본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB19-035)] 2019년 1월 28일까지 발표된 보안 취약점

by manga0713 2019. 2. 13.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB19-035)] 2019년 1월 28일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
libgd -- libgd The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. 2019-01-28 7.5 CVE-2019-6978
MISC
MISC
MISC
MLIST
libvnc_project -- libvncserver LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. 2019-01-30 7.5 CVE-2018-20750
MISC
MISC
MLIST
UBUNTU
MISC
phpmyadmin -- phpmyadmin An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. 2019-01-26 7.5 CVE-2019-6798
BID
CONFIRM
zoneminder -- zoneminder A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. 2019-01-28 7.5 CVE-2019-6991
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723. 2019-01-28 4.3 CVE-2018-19721
CONFIRM
adobe -- acrobat Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721. 2019-01-28 5.0 CVE-2018-19723
BID
CONFIRM
adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-28 4.3 CVE-2018-19728
CONFIRM
adobe -- experience_manager Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-01-28 4.3 CVE-2018-19724
BID
CONFIRM
adobe -- experience_manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-01-28 4.3 CVE-2018-19726
BID
CONFIRM
adobe -- experience_manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-01-28 4.3 CVE-2018-19727
BID
CONFIRM
apache -- open_office When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. 2019-01-31 4.6 CVE-2018-11790
BID
CONFIRM
arm -- trusted_firmware-a ARM Trusted Firmware-A allows information disclosure. 2019-01-30 5.0 CVE-2018-19440
CONFIRM
CONFIRM
atlassian -- crowd Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources. 2019-01-28 4.0 CVE-2016-10740
CONFIRM
atutor -- atutor A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. 2019-01-29 4.3 CVE-2019-7172
MISC
axiosys -- bento4 An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. 2019-01-25 4.3 CVE-2019-6966
MISC
cross_reference_project -- cross_reference An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. 2019-01-31 4.3 CVE-2019-7250
MISC
elfutils_project -- elfutils In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. 2019-01-28 4.3 CVE-2019-7146
MISC
MISC
elfutils_project -- elfutils An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. 2019-01-28 4.3 CVE-2019-7148
MISC
elfutils_project -- elfutils A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. 2019-01-28 4.3 CVE-2019-7149
MISC
MISC
elfutils_project -- elfutils An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. 2019-01-28 4.3 CVE-2019-7150
MISC
MISC
encodable -- filechucker An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. 2019-01-31 6.8 CVE-2019-7216
MISC
MISC
foxitsoftware -- phantompdf An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2019-01-30 5.8 CVE-2018-3956
MISC
freshrss -- freshrss Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. 2019-01-30 4.3 CVE-2018-19782
MISC
FULLDISC
EXPLOIT-DB
MISC
ibm -- api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031. 2019-01-29 4.0 CVE-2018-1976
BID
XF
CONFIRM
ibm -- i IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. 2019-01-31 4.3 CVE-2019-4040
CONFIRM
BID
XF
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811. 2019-01-29 5.0 CVE-2018-1733
BID
XF
CONFIRM
idreamsoft -- icms An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. 2019-01-30 6.4 CVE-2019-7235
MISC
idreamsoft -- icms An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. 2019-01-30 5.0 CVE-2019-7236
MISC
idreamsoft -- icms An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. 2019-01-30 5.0 CVE-2019-7237
MISC
ip_history_logs_project -- ip_history_logs An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field. 2019-01-28 4.3 CVE-2019-6979
MISC
EXPLOIT-DB
libdoc_project -- libdoc In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. 2019-01-29 5.0 CVE-2019-7156
BID
MISC
libdoc_project -- libdoc In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. 2019-01-30 6.8 CVE-2019-7233
MISC
linux -- linux_kernel In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. 2019-02-01 4.7 CVE-2016-10741
MISC
MISC
MISC
MISC
linux -- linux_kernel In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. 2019-01-31 4.9 CVE-2017-18360
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. 2019-01-25 4.9 CVE-2019-3819
BID
CONFIRM
mcafee -- epolicy_orchestrator Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. 2019-02-01 6.8 CVE-2019-3604
CONFIRM
media_file_manager_project -- media_file_manager The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. 2019-01-31 5.0 CVE-2018-19040
EXPLOIT-DB
media_file_manager_project -- media_file_manager The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. 2019-01-31 4.3 CVE-2018-19041
EXPLOIT-DB
media_file_manager_project -- media_file_manager The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. 2019-01-31 5.0 CVE-2018-19042
EXPLOIT-DB
media_file_manager_project -- media_file_manager The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. 2019-01-31 5.0 CVE-2018-19043
EXPLOIT-DB
mumble -- mumble murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. 2019-01-25 5.0 CVE-2018-20743
MISC
MISC
MISC
MISC
nasm -- netwide_assembler A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. 2019-01-28 4.3 CVE-2019-7147
MISC
netscape -- enterprise_server servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. 2019-01-31 4.3 CVE-2018-18940
MISC
FULLDISC
omron -- cx-one Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. 2019-01-30 6.8 CVE-2018-19027
BID
MISC
omron -- cx-supervisor An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. 2019-01-28 6.0 CVE-2018-19015
BID
MISC
open-xchange -- open-xchange_appsuite OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. 2019-01-30 4.0 CVE-2018-12609
FULLDISC
CONFIRM
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuite OX App Suite 7.8.4 and earlier allows Information Exposure. 2019-01-30 5.0 CVE-2018-12610
FULLDISC
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuite OX App Suite 7.8.4 and earlier allows Directory Traversal. 2019-01-30 4.3 CVE-2018-12611
FULLDISC
CONFIRM
CONFIRM
CONFIRM
openbsd -- openssh An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. 2019-01-31 4.0 CVE-2019-6109
MISC
MISC
MISC
paloaltonetworks -- pan-os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. 2019-01-30 4.3 CVE-2019-1566
BID
CONFIRM
phpmyadmin -- phpmyadmin An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. 2019-01-26 4.3 CVE-2019-6799
BID
CONFIRM
powerdns -- recursor An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. 2019-01-29 6.8 CVE-2019-3806
CONFIRM
CONFIRM
powerdns -- recursor An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. 2019-01-29 6.4 CVE-2019-3807
CONFIRM
CONFIRM
pylonsproject -- colander In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. 2019-02-01 5.0 CVE-2017-18361
MISC
MISC
redhat -- ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. 2019-01-28 5.0 CVE-2018-16889
BID
CONFIRM
rsyslog -- rsyslog A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. 2019-01-25 5.0 CVE-2018-16881
CONFIRM
static-resource-server_project -- static-resource-server A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. 2019-02-01 5.0 CVE-2018-16493
MISC
typora -- typora typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. 2019-01-31 4.3 CVE-2019-7295
MISC
typora -- typora typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. 2019-01-31 4.3 CVE-2019-7296
MISC
uclouvain -- openjpeg An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. 2019-01-28 4.3 CVE-2019-6988
BID
MISC
webassembly -- binaryen A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. 2019-01-28 4.3 CVE-2019-7151
MISC
webassembly -- binaryen A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. 2019-01-28 4.3 CVE-2019-7152
MISC
webassembly -- binaryen A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. 2019-01-28 4.3 CVE-2019-7153
MISC
webassembly -- binaryen The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. 2019-01-28 4.3 CVE-2019-7154
MISC
zoneminder -- zoneminder A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. 2019-01-28 4.3 CVE-2019-6992
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
croogo -- croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. 2019-01-29 3.5 CVE-2019-7168
MISC
croogo -- croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. 2019-01-29 3.5 CVE-2019-7169
MISC
croogo -- croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. 2019-01-29 3.5 CVE-2019-7170
MISC
croogo -- croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. 2019-01-29 3.5 CVE-2019-7171
MISC
croogo -- croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. 2019-01-29 3.5 CVE-2019-7173
MISC
emerson -- deltav_distributed_control_system A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. 2019-01-25 3.3 CVE-2018-19021
BID
MISC
paloaltonetworks -- pan-os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. 2019-01-30 3.5 CVE-2019-1565
BID
CONFIRM
tridium -- niagara Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. 2019-01-29 3.5 CVE-2018-18985
BID
MISC
zoneminder -- zoneminder A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. 2019-01-28 3.5 CVE-2019-6990
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions -- codesys_control_products In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. 2019-01-29 not yet calculated CVE-2018-10612
BID
MISC
abb -- cms-770
 
