SB19-049: Vulnerability Summary for the Week of February 11, 2019

Original release date: February 18, 2019 | Last revised: February 19, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abbyy — flexicaptureMultiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.2019-02-097.5CVE-2018-13792
CONFIRM
aveva — indusoft_web_studioAVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.2019-02-1210.0CVE-2019-6543
MISC
EXPLOIT-DB
MISC
aveva — indusoft_web_studioAVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.2019-02-1210.0CVE-2019-6545
MISC
EXPLOIT-DB
MISC
cim_project — ciminstall/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.2019-02-107.5CVE-2019-7692
MISC
dlink — dir-600m_firmwareD-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.2019-02-117.5CVE-2019-7736
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.2019-02-129.0CVE-2019-8312
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.2019-02-129.0CVE-2019-8313
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field.2019-02-129.0CVE-2019-8314
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field.2019-02-129.0CVE-2019-8315
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field.2019-02-129.0CVE-2019-8316
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.2019-02-129.0CVE-2019-8318
MISC
dlink — dir-878_firmwareAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field.2019-02-129.0CVE-2019-8319
MISC
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.2019-02-117.2CVE-2018-11962
BID
CONFIRM
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.2019-02-117.2CVE-2018-12014
BID
CONFIRM
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed2019-02-117.2CVE-2018-13889
BID
CONFIRM
google — androidNVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.2019-02-139.3CVE-2018-6267
BID
CONFIRM
google — androidNVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.2019-02-139.3CVE-2018-6268
BID
CONFIRM
google — androidNVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.2019-02-139.3CVE-2018-6271
BID
CONFIRM
google — androidIn bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487.2019-02-1110.0CVE-2018-9583
BID
CONFIRM
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.2019-02-127.5CVE-2019-7743
BID
MISC
mobotix — s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.2019-02-0910.0CVE-2009-5154
MISC
MISC
mywebsql — mywebsqlMyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup’s archive file.2019-02-117.5CVE-2019-7731
MISC
nibbleblog — nibbleblogNibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.2019-02-107.5CVE-2019-7719
MISC
pocoo — jinja2An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the “source” parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.2019-02-157.5CVE-2019-8341
MISC
EXPLOIT-DB
qualcomm — mdm9206_firmwareThere is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605.2019-02-117.2CVE-2018-13888
BID
CONFIRM
qualcomm — mdm9607_firmwareUnauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016.2019-02-117.2CVE-2018-11888
BID
CONFIRM
taogogo — taocmstaocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.2019-02-107.5CVE-2019-7720
MISC
traq — traqTraq 3.7.1 allows SQL Injection via a tickets?search= URI.2019-02-107.5CVE-2018-20779
MISC
we-con — levistudiouSeveral heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-129.3CVE-2019-6539
BID
MISC
webassembly — binaryenAn assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.2019-02-097.1CVE-2019-7662
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb — cp400pb_firmwareThe TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn’t properly prevent the insertion of specially crafted files which could allow arbitrary code execution.2019-02-136.8CVE-2018-19008
BID
MISC
apache — jspwikiA carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.2019-02-114.3CVE-2018-20242
BID
MLIST
atlassian — confluenceAtlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.2019-02-134.0CVE-2018-20237
BID
CONFIRM
atlassian — crowdVarious rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.2019-02-135.5CVE-2018-20238
BID
CONFIRM
atto — fibrebridge_7500n_firmwareATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS).2019-02-125.0CVE-2018-5499
CONFIRM
axiositalia — registro_elettronicoAxios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports “Sissi in Rete (con server)” for offline operation.2019-02-104.3CVE-2019-7693
MISC
MISC
axiosys — bento4An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.2019-02-104.3CVE-2019-7697
MISC
axiosys — bento4An issue was discovered in AP4_Array::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.2019-02-104.3CVE-2019-7698
MISC
axiosys — bento4A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.2019-02-104.3CVE-2019-7699
MISC
beescms — beescmsBEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.2019-02-156.8CVE-2019-8347
MISC
dbninja — dbninjaDbNinja 3.2.7 allows session fixation via the data.php sessid parameter.2019-02-116.8CVE-2019-7747
MISC
dbninja — dbninja_includesonline.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.2019-02-114.3CVE-2019-7748
MISC
elfutils_project — elfutilsIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).2019-02-094.3CVE-2019-7664
MISC
elfutils_project — elfutilsIn elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.2019-02-094.3CVE-2019-7665
MISC
MISC
enigmail — enigmailEnigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.2019-02-114.3CVE-2018-15586
MISC
estrongs — es_file_explorer_file_managerThe Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker’s web site is displayed in a WebView with no information about the URL.2019-02-154.3CVE-2019-8345
MISC
f5 — big-ip_access_policy_managerOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.2019-02-134.3CVE-2019-6589
CONFIRM
frog_cms_project — frog_cmsFrog CMS 0.9.5 allows PHP code execution via 2019-02-106.5CVE-2018-20772
MISC
frog_cms_project — frog_cmsFrog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional 2019-02-106.5CVE-2018-20773
MISC
frog_cms_project — frog_cmsadmin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.2019-02-106.5CVE-2018-20775
MISC
frog_cms_project — frog_cmsFrog CMS 0.9.5 provides a directory listing for a /public request.2019-02-105.0CVE-2018-20776
MISC
frog_cms_project — frog_cmsadmin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.2019-02-104.3CVE-2018-20778
MISC
gnome — evolutionGNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.2019-02-114.3CVE-2018-15587
MISC
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.2019-02-114.6CVE-2018-12010
CONFIRM
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.2019-02-114.6CVE-2018-13893
CONFIRM
google — androidIn package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362.2019-02-114.6CVE-2018-9582
BID
CONFIRM
google — androidIn nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.2019-02-114.6CVE-2018-9584
