calculated CVE-2015-3956
MISC
hp_development_company -- multiple_printers
 
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. 2019-03-27 not yet calculated CVE-2018-5923
CONFIRM
hp_development_company -- tommy_hilfiger_th24/7_android_app A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. 2019-03-27 not yet calculated CVE-2017-2752
CONFIRM
hybbs -- hybbs
 
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. 2019-03-29 not yet calculated CVE-2019-10644
MISC
imagemagick -- imagemagick In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. 2019-03-30 not yet calculated CVE-2019-10650
BID
MISC
imagemagick -- imagemagick In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. 2019-03-30 not yet calculated CVE-2019-10649
BID
MISC
jboss -- management_console A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. 2019-03-27 not yet calculated CVE-2018-10934
CONFIRM
jenkins -- jenkins A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. 2019-03-28 not yet calculated CVE-2019-1003048
MLIST
BID
MISC
jenkins -- jenkins A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. 2019-03-28 not yet calculated CVE-2019-1003047
MLIST
BID
MISC
jenkins -- jenkins A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. 2019-03-28 not yet calculated CVE-2019-1003046
MLIST
BID
MISC
jenkins -- jenkins A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. 2019-03-28 not yet calculated CVE-2019-1003045
MLIST
BID
MISC
jenkins -- jenkins A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-03-28 not yet calculated CVE-2019-1003044
MLIST
BID
MISC
jenkins -- jenkins A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-03-28 not yet calculated CVE-2019-1003043
MLIST
BID
MISC
jenkins -- jenkins A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. 2019-03-28 not yet calculated CVE-2019-1003042
MLIST
BID
MISC
jenkins -- jenkins A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. 2019-03-28 not yet calculated CVE-2019-1003041
MLIST
BID
MISC
jenkins -- jenkins
 
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. 2019-03-28 not yet calculated CVE-2019-1003040
MLIST
BID
MISC
jenzabar -- internet_campus_solution ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. 2019-03-25 not yet calculated CVE-2019-10011
MISC
joomla! -- joomla! An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. 2019-03-29 not yet calculated CVE-2019-9921
MISC
MISC
joomla! -- joomla! An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. 2019-03-29 not yet calculated CVE-2019-9922
MISC
MISC
joomla! -- joomla! An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. 2019-03-29 not yet calculated CVE-2019-9920
MISC
MISC
joomla! -- joomla!
 
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. 2019-03-29 not yet calculated CVE-2019-9919
MISC
MISC
kentico -- kentico
 
An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted. 2019-03-26 not yet calculated CVE-2019-10068
MISC
kinagacms -- kinagacms
 
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-03-27 not yet calculated CVE-2019-5926
MISC
MISC
MISC
kubevirt -- virt-cdi-importer Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content. 2019-03-25 not yet calculated CVE-2019-3841
CONFIRM
MISC
lcds -- laquis_scada Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. 2019-03-27 not yet calculated CVE-2019-6536
MISC
lcds -- laquis_scada
 
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. 2019-03-27 not yet calculated CVE-2018-18994
MISC
linux -- linux_kernel The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. 2019-03-25 not yet calculated CVE-2019-3874
CONFIRM
lrzip -- lrzip
 
The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845. 2019-03-30 not yet calculated CVE-2019-10654
MISC
marel -- food_processing_systems Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. 2019-03-27 not yet calculated CVE-2017-9626
MISC
mcafee -- network_security_manager Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. 2019-03-26 not yet calculated CVE-2019-3597
BID
CONFIRM
mcafee -- network_security_manager Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. 2019-03-26 not yet calculated CVE-2019-3606
BID
CONFIRM
medtronic -- multiple_devices The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product?s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. 2019-03-25 not yet calculated CVE-2019-6538
BID
CONFIRM
medtronic -- multiple_devices The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. 2019-03-26 not yet calculated CVE-2019-6540
BID
MISC
micro_focus -- solutions_business_manager Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. 2019-03-27 not yet calculated CVE-2018-19644
CONFIRM
micro_focus -- solutions_business_manager Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. 2019-03-27 not yet calculated CVE-2018-19641
CONFIRM
micro_focus -- solutions_business_manager Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. 2019-03-27 not yet calculated CVE-2018-19643
CONFIRM
micro_focus -- solutions_business_manager Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. 2019-03-27 not yet calculated CVE-2018-19642
CONFIRM
moodle -- moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. 2019-03-26 not yet calculated CVE-2019-3849
CONFIRM
MISC
moodle -- moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.) 2019-03-26 not yet calculated CVE-2019-3848
CONFIRM
MISC
mybb -- mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. 2019-03-29 not yet calculated CVE-2018-19201
MISC
node-opencv -- node-opencv
 
