SB19-091: Vulnerability Summary for the Week of March 25, 2019

Original release date: April 01, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abus — secvest_wireless_alarm_system_fuaa50000_firmwareDue to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.2019-03-2710.0CVE-2019-9863
MISC
apache — mesosA specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.2019-03-259.3CVE-2019-0204
BID
MLIST
atlassian — confluenceThe WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.2019-03-257.5CVE-2019-3395
MISC
atlassian — confluenceThe Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.2019-03-2510.0CVE-2019-3396
MISC
bluecms_project — bluecmsA SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.2019-03-287.5CVE-2019-10262
MISC
dlink — dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.2019-03-2510.0CVE-2019-10040
MISC
dlink — dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.2019-03-257.8CVE-2019-10042
MISC
dovecot — dovecotIn Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.2019-03-287.2CVE-2019-7524
MLIST
MISC
MISC
MLIST
BUGTRAQ
DEBIAN
flatpak — flatpakFlatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.2019-03-267.5CVE-2019-10063
MISC
fortinet — fortiportalA weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button2019-03-257.5CVE-2017-7342
CONFIRM
ghs — integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).2019-03-257.5CVE-2019-7713
MISC
MISC
ghs — integrity_rtosAn issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.2019-03-257.5CVE-2019-7714
MISC
MISC
github — githubThe Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product’s source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.2019-03-287.5CVE-2017-18365
MISC
MISC
hospira — mednetHospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.2019-03-2610.0CVE-2014-5401
MISC
hp — arcsight_loggerMitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.2019-03-257.5CVE-2019-3479
MISC
hp — arcsight_loggerMitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.2019-03-257.5CVE-2019-3481
MISC
hp — arcsight_loggerMitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.2019-03-257.2CVE-2019-3484
MISC
linux — linux_kernelAn issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG).2019-03-277.8CVE-2019-10124
MISC
BID
MISC
MISC
linux — linux_kernelAn issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.2019-03-2710.0CVE-2019-10125
MISC
microfocus — data_protectorRemote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.2019-03-257.5CVE-2019-3476
MISC
moodle — moodleA flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.2019-03-257.5CVE-2019-3809
CONFIRM
CONFIRM
CONFIRM
ovirt — vdsmA vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.2019-03-259.0CVE-2019-3831
CONFIRM
pfizer — symbiq_infusion_system_firmwareHospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger “unanticipated operations” by leveraging “elevated privileges” for an unspecified call to an incorrectly exposed function.2019-03-239.0CVE-2015-3965
MISC
redhat — ansibleAnsible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.2019-03-277.5CVE-2019-3828
CONFIRM
MISC
softnas — cloudSoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.2019-03-2310.0CVE-2019-9945
MISC
teclib-edition — gestionnaire_libre_de_parc_informatiqueTeclib GLPI through 9.3.3 has SQL injection via the “cycle” parameter in /scripts/unlock_tasks.php.2019-03-277.5CVE-2019-10232
MISC
tianocore — edk_iiBuffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.2019-03-277.5CVE-2019-0160
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
amazon_affiliate_store_project — amazon_affiliate_storePHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.2019-03-284.0CVE-2019-9864
MISC
baigo — baigo_ssobaigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.2019-03-246.5CVE-2019-10015
MISC
cmsmadesimple — cms_made_simpleCMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an “Add a new Profile” action to the File Picker.2019-03-244.3CVE-2019-10017
MISC
MISC
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.2019-03-266.8CVE-2019-9053
MISC
CONFIRM
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.2019-03-266.5CVE-2019-9055
MISC
CONFIRM
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.2019-03-266.5CVE-2019-9057
MISC
CONFIRM
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.2019-03-266.5CVE-2019-9058
MISC
CONFIRM
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting “sendmail” in the “Mailer” option, and launching the “Forgot your password” feature.2019-03-266.5CVE-2019-9059
MISC
CONFIRM
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the “install module” feature.2019-03-266.5CVE-2019-9061
MISC
CONFIRM
coreftp — core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a …. substring, allowing an attacker to enumerate file existence based on the returned information.2019-03-225.0CVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DB
coreftp — core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (….) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.2019-03-225.0CVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DB
dedecms — dedecmsIn DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.2019-03-244.0CVE-2019-10014
MISC
dlink — dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.2019-03-255.0CVE-2019-10039
MISC
dlink — dir-816_firmwareThe D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.2019-03-255.0CVE-2019-10041
MISC
dovecot — dovecotIt was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.2019-03-274.9CVE-2019-3814
CONFIRM
MISC
eclipse — jettyIn Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.2019-03-275.0CVE-2018-12545
CONFIRM
eclipse — mosquittoIn Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.2019-03-275.0CVE-2017-7655
CONFIRM
eclipse — mosquittoIn Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.2019-03-274.0CVE-2018-12546
CONFIRM
eclipse — mosquittoWhen Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.2019-03-276.8CVE-2018-12550
CONFIRM
eclipse — mosquittoWhen Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.2019-03-276.8CVE-2018-12551
CONFIRM
elastic — elasticsearchA permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.2019-03-256.8CVE-2019-7611
MISC
MISC
faststone — image_viewerFastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.2019-03-264.3CVE-2018-15813
MISC
faststone — image_viewerFastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.2019-03-264.3CVE-2018-15814