BID
CONFIRM
google — androidIn nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.2019-02-114.6CVE-2018-9585
BID
CONFIRM
google — androidIn run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444.2019-02-114.4CVE-2018-9586
BID
CONFIRM
google — androidIn savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.2019-02-114.4CVE-2018-9587
BID
CONFIRM
google — androidIn add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-115900043.2019-02-115.0CVE-2018-9590
BID
CONFIRM
google — androidIn bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116108738.2019-02-115.0CVE-2018-9591
BID
CONFIRM
google — androidIn mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076.2019-02-115.0CVE-2018-9592
BID
CONFIRM
hotels_server_project — hotels_servercontroller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.2019-02-085.0CVE-2019-7648
MISC
housegate — house_gateDirectory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2019-02-135.0CVE-2019-5910
JVN
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. The “No Filtering” textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.2019-02-124.3CVE-2019-7739
BID
MISC
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.2019-02-124.3CVE-2019-7740
MISC
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.2019-02-124.3CVE-2019-7741
MISC
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.2019-02-124.3CVE-2019-7742
MISC
joomla — joomla!An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.2019-02-124.3CVE-2019-7744
MISC
lexmark — 6500e_firmwareCertain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.2019-02-116.4CVE-2019-6489
CONFIRM
libtiff — libtiffAn Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.2019-02-094.3CVE-2019-7663
MISC
MLIST
linux — linux_kernelIn the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.2019-02-155.8CVE-2019-6974
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
live555 — streaming_mediaIn Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.2019-02-115.0CVE-2019-7732
MISC
live555 — streaming_mediaIn Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.2019-02-115.0CVE-2019-7733
MISC
metinfo — metinfoAn issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=2019-02-106.8CVE-2019-7718
MISC
mobotix — s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.2019-02-095.0CVE-2019-7673
MISC
mobotix — s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the “aaaaa” password, considered insecure for some use cases, from a user.2019-02-095.0CVE-2019-7674
MISC
mobotix — s14_firmwareAn issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.2019-02-095.0CVE-2019-7675
MISC
mywebsql — mywebsqlMyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.2019-02-114.9CVE-2019-7730
MISC
nasm — netwide_assemblerIn Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.2019-02-156.8CVE-2019-8343
MISC
nconsulting — nc-cmslib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.2019-02-105.0CVE-2019-7721
MISC
nttdocomo — v20_pro_l-01j_firmwareV20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.2019-02-135.7CVE-2019-5914
JVN
MISC
omron — cx-supervisorAn access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-02-126.0CVE-2018-19018
MISC
qualcomm — mdm9206_firmwareWhile processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.2019-02-114.6CVE-2018-11899
CONFIRM
rarlab — winrarIn WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.2019-02-126.8CVE-2018-20253
MISC
schoolcms — schoolcmsAn issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].2019-02-134.3CVE-2019-8334
MISC
schoolcms — schoolcmsAn issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].2019-02-134.3CVE-2019-8335
MISC
symantec — ghost_solution_suiteSymantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.2019-02-086.0CVE-2018-18364
BID
CONFIRM
traq — traqTraq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).2019-02-106.8CVE-2018-20780
MISC
verydows — verydowsA CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.2019-02-116.8CVE-2019-7737
MISC
verydows — verydowsVerydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.2019-02-124.3CVE-2019-7753
MISC
we-con — levistudiouA memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-126.8CVE-2019-6541
BID
MISC
webassembly — binaryenA heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.2019-02-104.3CVE-2019-7700
MISC
webassembly — binaryenA heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.2019-02-104.3CVE-2019-7701
MISC
webassembly — binaryenA NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.2019-02-104.3CVE-2019-7702
MISC
webassembly — binaryenIn Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.2019-02-104.3CVE-2019-7703
MISC
webassembly — binaryenwasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.2019-02-104.3CVE-2019-7704
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian — jiraThe two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.2019-02-133.5CVE-2018-13403
CONFIRM
atlassian — jiraThe labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.2019-02-133.5CVE-2018-20232
BID
CONFIRM
cisco — identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.2019-02-083.5CVE-2019-1673
BID
CISCO
frog_cms_project — frog_cmsFrog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.2019-02-103.5CVE-2018-20774
MISC
frog_cms_project — frog_cmsFrog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.2019-02-103.5CVE-2018-20777
MISC
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.2019-02-112.1CVE-2018-12006
CONFIRM
google — androidIn all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.2019-02-112.1CVE-2018-12011
CONFIRM
google — androidIn avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156.2019-02-113.3CVE-2018-9588
BID
CONFIRM
google — androidIn ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132.2019-02-112.1CVE-2018-9589
BID
CONFIRM
google — androidIn llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.2019-02-113.3CVE-2018-9593
BID
CONFIRM
google — androidIn llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.2019-02-113.3CVE-2018-9594
BID
CONFIRM
mcafee — true_keyData Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.2019-02-132.1CVE-2019-3610
CONFIRM
omron — cx-supervisorWhen CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.2019-02-123.5CVE-2018-19020
MISC
sap — business_oneUnder certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.2019-02-152.1CVE-2019-0256
BID
MISC
MISC
tenable — nessusNessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user’s browser session. Tenable has released Nessus 8.2.2 to address this issue.2019-02-113.5CVE-2019-3923
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advancecomp — advancecompAn issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.2019-02-16not yet calculatedCVE-2019-8383
MISC
MISC
advancecomp — advancecomp
 