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. 2019-03-25 not yet calculated CVE-2019-10061
MISC
MISC
MISC
node.js -- node.js Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default. 2019-03-28 not yet calculated CVE-2019-5739
SUSE
MISC
node.js -- node.js
 
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11. 2019-03-28 not yet calculated CVE-2019-5737
SUSE
MISC
nvidia -- geforce_experience NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. 2019-03-28 not yet calculated CVE-2019-5674
BID
CONFIRM
opensynergy -- blue_sdk The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. 2019-03-29 not yet calculated CVE-2018-20378
MISC
CONFIRM
opto_22 -- multiple_products A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible. 2019-03-25 not yet calculated CVE-2015-1007
MISC
phoenix_contact -- multiple_products An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. 2019-03-26 not yet calculated CVE-2019-9743
BID
MISC
phoenix_contact -- multiple_products An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. 2019-03-26 not yet calculated CVE-2019-9744
MISC
phpfk -- phpfk
 
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. 2019-03-27 not yet calculated CVE-2017-18364
MISC
phpscriptsmall.com -- online_lottery_php_readymade_script PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. 2019-03-29 not yet calculated CVE-2019-9604
MISC
project_jupyter -- jupyter_notebook_and_jupyterhub
 
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. 2019-03-28 not yet calculated CVE-2019-10255
MISC
MISC
MISC
MISC
MISC
prometheus -- prometheus
 
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. 2019-03-26 not yet calculated CVE-2019-3826
CONFIRM
CONFIRM
CONFIRM
provisio -- sitekiosk An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. 2019-03-29 not yet calculated CVE-2018-18766
CONFIRM
red_hat -- ansible_tower It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. 2019-03-25 not yet calculated CVE-2019-3838
REDHAT
MISC
CONFIRM
FEDORA
FEDORA
red_hat -- ansible_tower It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. 2019-03-25 not yet calculated CVE-2019-3835
REDHAT
MISC
CONFIRM
FEDORA
FEDORA
red_hat -- openstack_platform_director In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. 2019-03-26 not yet calculated CVE-2018-16856
CONFIRM
robocode -- robocode
 
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. 2019-03-30 not yet calculated CVE-2019-10648
MISC
MISC
rockwell_automation -- ethernet/ip_web_server_modules Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. 2019-03-27 not yet calculated CVE-2018-19016
MISC
rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 2019-03-26 not yet calculated CVE-2013-2807
MISC
rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 2019-03-26 not yet calculated CVE-2013-2806
MISC
rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 2019-03-26 not yet calculated CVE-2013-2805
MISC
rockwell_automation -- plc-5_and_slc_5/0x_controllers The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. 2019-03-26 not yet calculated CVE-2010-5305
MISC
rpm-software-management -- libcomps
 
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. 2019-03-27 not yet calculated CVE-2019-3817
CONFIRM
CONFIRM
CONFIRM
rubyonrails -- rails A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. 2019-03-27 not yet calculated CVE-2019-5420
CONFIRM
CONFIRM
rubyonrails -- rails There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. 2019-03-27 not yet calculated CVE-2019-5419
MLIST
CONFIRM
MLIST
CONFIRM
rubyonrails -- rails
 