The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. 2019-01-31 not yet calculated CVE-2018-17928
BID
MISC
abb -- m2m_ethernet The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. 2019-01-31 not yet calculated CVE-2018-17926
BID
MISC
apache -- http_server In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. 2019-01-30 not yet calculated CVE-2018-17199
BID
CONFIRM
MLIST
CONFIRM
apache -- http_server A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. 2019-01-30 not yet calculated CVE-2019-0190
BID
CONFIRM
CONFIRM
apache -- http_server In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. 2019-01-30 not yet calculated CVE-2018-17189
BID
CONFIRM
CONFIRM
artica -- proxy Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. 2019-02-01 not yet calculated CVE-2019-7300
MISC
MISC
avaya -- aura_communication_manager A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. 2019-02-01 not yet calculated CVE-2018-15617
CONFIRM
bluez -- bluez A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. 2019-01-28 not yet calculated CVE-2018-10910
CONFIRM
UBUNTU
cisco -- webex_meetings_server A version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks. 2019-01-30 not yet calculated CVE-2018-18895
MISC
FULLDISC
SECTRACK
BUGTRAQ
netapp -- clustered_data_ontap Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. 2019-02-01 not yet calculated CVE-2018-5498
CONFIRM
comodo -- utm_firewall Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. 2019-01-30 not yet calculated CVE-2018-17431
MISC
d-link -- central_wifimanager_cwm-100_devices The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. 2019-01-31 not yet calculated CVE-2018-15516
MISC
FULLDISC
MISC
d-link -- central_wifimanager_cwm-100_devices The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. 2019-01-31 not yet calculated CVE-2018-15517
MISC
FULLDISC
d-link -- central_wifimanager_cwm-100_devices The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. 2019-01-31 not yet calculated CVE-2018-15515
MISC
FULLDISC
d-link -- dir-823g_devices An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. 2019-01-31 not yet calculated CVE-2019-7297
BID
MISC
d-link -- dir-823g_devices An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. 2019-02-01 not yet calculated CVE-2019-7298
BID
MISC
debian -- apt
 