An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.2019-02-16not yet calculatedCVE-2019-8379
MISC
MISC
amazon — fire_osAmazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for “Terms of Use” and Privacy pages.2019-02-16not yet calculatedCVE-2019-7399
BID
MISC
atlassian — jira
 
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.2019-02-13not yet calculatedCVE-2018-13404
CONFIRM
bento4 — bento4An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8382
MISC
MISC
bento4 — bento4An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8380
MISC
MISC
bento4 — bento4
 
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8378
MISC
MISC
bitcoin — bitcoin_core_and_bitcoin_knots
 
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.2019-02-11not yet calculatedCVE-2018-20587
MISC
MISC
c.p.sub_project — c.p.subC.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.2019-02-11not yet calculatedCVE-2019-7738
MISC
MISC
cisco — meeting_server
 
A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.2019-02-08not yet calculatedCVE-2019-1676
BID
CISCO
cisco — network_assurance_engine
 
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).2019-02-12not yet calculatedCVE-2019-1688
BID
CISCO
cloud_foundry — credhub_cli
 
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.2019-02-13not yet calculatedCVE-2019-3782
BID
CONFIRM
d-circle — power_eggInput validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.2019-02-13not yet calculatedCVE-2019-5916
JVN
MISC
d-link — dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.2019-02-16not yet calculatedCVE-2019-8392
MISC
d-link — dir-878_devicesAn issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.2019-02-12not yet calculatedCVE-2019-8317
MISC
dedecms — dedecms
 
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as “1.jpg.php” (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).2019-02-16not yet calculatedCVE-2019-8362
MISC
dell — wyse_password_encoder
 
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.2019-02-13not yet calculatedCVE-2018-15781
MISC
django — djangoDjango 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.2019-02-11not yet calculatedCVE-2019-6975
BID
MISC
MISC
UBUNTU
MISC
MISC
dundas_data_visualization — dundas_bi
 
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the “export the dashboard as an image” feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks.2019-02-11not yet calculatedCVE-2018-18569
MISC
eclipse — openj9
 
