[US-CERT: Bulletin(SB19-035)] 2019년 1월 28일까지 발표된 보안 취약점

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB19-035)] 2019년 1월 28일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
libgd -- libgd	The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.	2019-01-28	7.5	CVE-2019-6978 MISC MISC MISC MLIST
libvnc_project -- libvncserver	LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.	2019-01-30	7.5	CVE-2018-20750 MISC MISC MLIST UBUNTU MISC
phpmyadmin -- phpmyadmin	An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.	2019-01-26	7.5	CVE-2019-6798 BID CONFIRM
zoneminder -- zoneminder	A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.	2019-01-28	7.5	CVE-2019-6991 MISC MISC

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- acrobat	Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.	2019-01-28	4.3	CVE-2018-19721 CONFIRM
adobe -- acrobat	Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.	2019-01-28	5.0	CVE-2018-19723 BID CONFIRM
adobe -- acrobat	Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.	2019-01-28	4.3	CVE-2018-19728 CONFIRM
adobe -- experience_manager	Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2019-01-28	4.3	CVE-2018-19724 BID CONFIRM
adobe -- experience_manager	Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2019-01-28	4.3	CVE-2018-19726 BID CONFIRM
adobe -- experience_manager	Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2019-01-28	4.3	CVE-2018-19727 BID CONFIRM
apache -- open_office	When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.	2019-01-31	4.6	CVE-2018-11790 BID CONFIRM
arm -- trusted_firmware-a	ARM Trusted Firmware-A allows information disclosure.	2019-01-30	5.0	CVE-2018-19440 CONFIRM CONFIRM
atlassian -- crowd	Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.	2019-01-28	4.0	CVE-2016-10740 CONFIRM
atutor -- atutor	A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.	2019-01-29	4.3	CVE-2019-7172 MISC
axiosys -- bento4	An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.	2019-01-25	4.3	CVE-2019-6966 MISC
cross_reference_project -- cross_reference	An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.	2019-01-31	4.3	CVE-2019-7250 MISC
elfutils_project -- elfutils	In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.	2019-01-28	4.3	CVE-2019-7146 MISC MISC
elfutils_project -- elfutils	An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception.	2019-01-28	4.3	CVE-2019-7148 MISC
elfutils_project -- elfutils	A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.	2019-01-28	4.3	CVE-2019-7149 MISC MISC
elfutils_project -- elfutils	An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.	2019-01-28	4.3	CVE-2019-7150 MISC MISC
encodable -- filechucker	An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.	2019-01-31	6.8	CVE-2019-7216 MISC MISC
foxitsoftware -- phantompdf	An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.	2019-01-30	5.8	CVE-2018-3956 MISC
freshrss -- freshrss	Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.	2019-01-30	4.3	CVE-2018-19782 MISC FULLDISC EXPLOIT-DB MISC
ibm -- api_connect	IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.	2019-01-29	4.0	CVE-2018-1976 BID XF CONFIRM
ibm -- i	IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.	2019-01-31	4.3	CVE-2019-4040 CONFIRM BID XF
ibm -- qradar_security_information_and_event_manager	IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811.	2019-01-29	5.0	CVE-2018-1733 BID XF CONFIRM
idreamsoft -- icms	An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.	2019-01-30	6.4	CVE-2019-7235 MISC
idreamsoft -- icms	An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.	2019-01-30	5.0	CVE-2019-7236 MISC
idreamsoft -- icms	An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.	2019-01-30	5.0	CVE-2019-7237 MISC
ip_history_logs_project -- ip_history_logs	An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.	2019-01-28	4.3	CVE-2019-6979 MISC EXPLOIT-DB
libdoc_project -- libdoc	In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.	2019-01-29	5.0	CVE-2019-7156 BID MISC
libdoc_project -- libdoc	In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.	2019-01-30	6.8	CVE-2019-7233 MISC
linux -- linux_kernel	In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.	2019-02-01	4.7	CVE-2016-10741 MISC MISC MISC MISC
linux -- linux_kernel	In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.	2019-01-31	4.9	CVE-2017-18360 MISC BID MISC MISC MISC
linux -- linux_kernel	A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.	2019-01-25	4.9	CVE-2019-3819 BID CONFIRM
mcafee -- epolicy_orchestrator	Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.	2019-02-01	6.8	CVE-2019-3604 CONFIRM
media_file_manager_project -- media_file_manager	The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.	2019-01-31	5.0	CVE-2018-19040 EXPLOIT-DB
media_file_manager_project -- media_file_manager	The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.	2019-01-31	4.3	CVE-2018-19041 EXPLOIT-DB
media_file_manager_project -- media_file_manager	The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.	2019-01-31	5.0	CVE-2018-19042 EXPLOIT-DB