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. 2019-01-28 not yet calculated CVE-2019-3462
BID
MLIST
MLIST
CONFIRM
UBUNTU
DEBIAN
defaults-deep -- defaults-deep
 
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16486
MISC
dräger -- infinity_delta Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. 2019-01-28 not yet calculated CVE-2018-19014
BID
MISC
dräger -- infinity_delta Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system. 2019-01-28 not yet calculated CVE-2018-19012
BID
MISC
dräger -- infinity_delta Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. 2019-01-28 not yet calculated CVE-2018-19010
BID
MISC
express-cart -- express-cart
 
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. 2019-02-01 not yet calculated CVE-2018-16483
MISC
extend -- extend
 
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16492
MISC
foxit_software -- foxit_reader_and_phantompdf An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation. 2019-01-28 not yet calculated CVE-2019-6985
CONFIRM
foxit_software -- foxit_reader_and_phantompdf An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function. 2019-01-28 not yet calculated CVE-2019-6982
CONFIRM
foxit_software -- foxit_reader_and_phantompdf An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory. 2019-01-28 not yet calculated CVE-2019-6983
CONFIRM
foxit_software -- foxit_reader_and_phantompdf An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer. 2019-01-28 not yet calculated CVE-2019-6984
CONFIRM
gnu -- c_library In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. 2019-02-02 not yet calculated CVE-2019-7309
MISC
MISC
google -- android
 
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A. 2019-01-31 not yet calculated CVE-2018-6241
BID
CONFIRM
hetronic -- nova-m Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. 2019-01-25 not yet calculated CVE-2018-19023
BID
MISC
html-pages -- html-pages
 
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. 2019-02-01 not yet calculated CVE-2018-16481
MISC
http-live-simulator -- http-live-simulator
 
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. 2019-02-01 not yet calculated CVE-2018-16479
MISC
ibm -- datapower_gateway IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. 2019-01-29 not yet calculated CVE-2018-1668
XF
CONFIRM
idreamsoft -- icms idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. 2019-01-29 not yet calculated CVE-2019-7160
MISC
idreamsoft -- icms An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. 2019-01-30 not yet calculated CVE-2019-7234
MISC
just-extend -- just-extend
 
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. 2019-02-01 not yet calculated CVE-2018-16489
MISC
keybase -- keybase
 