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.2019-02-11not yet calculatedCVE-2018-12547
CONFIRM
eclipse — openj9
 
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.2019-02-11not yet calculatedCVE-2018-12549
CONFIRM
enphase_energy — envoyXSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7677
MISC
MISC
enphase_energy — envoyA directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.2019-02-09not yet calculatedCVE-2019-7678
MISC
MISC
flatpak — flatpakFlatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.2019-02-12not yet calculatedCVE-2019-8308
MISC
MISC
MISC
freebsd — freebsdIn FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.2019-02-12not yet calculatedCVE-2019-5596
FREEBSD
freebsd — freebsdIn FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.2019-02-12not yet calculatedCVE-2019-5595
FREEBSD
genivia — gsoapGenivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.2019-02-09not yet calculatedCVE-2019-7659
CONFIRM
gnome — keyring
 
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user’s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.2019-02-12not yet calculatedCVE-2018-20781
MISC
MISC
MISC
MISC
hgiga — oaklouds_mailsherlock
 
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.2019-02-11not yet calculatedCVE-2018-17542
CONFIRM
CONFIRM
hiawatha — hiawatha
 
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.2019-02-16not yet calculatedCVE-2019-8358
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.2019-02-15not yet calculatedCVE-2017-1695
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.2019-02-15not yet calculatedCVE-2018-1895
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.2019-02-15not yet calculatedCVE-2018-1701
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.2019-02-15not yet calculatedCVE-2018-1727
XF
CONFIRM
ibm — rational_clearcase
 
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.2019-02-15not yet calculatedCVE-2019-4059
XF
CONFIRM
jforum — jforumIn JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the “create user” function. If a register/check/username?username= request corresponds to a username that exists, then an “is already in use” error is produced. NOTE: this product is discontinued.2019-02-12not yet calculatedCVE-2019-7550
MISC
kunbus — pr100088_modbus_gatewayAn attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.2019-02-12not yet calculatedCVE-2019-6549
MISC
kunbus — pr100088_modbus_gatewayRegisters used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).2019-02-12not yet calculatedCVE-2019-6533
MISC
kunbus — pr100088_modbus_gatewayPR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.2019-02-12not yet calculatedCVE-2019-6527
MISC
mailmate — mailmate
 
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.2019-02-11not yet calculatedCVE-2018-15588
MISC
mambo — cms
 
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.2019-02-15not yet calculatedCVE-2013-2565
MISC
MISC
micco — lhmeltingUntrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5913
JVN
MISC
micco — unarj32.dllUntrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5912
JVN
MISC
micco — unlha32.dllUntrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2019-5911
JVN
MISC
micco — unlha32.dllUntrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2018-16189
JVN
MISC
micco —  unlha32.dll_and_unarj32.dll_and_lhmelting_and_lmlzh32.dll
 
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2019-02-13not yet calculatedCVE-2018-16190
JVN
MISC
MISC
MISC
MISC
micro_focus — solutions_business_manager
 
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-02-12not yet calculatedCVE-2018-19645
CONFIRM
msmtp — msmtp
 
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.2019-02-13not yet calculatedCVE-2019-8337
CONFIRM
multiple_vendors — runc
 
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.2019-02-11not yet calculatedCVE-2019-5736
BID
REDHAT
REDHAT
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DB
MISC
MISC
musicloud — musicloud
 
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).2019-02-16not yet calculatedCVE-2019-8389
MISC
open_source_solution_technology_corporation — openamOpen redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.2019-02-13not yet calculatedCVE-2019-5915
JVN
MISC
MISC
open_source_solution_technology_corporation — openamOpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.2019-02-13not yet calculatedCVE-2018-0696
JVN
MISC
MISC
phpscriptsmall.com — responsive_video_news_scriptPHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.2019-02-16not yet calculatedCVE-2019-8361
MISC
MISC
pmd — pmd
 
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)2019-02-11not yet calculatedCVE-2019-7722
MISC
qualcomm — snapdragonIf an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.2019-02-11not yet calculatedCVE-2018-11855
CONFIRM
qualcomm — snapdragonMalicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_20162019-02-11not yet calculatedCVE-2018-11847
BID
CONFIRM
rubygems — fileutilsVulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.2019-02-15not yet calculatedCVE-2013-2516
MISC
MISC
sap — abap_platform
 
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.2019-02-15not yet calculatedCVE-2019-0265
BID
MISC
MISC
sap — businessobjects
 
