[US-CERT: Bulletin(SB19-007)] 2018년 12월 31일까지 발표된 보안 취약점

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB19-007)] 2018년 12월 31일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.	2018-12-28	5.0	CVE-2018-20566 MISC
f5 -- big-ip_access_policy_manager	A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.	2018-12-28	4.3	CVE-2018-15334 BID CONFIRM
freedesktop -- poppler	A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.	2018-12-28	4.3	CVE-2018-20551 MISC MISC
freedesktop -- poppler	A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.	2019-01-01	4.3	CVE-2018-20650 MISC MISC
libming -- libming	A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.	2018-12-30	4.3	CVE-2018-20591 MISC
tinyexr_project -- tinyexr	An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.	2019-01-01	4.3	CVE-2018-20652 MISC
ucms_project -- ucms	UCMS 1.4.7 has ?do=user_addpost CSRF.	2018-12-30	6.8	CVE-2018-20598 MISC
ucms_project -- ucms	UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.	2018-12-30	6.5	CVE-2018-20599 MISC
ucms_project -- ucms	sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.	2018-12-30	4.3	CVE-2018-20600 MISC

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.	2018-12-28	3.5	CVE-2018-20557 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.	2018-12-28	3.5	CVE-2018-20558 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.	2018-12-28	3.5	CVE-2018-20559 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.	2018-12-28	3.5	CVE-2018-20560 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.	2018-12-28	3.5	CVE-2018-20561 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.	2018-12-28	3.5	CVE-2018-20562 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.	2018-12-28	3.5	CVE-2018-20563 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.	2018-12-28	3.5	CVE-2018-20564 MISC
douco -- douphp	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.	2018-12-28	3.5	CVE-2018-20565 MISC
ucms_project -- ucms	UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.	2018-12-30	3.5	CVE-2018-20597 MISC
ucms_project -- ucms	UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.	2018-12-30	3.5	CVE-2018-20601 MISC
website_seller_script_project -- website_seller_script	PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.	2018-12-28	3.5	CVE-2018-20530 MISC

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
abb -- gate-e1_and_gate-e2	Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.	2019-01-03	not yet calculated	CVE-2018-18995 BID MISC
abb -- gate-e1_and_gate-e2	Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.	2019-01-03	not yet calculated	CVE-2018-18997 BID MISC
ansible -- ansible	ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.	2019-01-03	not yet calculated	CVE-2018-16876 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MISC
ansible -- tower	Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.	2019-01-03	not yet calculated	CVE-2018-16879 BID CONFIRM
apache -- netbeans	Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.	2018-12-31	not yet calculated	CVE-2018-17191 BID MISC
aria2 -- aria2	aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.	2019-01-02	not yet calculated	CVE-2019-3500 MISC
artifex -- ghostscript	In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.	2019-01-02	not yet calculated	CVE-2018-19478 CONFIRM BID CONFIRM CONFIRM MLIST CONFIRM
august -- connect_devices	An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.	2019-01-02	not yet calculated	CVE-2018-20100 MISC
bento4 -- bento4	An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.	2019-01-02	not yet calculated	CVE-2018-20659 MISC
bmc -- remedy	Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.	2019-01-03	not yet calculated	CVE-2018-19505 MISC FULLDISC SECTRACK
buck -- buck	Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.	2018-12-31	not yet calculated	CVE-2018-6331 MISC
chinamobile_plc -- wireless_router_gpn2.4p21-c-cn_devices	ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.	2019-01-02	not yet calculated	CVE-2018-20326 MISC MISC MISC
cim -- cim	public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.	2018-12-30	not yet calculated	CVE-2018-20614 MISC
code42 -- code42_for_enterprise	The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.	2019-01-02	not yet calculated	CVE-2018-20131 MISC
core_ftp_server -- core_ftp_server	The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.	2019-01-02	not yet calculated	CVE-2018-20658 MISC EXPLOIT-DB
couchdb -- couchdb	Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.	2019-01-02	not yet calculated	CVE-2018-17188 MISC
cuba_platform -- cuba_platform	The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.	2019-01-03	not yet calculated	CVE-2018-20663 MISC
cuppacms -- cuppacms	CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.	2018-12-31	not yet calculated	CVE-2018-19918 CONFIRM MISC
d-link -- dir-818lw_and_dir-860l	On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.	2019-01-02	not yet calculated	CVE-2018-20114 MISC
dolibarr -- dolibarr	A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.	2019-01-03	not yet calculated	CVE-2018-19992 MISC
dolibarr -- dolibarr	A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.	2019-01-03	not yet calculated	CVE-2018-19993 MISC
dolibarr -- dolibarr	An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.	2019-01-03	not yet calculated	CVE-2018-19994 MISC
dolibarr -- dolibarr	A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.	2019-01-03	not yet calculated	CVE-2018-19995 MISC MISC
dolibarr -- dolibarr	SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.	2019-01-03	not yet calculated	CVE-2018-19998 MISC MISC