media_file_manager_project -- media_file_manager	The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.	2019-01-31	5.0	CVE-2018-19043 EXPLOIT-DB
mumble -- mumble	murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.	2019-01-25	5.0	CVE-2018-20743 MISC MISC MISC MISC
nasm -- netwide_assembler	A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.	2019-01-28	4.3	CVE-2019-7147 MISC
netscape -- enterprise_server	servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.	2019-01-31	4.3	CVE-2018-18940 MISC FULLDISC
omron -- cx-one	Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.	2019-01-30	6.8	CVE-2018-19027 BID MISC
omron -- cx-supervisor	An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.	2019-01-28	6.0	CVE-2018-19015 BID MISC
open-xchange -- open-xchange_appsuite	OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.	2019-01-30	4.0	CVE-2018-12609 FULLDISC CONFIRM CONFIRM CONFIRM
open-xchange -- open-xchange_appsuite	OX App Suite 7.8.4 and earlier allows Information Exposure.	2019-01-30	5.0	CVE-2018-12610 FULLDISC CONFIRM CONFIRM
open-xchange -- open-xchange_appsuite	OX App Suite 7.8.4 and earlier allows Directory Traversal.	2019-01-30	4.3	CVE-2018-12611 FULLDISC CONFIRM CONFIRM CONFIRM
openbsd -- openssh	An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.	2019-01-31	4.0	CVE-2019-6109 MISC MISC MISC
paloaltonetworks -- pan-os	The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.	2019-01-30	4.3	CVE-2019-1566 BID CONFIRM
phpmyadmin -- phpmyadmin	An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.	2019-01-26	4.3	CVE-2019-6799 BID CONFIRM
powerdns -- recursor	An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.	2019-01-29	6.8	CVE-2019-3806 CONFIRM CONFIRM
powerdns -- recursor	An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.	2019-01-29	6.4	CVE-2019-3807 CONFIRM CONFIRM
pylonsproject -- colander	In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.	2019-02-01	5.0	CVE-2017-18361 MISC MISC
redhat -- ceph	Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.	2019-01-28	5.0	CVE-2018-16889 BID CONFIRM
rsyslog -- rsyslog	A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.	2019-01-25	5.0	CVE-2018-16881 CONFIRM
static-resource-server_project -- static-resource-server	A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.	2019-02-01	5.0	CVE-2018-16493 MISC
typora -- typora	typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.	2019-01-31	4.3	CVE-2019-7295 MISC
typora -- typora	typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.	2019-01-31	4.3	CVE-2019-7296 MISC
uclouvain -- openjpeg	An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.	2019-01-28	4.3	CVE-2019-6988 BID MISC
webassembly -- binaryen	A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.	2019-01-28	4.3	CVE-2019-7151 MISC
webassembly -- binaryen	A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.	2019-01-28	4.3	CVE-2019-7152 MISC
webassembly -- binaryen	A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.	2019-01-28	4.3	CVE-2019-7153 MISC
webassembly -- binaryen	The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.	2019-01-28	4.3	CVE-2019-7154 MISC
zoneminder -- zoneminder	A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.	2019-01-28	4.3	CVE-2019-6992 MISC MISC

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
croogo -- croogo	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.	2019-01-29	3.5	CVE-2019-7168 MISC
croogo -- croogo	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.	2019-01-29	3.5	CVE-2019-7169 MISC
croogo -- croogo	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.	2019-01-29	3.5	CVE-2019-7170 MISC
croogo -- croogo	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.	2019-01-29	3.5	CVE-2019-7171 MISC
croogo -- croogo	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.	2019-01-29	3.5	CVE-2019-7173 MISC
emerson -- deltav_distributed_control_system	A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.	2019-01-25	3.3	CVE-2018-19021 BID MISC
paloaltonetworks -- pan-os	The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.	2019-01-30	3.5	CVE-2019-1565 BID CONFIRM
tridium -- niagara	Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.	2019-01-29	3.5	CVE-2018-18985 BID MISC
zoneminder -- zoneminder	A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.	2019-01-28	3.5	CVE-2019-6990 MISC MISC

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
3s-smart_software_solutions -- codesys_control_products	In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.	2019-01-29	not yet calculated	CVE-2018-10612 BID MISC
abb -- cms-770	The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.	2019-01-31	not yet calculated	CVE-2018-17928 BID MISC
abb -- m2m_ethernet	The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.	2019-01-31	not yet calculated	CVE-2018-17926 BID MISC
apache -- http_server	In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.	2019-01-30	not yet calculated	CVE-2018-17199 BID CONFIRM MLIST CONFIRM