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.2019-02-15not yet calculatedCVE-2019-0259
BID
MISC
MISC
sap — disclosure_management
 
SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2019-02-15not yet calculatedCVE-2019-0258
BID
MISC
MISC
sap — disclosure_management
 
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0254
BID
MISC
MISC
sap — fiori_launchpad
 
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0251
BID
MISC
MISC
sap — hana_extended_application_services
 
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.2019-02-15not yet calculatedCVE-2019-0266
BID
MISC
MISC
sap — hana_extended_application_services
 
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).2019-02-15not yet calculatedCVE-2019-0261
BID
MISC
MISC
sap — manufacturing_integration_and_intelligence
 
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.2019-02-15not yet calculatedCVE-2019-0267
BID
MISC
MISC
sap — netweaver_as_abap_platform
 
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2019-02-15not yet calculatedCVE-2019-0257
BID
MISC
MISC
sap — netweaver_as_abap_platform
 
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is ‘Easy Access Menu’. The situation can be misused by any user to leverage privileges to business functionality.2019-02-15not yet calculatedCVE-2019-0255
BID
MISC
MISC
sap — webintelligence_bilaunchpad
 
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.2019-02-15not yet calculatedCVE-2019-0262
BID
MISC
MISC
sound_exchange_project — sound_exchangeAn issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.2019-02-15not yet calculatedCVE-2019-8357
MISC
sound_exchange_project — sound_exchangeAn issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.2019-02-15not yet calculatedCVE-2019-8354
MISC
sound_exchange_project — sound_exchangeAn issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.2019-02-15not yet calculatedCVE-2019-8356
MISC
sound_exchange_project — sound_exchangeAn issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.2019-02-15not yet calculatedCVE-2019-8355
MISC
tcpcrypt — boks
 
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.2019-02-08not yet calculatedCVE-2018-20764
CONFIRM
tcpreplay — tcpreplayAn issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8381
MISC
MISC
tcpreplay — tcpreplayAn issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8377
MISC
MISC
tcpreplay — tcpreplay
 
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-02-16not yet calculatedCVE-2019-8376
MISC
MISC
themerig — find_a_place_cms_directoryThemerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.2019-02-16not yet calculatedCVE-2019-8360
MISC
tibco — silver_fabric
 
The SOAP Admin API component of TIBCO Software Inc.’s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Silver Fabric: versions up to and including 5.8.1.2019-02-13not yet calculatedCVE-2018-12409
BID
MISC
CONFIRM
ua_parser_project — uap_core
 
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)2019-02-13not yet calculatedCVE-2018-20164
MISC
MISC
MISC
ubiquiti_networks — airmax_and_edgemax
 
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.2019-02-12not yet calculatedCVE-2017-0938
MISC
MISC
MISC
verydows — verydows
 
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.2019-02-16not yet calculatedCVE-2019-8363
MISC
wecon — levistudiouMultiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to NCCIC.2019-02-12not yet calculatedCVE-2019-6537
BID
MISC
wordpress — wordpressVulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.2019-02-15not yet calculatedCVE-2015-4617
MISC
MISC
wordpress — wordpress
 
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables2019-02-15not yet calculatedCVE-2015-4615
MISC
MISC
xerox — workcentre
 
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.2019-02-10not yet calculatedCVE-2018-20767
CONFIRM
xerox — workcentre
 
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.2019-02-10not yet calculatedCVE-2018-20768
CONFIRM
xerox — workcentre
 
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.2019-02-10not yet calculatedCVE-2018-20769
CONFIRM
xerox — workcentre
 
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.2019-02-10not yet calculatedCVE-2018-20771
CONFIRM
xerox — workcentre
 
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.2019-02-10not yet calculatedCVE-2018-20770
CONFIRM
yingzhi — python_programming_languageVulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone’s storage2019-02-15not yet calculatedCVE-2013-5654
MISC
MISC
yokogawa — multiple_productsLicense Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 – R6.06.00), CENTUM VP Entry Class (R5.01.00 – R6.06.00), ProSafe-RS (R3.01.00 – R4.04.00), PRM (R4.01.00 – R4.02.00), B/M9000 VP(R7.01.01 – R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.2019-02-13not yet calculatedCVE-2019-5909
MISC
BID
MISC
zoho_manageengine — servicedesk_plusZoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.2019-02-16not yet calculatedCVE-2019-8394
CONFIRM
zoho_manageengine — servicedesk_plusAn Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.2019-02-16not yet calculatedCVE-2019-8395
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.