driveragent -- driveragent	DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.	2019-01-03	not yet calculated	CVE-2018-19523 MISC
emc -- rsa_archer	RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.	2019-01-03	not yet calculated	CVE-2018-15780 BID FULLDISC
epon -- cpe-wifi_devices	EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.	2019-01-03	not yet calculated	CVE-2018-20512 MISC
exiftool -- exiftool	ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).	2019-01-02	not yet calculated	CVE-2018-20211 MISC FULLDISC
expressvpn -- expressvpn	An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.	2019-01-02	not yet calculated	CVE-2018-15490 MISC
f5 -- big-ip	When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response	2018-12-28	not yet calculated	CVE-2018-15335 BID CONFIRM
f5 -- big-ip	On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.	2018-12-28	not yet calculated	CVE-2018-15333 BID CONFIRM
f5 -- ip_infusion_zebos_and_ocnos	The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.	2018-12-28	not yet calculated	CVE-2018-17539 BID CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-14718 CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-19360 CONFIRM CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-19361 CONFIRM CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-14720 CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-14721 CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-14719 CONFIRM CONFIRM CONFIRM
fasterxml -- jackson	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.	2019-01-02	not yet calculated	CVE-2018-19362 CONFIRM CONFIRM CONFIRM CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.	2019-01-03	not yet calculated	CVE-2019-5007 CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.	2019-01-03	not yet calculated	CVE-2019-5006 CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.	2019-01-03	not yet calculated	CVE-2019-5005 CONFIRM
freebsd -- freebsd	In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.	2019-01-03	not yet calculated	CVE-2018-17161 BID FREEBSD
frog -- frog_cms	FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.	2018-12-31	not yet calculated	CVE-2018-19844 MISC
getsimple -- getsimple_cms	There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.	2018-12-31	not yet calculated	CVE-2018-19845 MISC
gnu -- binutils	The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.	2019-01-04	not yet calculated	CVE-2018-20673 MISC
gnu -- binutils	load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.	2019-01-04	not yet calculated	CVE-2018-20671 MISC MISC
gnu -- binutils	The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.	2019-01-02	not yet calculated	CVE-2018-20657 BID MISC
gnu -- binutils	In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.	2018-12-31	not yet calculated	CVE-2018-20623 BID MISC
gnu -- binutils	A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.	2019-01-01	not yet calculated	CVE-2018-20651 BID MISC MISC
guardzilla -- gz180_devices	The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.	2018-12-31	not yet calculated	CVE-2018-18600
hhvm -- hhvm	The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).	2018-12-31	not yet calculated	CVE-2018-6340 MISC MISC
hhvm -- hhvm	A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.	2018-12-31	not yet calculated	CVE-2018-6335 MISC MISC
hhvm -- hhvm	folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.	2018-12-31	not yet calculated	CVE-2018-6337 MISC MISC MISC
hhvm -- hhvm	Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).	2018-12-31	not yet calculated	CVE-2018-6334 MISC MISC
hsweb -- hsweb	A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.	2018-12-30	not yet calculated	CVE-2018-20595 MISC MISC
hsweb -- hsweb	An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.	2018-12-30	not yet calculated	CVE-2018-20594 MISC MISC
huawei -- hg_products	There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.	2019-01-02	not yet calculated	CVE-2018-7900 CONFIRM MISC
imcat -- imcat	imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.	2018-12-30	not yet calculated	CVE-2018-20606 MISC
imcat -- imcat	imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.	2018-12-30	not yet calculated	CVE-2018-20605 MISC
imcat -- imcat	imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.	2018-12-30	not yet calculated	CVE-2018-20607 MISC
imcat -- imcat	imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.	2018-12-30	not yet calculated	CVE-2018-20608 MISC
imcat -- imcat	imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.	2018-12-30	not yet calculated	CVE-2018-20609 MISC
imcat -- imcat	imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.	2018-12-30	not yet calculated	CVE-2018-20610 MISC
imcat -- imcat	imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.	2018-12-30	not yet calculated	CVE-2018-20611 MISC
inxedu -- inxedu	inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java), where courseFavoritesService.deleteCourseFavoritesById is mishandled during use of MyBatis. NOTE: UserController.java has a spelling variation in an annotation: a @RequestMapping("/deleteFaveorite/{ids}") line followed by a "public ModelAndView deleteFavorite" line.	2019-01-02	not yet calculated	CVE-2019-3576 MISC
ivan_cordoba -- ivan_cordoba_generic_cms	Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.	2018-12-30	not yet calculated	CVE-2018-20589 MISC
ivan_cordoba -- ivan_cordoba_generic_cms	Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.	2018-12-30	not yet calculated	CVE-2018-20590 MISC