MISC
faststone — image_viewerFastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.2019-03-264.3CVE-2018-15815
MISC
faststone — image_viewerFastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.2019-03-264.3CVE-2018-15816
MISC
faststone — image_viewerFastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.2019-03-264.3CVE-2018-15817
MISC
fedoraproject — fedoraA vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.2019-03-274.3CVE-2019-3877
CONFIRM
CONFIRM
CONFIRM
UBUNTU
fedoraproject — fedoraA vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.2019-03-266.8CVE-2019-3878
CONFIRM
CONFIRM
UBUNTU
fortinet — fortiportalA Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.2019-03-254.3CVE-2017-7340
CONFIRM
gforge — advanced_serverGForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.2019-03-244.3CVE-2019-10016
MISC
ghs — integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command “prompt” sets the (user controlled) shell’s prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.2019-03-255.0CVE-2019-7711
MISC
MISC
ghs — integrity_rtosAn issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.2019-03-255.0CVE-2019-7712
MISC
MISC
ghs — integrity_rtosAn issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.2019-03-255.0CVE-2019-7715
MISC
MISC
gitlab — gitlabGitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.2019-03-265.0CVE-2018-19856
MISC
MISC
gitlab — gitlabGitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.2019-03-285.0CVE-2018-20144
MISC
MISC
MISC
gitlab — gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.2019-03-255.0CVE-2019-6240
MISC
MISC
gnu — gnutlsA vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.2019-03-275.0CVE-2019-3829
CONFIRM
CONFIRM
FEDORA
FEDORA
MISC
gnu — tarpax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.2019-03-225.0CVE-2019-9923
MISC
MISC
MISC
harmistechnology — je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.2019-03-296.4CVE-2019-9918
MISC
MISC
hashicorp — consulHashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.2019-03-265.8CVE-2019-9764
MISC
hp — arcsight_loggerMitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.2019-03-254.3CVE-2019-3480
MISC
hp — arcsight_loggerMitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.2019-03-256.8CVE-2019-3482
MISC
hp — arcsight_loggerMitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.2019-03-256.8CVE-2019-3483
MISC
hp — isaac_mizrahi_smartwatchA potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.2019-03-275.0CVE-2017-2748
CONFIRM
hp — remote_graphics_softwareA potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.2019-03-276.4CVE-2018-5926
CONFIRM
hp — support_assistantHP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.2019-03-274.1CVE-2018-5927
CONFIRM
ibm — api_connectIBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.2019-03-225.0CVE-2019-4052
CONFIRM
BID
XF
ibm — content_navigatorIBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.2019-03-226.4CVE-2019-4035
CONFIRM
BID
XF
ibm — websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.2019-03-255.0CVE-2019-4046
BID
XF
CONFIRM
imagemagick — imagemagickIn ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.2019-03-236.8CVE-2019-9956
BID
MISC
jenzabar — internet_campus_solutionJenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICSICS.NETICSFileServer/moxiemanager directory.2019-03-256.0CVE-2019-10012
MISC
MISC
laravel — frameworkLaravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.2019-03-286.5CVE-2018-6330
MISC
MISC
librenms — librenmsLibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.2019-03-286.5CVE-2018-20678
MISC
MISC
libreoffice — libreofficeIt was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.2019-03-256.8CVE-2018-16858
CONFIRM
MISC
libssh2 — libssh2An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-256.8CVE-2019-3856
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
libssh2 — libssh2An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-256.8CVE-2019-3857
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
libssh2 — libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-256.4CVE-2019-3860
SUSE
CONFIRM
MLIST
CONFIRM
MISC
libssh2 — libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-256.4CVE-2019-3861
SUSE
CONFIRM
MLIST
CONFIRM
MISC
libssh2 — libssh2A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.2019-03-256.8CVE-2019-3863
SUSE
REDHAT
CONFIRM
MLIST
CONFIRM
MISC
misp — mispIn MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.2019-03-284.3CVE-2019-10254
MISC
MISC
moodle — moodleA flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The ‘manage groups’ capability did not have the ‘XSS risk’ flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.2019-03-254.0CVE-2019-3808
CONFIRM
CONFIRM
CONFIRM
moodle — moodleA flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users’ full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.2019-03-255.0CVE-2019-3810
CONFIRM
CONFIRM
CONFIRM
moodle — moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the “login as other users” capability (such as administrators/managers) can access other users’ Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.2019-03-276.5CVE-2019-3847
CONFIRM
MISC
moodle — moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.2019-03-265.8CVE-2019-3850
CONFIRM
MISC
moodle — moodleA vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme’s secure layout, meaning students could navigate out of the page.2019-03-264.0CVE-2019-3851
CONFIRM
MISC
moodle — moodleA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities2019-03-264.0CVE-2019-3852
CONFIRM
MISC
myadrenalin — adrenalinA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.2019-03-254.3CVE-2018-12652
MISC
myadrenalin — adrenalinA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter.2019-03-254.3CVE-2018-12653
MISC
nagios — nagios_xiCommand injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.2019-03-286.5CVE-2019-9164
CONFIRM
CONFIRM
omron — poweract_pro_master_agentPowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.2019-03-274.0CVE-2018-16207
MISC
MISC
MISC
opentext — opentext_portalCross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.2019-03-224.3CVE-2018-20165
MISC
ovirt — ovirtIn ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.2019-03-254.0CVE-2017-7510
CONFIRM