apache -- http_server	A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.	2019-01-30	not yet calculated	CVE-2019-0190 BID CONFIRM CONFIRM
apache -- http_server	In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.	2019-01-30	not yet calculated	CVE-2018-17189 BID CONFIRM CONFIRM
artica -- proxy	Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.	2019-02-01	not yet calculated	CVE-2019-7300 MISC MISC
avaya -- aura_communication_manager	A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.	2019-02-01	not yet calculated	CVE-2018-15617 CONFIRM
bluez -- bluez	A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.	2019-01-28	not yet calculated	CVE-2018-10910 CONFIRM UBUNTU
cisco -- webex_meetings_server	A version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks.	2019-01-30	not yet calculated	CVE-2018-18895 MISC FULLDISC SECTRACK BUGTRAQ
netapp -- clustered_data_ontap	Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.	2019-02-01	not yet calculated	CVE-2018-5498 CONFIRM
comodo -- utm_firewall	Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.	2019-01-30	not yet calculated	CVE-2018-17431 MISC
d-link -- central_wifimanager_cwm-100_devices	The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.	2019-01-31	not yet calculated	CVE-2018-15516 MISC FULLDISC MISC
d-link -- central_wifimanager_cwm-100_devices	The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.	2019-01-31	not yet calculated	CVE-2018-15517 MISC FULLDISC
d-link -- central_wifimanager_cwm-100_devices	The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.	2019-01-31	not yet calculated	CVE-2018-15515 MISC FULLDISC
d-link -- dir-823g_devices	An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.	2019-01-31	not yet calculated	CVE-2019-7297 BID MISC
d-link -- dir-823g_devices	An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.	2019-02-01	not yet calculated	CVE-2019-7298 BID MISC
debian -- apt	Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.	2019-01-28	not yet calculated	CVE-2019-3462 BID MLIST MLIST CONFIRM UBUNTU DEBIAN
defaults-deep -- defaults-deep	A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.	2019-02-01	not yet calculated	CVE-2018-16486 MISC
dräger -- infinity_delta	Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.	2019-01-28	not yet calculated	CVE-2018-19014 BID MISC
dräger -- infinity_delta	Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.	2019-01-28	not yet calculated	CVE-2018-19012 BID MISC
dräger -- infinity_delta	Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.	2019-01-28	not yet calculated	CVE-2018-19010 BID MISC
express-cart -- express-cart	A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.	2019-02-01	not yet calculated	CVE-2018-16483 MISC
extend -- extend	A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.	2019-02-01	not yet calculated	CVE-2018-16492 MISC
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation.	2019-01-28	not yet calculated	CVE-2019-6985 CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.	2019-01-28	not yet calculated	CVE-2019-6982 CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory.	2019-01-28	not yet calculated	CVE-2019-6983 CONFIRM
foxit_software -- foxit_reader_and_phantompdf	An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer.	2019-01-28	not yet calculated	CVE-2019-6984 CONFIRM
gnu -- c_library	In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.	2019-02-02	not yet calculated	CVE-2019-7309 MISC MISC
google -- android	NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.	2019-01-31	not yet calculated	CVE-2018-6241 BID CONFIRM
hetronic -- nova-m	Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.	2019-01-25	not yet calculated	CVE-2018-19023 BID MISC
html-pages -- html-pages	A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.	2019-02-01	not yet calculated	CVE-2018-16481 MISC
http-live-simulator -- http-live-simulator	Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.	2019-02-01	not yet calculated	CVE-2018-16479 MISC
ibm -- datapower_gateway	IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.	2019-01-29	not yet calculated	CVE-2018-1668 XF CONFIRM
idreamsoft -- icms	idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.	2019-01-29	not yet calculated	CVE-2019-7160 MISC
idreamsoft -- icms	An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.	2019-01-30	not yet calculated	CVE-2019-7234 MISC
just-extend -- just-extend	A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.	2019-02-01	not yet calculated	CVE-2018-16489 MISC
keybase -- keybase	In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.	2019-01-31	not yet calculated	CVE-2019-7249 MISC MISC
labkey -- server_community_edition	An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.	2019-01-30	not yet calculated	CVE-2019-3912 MISC
labkey -- server_community_edition	Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.	2019-01-30	not yet calculated	CVE-2019-3911 MISC
labkey -- server_community_edition	Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.	2019-01-30	not yet calculated	CVE-2019-3913 MISC