jasper -- jasper	JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.	2018-12-31	not yet calculated	CVE-2018-20622 BID MISC MLIST
jspxcms -- jspxcms	Jspxcms v9.0.0 allows SSRF.	2018-12-30	not yet calculated	CVE-2018-20596 MISC
lei_feng_tv -- lei_feng_tv_cms	Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.	2018-12-30	not yet calculated	CVE-2018-20602 MISC
lei_feng_tv -- lei_feng_tv_cms	Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.	2018-12-30	not yet calculated	CVE-2018-20603 MISC
lei_feng_tv -- lei_feng_tv_cms	Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.	2018-12-30	not yet calculated	CVE-2018-20604 MISC
libming -- libming	An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.	2019-01-02	not yet calculated	CVE-2019-3572 MISC
libsixel -- libsixel	In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.	2019-01-02	not yet calculated	CVE-2019-3574 MISC MISC
libsixel -- libsixel	In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.	2019-01-02	not yet calculated	CVE-2019-3573 MISC MISC
linux -- linux_kernel	An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).	2019-01-03	not yet calculated	CVE-2019-3701 BID MISC MISC
mcafee -- application_control_and_change_control	A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.	2018-12-31	not yet calculated	CVE-2018-6668 CONFIRM
mini-xml -- mini-xml	In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.	2018-12-30	not yet calculated	CVE-2018-20593 MISC MISC MISC
mini-xml -- mini-xml	In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.	2018-12-30	not yet calculated	CVE-2018-20592 MISC MISC MISC
multiple_vendors -- multiple_products	An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7	2018-12-31	not yet calculated	CVE-2018-6336 MISC
mybb -- mybb	The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.	2019-01-02	not yet calculated	CVE-2019-3501 MISC MISC
nuclide -- nuclide	The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.	2018-12-31	not yet calculated	CVE-2018-6333 MISC
ok-file-formats -- ok-file-formats	ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.	2018-12-31	not yet calculated	CVE-2018-20617 MISC
ok-file-formats -- ok-file-formats	ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.	2018-12-31	not yet calculated	CVE-2018-20618 MISC
ok-file-formats -- ok-file-formats	ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.	2018-12-31	not yet calculated	CVE-2018-20616 MISC
openrefine -- openrefine	OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.	2019-01-02	not yet calculated	CVE-2019-3580 MISC
otfcc -- otfcc	lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.	2018-12-30	not yet calculated	CVE-2018-20588 MISC
poppler -- poppler	In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.	2019-01-03	not yet calculated	CVE-2018-20662 MISC MISC
proxygen -- proxygen	Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.	2018-12-31	not yet calculated	CVE-2018-6343 MISC
proxygen -- proxygen	A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.	2018-12-31	not yet calculated	CVE-2018-6346 MISC
proxygen -- proxygen	An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.	2018-12-31	not yet calculated	CVE-2018-6347 MISC
react -- react_applications	React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.	2018-12-31	not yet calculated	CVE-2018-6341 MISC MISC
react-dev-utils -- react-dev-utils	react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.	2018-12-31	not yet calculated	CVE-2018-6342 MISC MISC
simply-blog -- simply-blog	Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.	2019-01-01	not yet calculated	CVE-2019-3494 MISC
sqla_yaml_fixtures -- sqla_yaml_fixtures	Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.	2019-01-03	not yet calculated	CVE-2019-3575 MISC
technicolor -- mediaaccess_tg789vac_hp_devices	The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.	2019-01-03	not yet calculated	CVE-2018-8827 MISC
telegram -- telegram_messaging_application_for_android	An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.	2019-01-03	not yet calculated	CVE-2018-3986 BID MISC
temmoku -- temmoku	TEMMOKU T1.09 Beta allows admin/user/add CSRF.	2018-12-30	not yet calculated	CVE-2018-20613 MISC
tobesoft -- xplatform	A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.	2019-01-02	not yet calculated	CVE-2018-5197 MISC MISC
uwa -- uwa	UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.	2018-12-30	not yet calculated	CVE-2018-20612 MISC
vtiger -- vtiger_crm	Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.	2019-01-04	not yet calculated	CVE-2019-5009 MISC MISC MISC EXPLOIT-DB
waimai -- waimai_super_cms	An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.	2019-01-02	not yet calculated	CVE-2019-3577 MISC
webroot -- brightcloud_sdk	An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.	2019-01-03	not yet calculated	CVE-2018-4012 MISC
weixin-java-tools -- weixin-java-tools	An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.	2019-01-04	not yet calculated	CVE-2019-5312 MISC
whatsapp -- whatsapp	A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.	2018-12-31	not yet calculated	CVE-2018-6344 BID MISC
yunucms -- yunucms	An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.	2019-01-04	not yet calculated	CVE-2019-5311 MISC
yunucms -- yunucms	YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.	2019-01-04	not yet calculated	CVE-2019-5310 MISC
zoho_manageengine -- adselfservice	Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.	2019-01-03	not yet calculated	CVE-2019-3905 CONFIRM
zoho_manageengine -- adselfservice	Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.	2019-01-03	not yet calculated	CVE-2018-20664 CONFIRM