There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 2019-03-27 not yet calculated CVE-2019-5418
MISC
MLIST
CONFIRM
MLIST
CONFIRM
EXPLOIT-DB
schneider_electric -- opc_factory_server A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. 2019-03-25 not yet calculated CVE-2015-1014
MISC
shareit -- shareit The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." 2019-03-22 not yet calculated CVE-2019-9938
MISC
siemens -- scalance A vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions <V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availablity of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-03-26 not yet calculated CVE-2019-6569
BID
MISC
signal -- private_messenger_and_desktop Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. 2019-03-23 not yet calculated CVE-2019-9970
BID
MISC
snipe-it -- snipe-it
 
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. 2019-03-27 not yet calculated CVE-2019-10118
MISC
symantec_norton -- core Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device. 2019-03-29 not yet calculated CVE-2019-9695
BID
CONFIRM
system_security_services_daemon -- system_security_services_daemon
 
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. 2019-03-25 not yet calculated CVE-2018-16838
CONFIRM
teclib_group -- glpi Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. 2019-03-27 not yet calculated CVE-2019-10233
MISC
MISC
teclib_group -- glpi Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). 2019-03-27 not yet calculated CVE-2019-10231
MISC
MISC
teclib_group -- glpi The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. 2019-03-29 not yet calculated CVE-2019-10477
MISC
MISC
MISC
MISC
MISC
telegram -- telegram Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. 2019-03-25 not yet calculated CVE-2019-10044
BID
MISC
telemetry -- ceilometer A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. 2019-03-26 not yet calculated CVE-2019-3830
CONFIRM
teltonika -- rtu9xx_devices An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. 2019-03-28 not yet calculated CVE-2018-19879
MISC
MISC
tenable -- nagios_xi SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. 2019-03-28 not yet calculated CVE-2019-9204
CONFIRM
tenable -- nagios_xi Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. 2019-03-28 not yet calculated CVE-2019-9203
CONFIRM
tenable -- nagios_xi Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. 2019-03-28 not yet calculated CVE-2019-9202
CONFIRM
tenable -- nagios_xi Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. 2019-03-28 not yet calculated CVE-2019-9166
CONFIRM
CONFIRM
tenable -- nagios_xi Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. 2019-03-28 not yet calculated CVE-2019-9167
CONFIRM
CONFIRM
tenable -- nagios_xi SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. 2019-03-28 not yet calculated CVE-2019-9165
CONFIRM
CONFIRM
tesla -- model_3_vehicles The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants. 2019-03-24 not yet calculated CVE-2019-9977
BID
MISC
MISC
tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. 2019-03-26 not yet calculated CVE-2019-8989
BID
MISC
MISC
tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. 2019-03-26 not yet calculated CVE-2019-8988
BID
MISC
MISC
tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. 2019-03-26 not yet calculated CVE-2019-8987
BID
MISC
MISC
tp-link -- tl-wr840n_devices TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. 2019-03-29 not yet calculated CVE-2018-15840
MISC
ucweb -- uc_browser UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. 2019-03-28 not yet calculated CVE-2019-10250
MISC
ucweb -- uc_browser The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. 2019-03-28 not yet calculated CVE-2019-10251
MISC
MISC
wecon_technology -- pi_studio WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. 2019-03-27 not yet calculated CVE-2018-14814
MISC
western_bridge_cobub_razor -- western_bridge_cobub_razor
 
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. 2019-03-29 not yet calculated CVE-2019-10276
MISC
MISC
wikindx -- wikindx
 
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2019-03-26 not yet calculated CVE-2019-9961
MISC
CONFIRM
wolf -- cms
 
Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded. 2019-03-29 not yet calculated CVE-2019-10646
MISC
wordpress -- wordpress
 
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in. 2019-03-27 not yet calculated CVE-2019-1000031
MISC
BUGTRAQ
wordpress -- wordpress
 
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. 2019-03-27 not yet calculated CVE-2019-1010257
MISC
BUGTRAQ
MISC
wordpress -- wordpress
 
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. 2019-03-24 not yet calculated CVE-2019-9978
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zoho -- manageengine_servicedesk_plus ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. 2019-03-25 not yet calculated CVE-2017-9376
BID
MISC
zoho -- manageengine_servicedesk_plus ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. 2019-03-25 not yet calculated CVE-2017-9362
MISC
zzzcms -- zzzphp ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file). 2019-03-30 not yet calculated CVE-2019-10647
MISC