ovirt — ovirtIt was discovered that in the ovirt’s REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.2019-03-255.5CVE-2019-3879
BID
CONFIRM
portainer — portainerA vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.2019-03-275.0CVE-2018-19466
MISC
MISC
MISC
python — pythonAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with rn (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.2019-03-234.3CVE-2019-9947
MISC
python — pythonurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(‘local_file:///etc/passwd’) call.2019-03-236.4CVE-2019-9948
BID
MISC
MISC
redhat — ansible_towerWhen running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.2019-03-284.0CVE-2019-3869
CONFIRM
MISC
s-cms — s-cmsS-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.2019-03-276.8CVE-2019-10237
MISC
select2 — select2In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.2019-03-274.3CVE-2016-10744
MISC
MISC
MISC
sitemagic — sitemagicSitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.2019-03-274.3CVE-2019-10238
MISC
sqlite — sqliteIn SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.2019-03-225.0CVE-2019-9936
BID
MISC
MISC
MISC
sqlite — sqliteIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.2019-03-225.0CVE-2019-9937
BID
MISC
MISC
MISC
symfony — twigA sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.2019-03-234.3CVE-2019-9942
MISC
BUGTRAQ
MISC
DEBIAN
tianocore — edk_iiBuffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.2019-03-276.4CVE-2018-12178
SUSE
CONFIRM
tianocore — edk_iiStack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-274.6CVE-2018-12183
CONFIRM
tianocore — edk_iiLogic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-274.6CVE-2018-3613
CONFIRM
totaljs — total.js_cmsTotal.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).2019-03-284.3CVE-2019-10260
MISC
MISC
shareit — shareitThe SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public “open” Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.2019-03-225.8CVE-2019-9939
MISC
verifone — verix_multi-app_conductorThe Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.2019-03-256.8CVE-2019-10060
MISC
w1.fi — hostapdhostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.2019-03-235.0CVE-2016-10743
MLIST
MISC
weban — anDirectory traversal vulnerability in ‘an’ App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2019-03-275.0CVE-2019-5927
MISC
MISC
xnview — xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.2019-03-236.8CVE-2019-9966
MISC
xnview — xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.2019-03-236.8CVE-2019-9967
MISC
xnview — xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.2019-03-236.8CVE-2019-9968
MISC
xnview — xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.2019-03-236.8CVE-2019-9969
MISC
xnview — xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.2019-03-236.8CVE-2019-9962
MISC
xnview — xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.2019-03-236.8CVE-2019-9963
MISC
xnview — xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.2019-03-236.8CVE-2019-9964
MISC
xnview — xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.2019-03-236.8CVE-2019-9965
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.2019-03-244.3CVE-2019-10018
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.2019-03-244.3CVE-2019-10019
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.2019-03-244.3CVE-2019-10020
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.2019-03-244.3CVE-2019-10021
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.2019-03-244.3CVE-2019-10022
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.2019-03-244.3CVE-2019-10023
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.2019-03-244.3CVE-2019-10024
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.2019-03-244.3CVE-2019-10025
MISC
xpdfreader — xpdfAn issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.2019-03-244.3CVE-2019-10026
MISC
znc — zncZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.2019-03-274.0CVE-2019-9917
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abus — secvest_wireless_alarm_system_fuaa50000_firmwareAn issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because “encrypted signal transmission” is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).2019-03-273.3CVE-2019-9862
MISC
centos-webpanel — centos_web_panelCentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the “Package Name” field via the add_package module parameter.2019-03-263.5CVE-2019-7646
MISC
MISC
EXPLOIT-DB
cmsmadesimple — cms_made_simpleCMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager “Name” field, which is reachable via a “Create a new Template” action to the Design Manager.2019-03-263.5CVE-2019-10105
MISC
cmsmadesimple — cms_made_simpleCMS Made Simple 2.2.10 has XSS via the ‘moduleinterface.php’ Name field, which is reachable via an “Add Category” action to the “Site Admin Settings – News module” section.2019-03-263.5CVE-2019-10106
MISC
cmsmadesimple — cms_made_simpleCMS Made Simple 2.2.10 has XSS via the myaccount.php “Email Address” field, which is reachable via the “My Preferences -> My Account” section.2019-03-263.5CVE-2019-10107
MISC
drupal — drupalIn Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.2019-03-263.5CVE-2019-6341
CONFIRM
gnome — gvfsAn incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user’s knowledge. Successful exploitation requires uncommon system configuration.2019-03-253.3CVE-2019-3827
CONFIRM
CONFIRM
online_lottery_php_readymade_script_project — online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.2019-03-293.5CVE-2019-9605
MISC
paloaltonetworks — expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.2019-03-263.5CVE-2019-1569
BID
MISC
MISC
paloaltonetworks — expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.2019-03-263.5CVE-2019-1570
BID
CONFIRM
MISC
paloaltonetworks — expeditionThe Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.2019-03-263.5CVE-2019-1571
BID
CONFIRM
MISC
phpcms — phpcmsPHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.2019-03-243.5CVE-2019-10027
MISC
MISC
redhat — libvirtA NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.2019-03-273.5CVE-2019-3840
CONFIRM
CONFIRM
CONFIRM
tianocore — edk_iiStack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.2019-03-272.1CVE-2019-0161
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abine_blur — abine_blur
 