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs. 2019-01-31 not yet calculated CVE-2019-7249
MISC
MISC
labkey -- server_community_edition An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. 2019-01-30 not yet calculated CVE-2019-3912
MISC
labkey -- server_community_edition Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. 2019-01-30 not yet calculated CVE-2019-3911
MISC
labkey -- server_community_edition Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. 2019-01-30 not yet calculated CVE-2019-3913
MISC
lcds -- laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. 2019-02-01 not yet calculated CVE-2018-19004
BID
MISC
lcds -- laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. 2019-02-01 not yet calculated CVE-2018-18988
BID
MISC
libvips -- libvips
 
libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. 2019-01-26 not yet calculated CVE-2019-6976
MISC
MISC
libvnc -- libvnc LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. 2019-01-30 not yet calculated CVE-2018-20749
MISC
MISC
MLIST
UBUNTU
MISC
libvnc -- libvnc
 
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. 2019-01-30 not yet calculated CVE-2018-20748
MISC
MISC
MISC
MISC
MISC
MLIST
UBUNTU
MISC
linux -- linux_kernel A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. 2019-01-29 not yet calculated CVE-2018-16880
BID
CONFIRM
linux -- linux_kernel kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. 2019-02-01 not yet calculated CVE-2019-7308
MISC
MISC
MISC
MISC
MISC
MISC
lodash -- lodash
 
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. 2019-02-01 not yet calculated CVE-2018-16487
MISC
m-server -- m-server Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. 2019-02-01 not yet calculated CVE-2018-16485
MISC
m-server -- m-server
 
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. 2019-02-01 not yet calculated CVE-2018-16484
MISC
mcafee -- total_protection Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware. 2019-01-28 not yet calculated CVE-2019-3593
CONFIRM
mcstatic -- mcstatic
 
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. 2019-02-01 not yet calculated CVE-2018-16482
MISC
mpath -- mpath
 
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16490
MISC
netkit -- netkit An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. 2019-01-31 not yet calculated CVE-2019-7283
MISC
MISC
netkit -- netkit
 
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. 2019-01-31 not yet calculated CVE-2019-7282
MISC
MISC
node.extend -- node.extend
 
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16491
MISC
olivier_poitrey -- go_cors_handler
 
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. 2019-01-28 not yet calculated CVE-2018-20744
MISC
MISC
openjdk_and_eclipse -- openj9 In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code. 2019-01-31 not yet calculated CVE-2018-12548
CONFIRM
openssh -- openssh An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). 2019-01-31 not yet calculated CVE-2019-6111
BID
MISC
MISC
EXPLOIT-DB
openssh -- openssh
 
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. 2019-01-31 not yet calculated CVE-2019-6110
MISC
MISC
MISC
EXPLOIT-DB
php -- php
 
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. 2019-01-26 not yet calculated CVE-2019-6977
MISC
MISC
BID
MISC
MLIST
pilz -- pnozmulti_configurator Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. 2019-01-25 not yet calculated CVE-2018-19009
BID
MISC
poppler -- poppler
 
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. 2019-02-02 not yet calculated CVE-2019-7310
MISC
MISC
postgresql -- postgresql PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. 2019-01-25 not yet calculated CVE-2017-18359
MLIST
MISC
MISC
MISC
practecol -- guardzilla_all-in-one_video_security_system A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. 2019-01-31 not yet calculated CVE-2018-5560
MISC
MISC
princexml -- princexml
 
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF. 2019-01-30 not yet calculated CVE-2018-19858
MISC
MISC
MISC
public -- public
 
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. 2019-02-01 not yet calculated CVE-2018-16480
MISC
MISC
qnap -- photo_station Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. 2019-02-01 not yet calculated CVE-2018-0722
CONFIRM
red_hat -- enterprise_linux A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. 2019-01-28 not yet calculated CVE-2019-3815
BID
REDHAT
CONFIRM
rundeck -- rundeck_community_edition An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. 2019-01-25 not yet calculated CVE-2019-6804
MISC
MISC
EXPLOIT-DB
schedmd -- slurm SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. 2019-01-31 not yet calculated CVE-2019-6438
CONFIRM
CONFIRM
sofintel_it_engineering -- zen_load_balancer Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. 2019-02-01 not yet calculated CVE-2019-7301
BID
MISC
titanhq -- spamtitan TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application. 2019-01-30 not yet calculated CVE-2018-15136
MISC
vignette -- content_management In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. 2019-01-31 not yet calculated CVE-2018-18941
MISC
FULLDISC
vivo -- vivo_vitro
 
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. 2019-01-28 not yet calculated CVE-2019-6986
MISC
MISC
yii -- yii Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. 2019-01-28 not yet calculated CVE-2018-20745
MISC
MISC