lcds -- laquis_scada	LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.	2019-02-01	not yet calculated	CVE-2018-19004 BID MISC
lcds -- laquis_scada	LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.	2019-02-01	not yet calculated	CVE-2018-18988 BID MISC
libvips -- libvips	libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory.	2019-01-26	not yet calculated	CVE-2019-6976 MISC MISC
libvnc -- libvnc	LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.	2019-01-30	not yet calculated	CVE-2018-20749 MISC MISC MLIST UBUNTU MISC
libvnc -- libvnc	LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.	2019-01-30	not yet calculated	CVE-2018-20748 MISC MISC MISC MISC MISC MLIST UBUNTU MISC
linux -- linux_kernel	A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.	2019-01-29	not yet calculated	CVE-2018-16880 BID CONFIRM
linux -- linux_kernel	kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.	2019-02-01	not yet calculated	CVE-2019-7308 MISC MISC MISC MISC MISC MISC
lodash -- lodash	A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.	2019-02-01	not yet calculated	CVE-2018-16487 MISC
m-server -- m-server	Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.	2019-02-01	not yet calculated	CVE-2018-16485 MISC
m-server -- m-server	A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.	2019-02-01	not yet calculated	CVE-2018-16484 MISC
mcafee -- total_protection	Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.	2019-01-28	not yet calculated	CVE-2019-3593 CONFIRM
mcstatic -- mcstatic	A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.	2019-02-01	not yet calculated	CVE-2018-16482 MISC
mpath -- mpath	A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.	2019-02-01	not yet calculated	CVE-2018-16490 MISC
netkit -- netkit	An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.	2019-01-31	not yet calculated	CVE-2019-7283 MISC MISC
netkit -- netkit	In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.	2019-01-31	not yet calculated	CVE-2019-7282 MISC MISC
node.extend -- node.extend	A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.	2019-02-01	not yet calculated	CVE-2018-16491 MISC
olivier_poitrey -- go_cors_handler	The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.	2019-01-28	not yet calculated	CVE-2018-20744 MISC MISC
openjdk_and_eclipse -- openj9	In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.	2019-01-31	not yet calculated	CVE-2018-12548 CONFIRM
openssh -- openssh	An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).	2019-01-31	not yet calculated	CVE-2019-6111 BID MISC MISC EXPLOIT-DB
openssh -- openssh	In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.	2019-01-31	not yet calculated	CVE-2019-6110 MISC MISC MISC EXPLOIT-DB
php -- php	gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.	2019-01-26	not yet calculated	CVE-2019-6977 MISC MISC BID MISC MLIST
pilz -- pnozmulti_configurator	Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.	2019-01-25	not yet calculated	CVE-2018-19009 BID MISC
poppler -- poppler	In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.	2019-02-02	not yet calculated	CVE-2019-7310 MISC MISC
postgresql -- postgresql	PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.	2019-01-25	not yet calculated	CVE-2017-18359 MLIST MISC MISC MISC
practecol -- guardzilla_all-in-one_video_security_system	A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.	2019-01-31	not yet calculated	CVE-2018-5560 MISC MISC
princexml -- princexml	PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.	2019-01-30	not yet calculated	CVE-2018-19858 MISC MISC MISC
public -- public	A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.	2019-02-01	not yet calculated	CVE-2018-16480 MISC MISC
qnap -- photo_station	Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.	2019-02-01	not yet calculated	CVE-2018-0722 CONFIRM
red_hat -- enterprise_linux	A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.	2019-01-28	not yet calculated	CVE-2019-3815 BID REDHAT CONFIRM
rundeck -- rundeck_community_edition	An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.	2019-01-25	not yet calculated	CVE-2019-6804 MISC MISC EXPLOIT-DB
schedmd -- slurm	SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.	2019-01-31	not yet calculated	CVE-2019-6438 CONFIRM CONFIRM
sofintel_it_engineering -- zen_load_balancer	Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.	2019-02-01	not yet calculated	CVE-2019-7301 BID MISC
titanhq -- spamtitan	TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.	2019-01-30	not yet calculated	CVE-2018-15136 MISC
vignette -- content_management	In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued.	2019-01-31	not yet calculated	CVE-2018-18941 MISC FULLDISC
vivo -- vivo_vitro	SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.	2019-01-28	not yet calculated	CVE-2019-6986 MISC MISC
yii -- yii	Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.	2019-01-28	not yet calculated	CVE-2018-20745 MISC MISC