Abine Blur 7.8.2431 allows remote attackers to conduct “Second-Factor Auth Bypass” attacks by using the “Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app.” approach, related to a “Multifactor Auth Bypass, Full Disk Encryption Bypass” issue affecting the Affected Chrome Plugin component.2019-03-29not yet calculatedCVE-2019-6481
MISC
FULLDISC
MISC
MISC
abus — secvest_remote_controlDue to unencrypted signal communication and predictability of rolling codes, an attacker can “desynchronize” an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.2019-03-27not yet calculatedCVE-2019-9860
MISC
adtran — netconf_pmaa_access_managementAn issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.2019-03-27not yet calculatedCVE-2018-19648
CONFIRM
apache — activemqIn Apache ActiveMQ 5.0.0 – 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.2019-03-28not yet calculatedCVE-2019-0222
CONFIRM
MLIST
BID
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache — hbase_rest_serverIn all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server.2019-03-28not yet calculatedCVE-2019-0212
MLIST
BID
CONFIRM
apache — jspwikiA specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users’ details.2019-03-28not yet calculatedCVE-2019-0225
MLIST
BID
CONFIRM
MLIST
MLIST
MLIST
MLIST
apache — jspwikiIn Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user’s session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else’s browser; only on its own browser.2019-03-28not yet calculatedCVE-2019-0224
BID
CONFIRM
MLIST
MLIST
apache — kibanaKibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2019-03-25not yet calculatedCVE-2019-7608
MISC
MISC
apache — kibanaKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.2019-03-25not yet calculatedCVE-2019-7609
MISC
MISC
apache — kibanaKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.2019-03-25not yet calculatedCVE-2019-7610
MISC
MISC
atlassian — crowdThe administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.2019-03-29not yet calculatedCVE-2017-18108
MISC
atlassian — crowdThe console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user’s JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.2019-03-29not yet calculatedCVE-2017-18105
MISC
atlassian — crowdThe administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.2019-03-29not yet calculatedCVE-2017-18110
MISC
atlassian — crowdThe login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.2019-03-29not yet calculatedCVE-2017-18109
MISC
atlassian — crowdThe identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user’s session provided they can make their identifier hash collide with another user’s session identifier hash.2019-03-29not yet calculatedCVE-2017-18106
MISC
atlassian_application_linksThe OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.2019-03-29not yet calculatedCVE-2017-18111
MISC
axtls — axtls
 
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.2019-03-25not yet calculatedCVE-2019-8981
MISC
MISC
MISC
bash — bash
 
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.2019-03-22not yet calculatedCVE-2019-9924
MISC
MISC
MLIST
baxter — sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5434
MISC
baxter — sigma_spectrum_infusion_systemAn unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5433
MISC
baxter — sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5432
MISC
baxter — sigma_spectrum_infusion_systemBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.2019-03-26not yet calculatedCVE-2014-5431
MISC
burrows-wheeler_aligner — burrows-wheeler_aligner
 
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.2019-03-29not yet calculatedCVE-2019-10269
MISC
cisco — aggregation_services_router_900_route_switch_processor_3A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.2019-03-27not yet calculatedCVE-2019-1749
BID
CISCO
cisco — catalyst_4500_series_switchesA vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1750
BID
CISCO
cisco — catalyst_6500_series_switchesA vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.2019-03-27not yet calculatedCVE-2019-1758
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.2019-03-27not yet calculatedCVE-2019-1757
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.2019-03-27not yet calculatedCVE-2019-1746
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1739
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1738
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1745
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.2019-03-27not yet calculatedCVE-2019-1752
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.2019-03-27not yet calculatedCVE-2019-1747
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.2019-03-27not yet calculatedCVE-2019-1748
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.2019-03-27not yet calculatedCVE-2019-1737
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.2019-03-27not yet calculatedCVE-2019-1762
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.2019-03-27not yet calculatedCVE-2019-1761
BID
CISCO
cisco — ios_and_ios_xe_softwareA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1740
BID
CISCO
cisco — ios_softwareA vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition.2019-03-27not yet calculatedCVE-2019-1751
BID
CISCO
cisco — ios_xe_softwareA vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.2019-03-27not yet calculatedCVE-2019-1741
BID
CISCO
cisco — ios_xe_softwareA vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1754
BID
CISCO
cisco — ios_xe_softwareA vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.2019-03-27not yet calculatedCVE-2019-1760
BID
CISCO
cisco — ios_xe_softwareA vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.2019-03-27not yet calculatedCVE-2019-1759
CISCO
cisco — ios_xe_softwareA vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.2019-03-27not yet calculatedCVE-2019-1742
BID
CISCO
cisco — ios_xe_softwareA vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.2019-03-27not yet calculatedCVE-2019-1755
BID
CISCO
cisco — ios_xe_softwareA vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.2019-03-27not yet calculatedCVE-2019-1756
BID
CISCO
cisco — ios_xe_softwareA vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1743
BID
CISCO
cisco — ios_xe_softwareA vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device’s web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.2019-03-27not yet calculatedCVE-2019-1753
BID
CISCO
civetweb — civetweb
 
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.2019-03-27not yet calculatedCVE-2019-3821
CONFIRM
MISC
cockpit-project — cockpitIt was found that cockpit before version 184 used glib’s base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.2019-03-26not yet calculatedCVE-2019-3804
CONFIRM
CONFIRM
CONFIRM
commonmark — commonmark
 
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.2019-03-24not yet calculatedCVE-2019-10010
MISC
MISC
d-link — routers
 
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users’ DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).2019-03-25not yet calculatedCVE-2019-7642
MISC
dell — networking_os10Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system.2019-03-28not yet calculatedCVE-2019-3710
MISC
digium — asteriskAn Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.2019-03-28not yet calculatedCVE-2019-7251
CONFIRM
CONFIRM
elastic — logstachA sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.2019-03-25not yet calculatedCVE-2019-7612
MISC
MISC
elastic — winlogbeat
 
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.2019-03-25not yet calculatedCVE-2019-7613
MISC
MISC
electric_coin_company — zcashZcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.2019-03-26not yet calculatedCVE-2019-7167
MISC
MISC
enttec — datagate_mk2_and_storm_24_and_pixelatorENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.2019-03-28not yet calculatedCVE-2019-6542
MISC
extensible_firmware_interface — development_kitInsufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-27not yet calculatedCVE-2018-12182
CONFIRM
extensible_firmware_interface — development_kitStack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.2019-03-27not yet calculatedCVE-2018-12181
CONFIRM
extensible_firmware_interface — development_kitBuffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.2019-03-27not yet calculatedCVE-2018-12180
SUSE
CONFIRM
extensible_firmware_interface — development_kit
 
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.2019-03-27not yet calculatedCVE-2018-12179
CONFIRM
f5 — multiple_big-ip_productsIn BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.2019-03-28not yet calculatedCVE-2019-6602
BID
MISC
f5 — multiple_big-ip_productsOn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.2019-03-28not yet calculatedCVE-2019-6605
BID
MISC
f5 — multiple_big-ip_productsOn BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.2019-03-28not yet calculatedCVE-2019-6606
BID
MISC
f5 — multiple_big-ip_productsOn BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.2019-03-28not yet calculatedCVE-2019-6607
BID
MISC
f5 — multiple_productsOn BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.2019-03-28not yet calculatedCVE-2019-6608
MISC
f5 — multiple_productsIn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.2019-03-28not yet calculatedCVE-2019-6603
BID
MISC
f5 — multiple_productsOn BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.2019-03-28not yet calculatedCVE-2019-6604
MISC
flatcore — flatcore-cms
 
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.2019-03-30not yet calculatedCVE-2019-10652
MISC
forcepoint — email_securityA password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.2019-03-28not yet calculatedCVE-2018-16529
MISC
CONFIRM
gnuboard5 — gnuboard5Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.2019-03-25not yet calculatedCVE-2018-15583
CONFIRM
CONFIRM
gnuboard5 — gnuboard5Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.2019-03-27not yet calculatedCVE-2018-15585
MISC
MISC
MISC
grandstream — gwn7000_and_gwn7610_devicesGrandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.2019-03-30not yet calculatedCVE-2019-10657
MISC
grandstream — gwn7000_devicesGrandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10656
MISC
grandstream — gwn7610_devicesGrandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10658
MISC
grandstream — gxv3370_and_wp80_devicesGrandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.2019-03-30not yet calculatedCVE-2019-10659
MISC
grandstream — gxv3611ir_hd_devicesGrandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.2019-03-30not yet calculatedCVE-2019-10660
MISC
grandstream — gxv3611ir_hd_devicesOn Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.2019-03-30not yet calculatedCVE-2019-10661
MISC
grandstream — multiple_devices
 
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.2019-03-30not yet calculatedCVE-2019-10655
MISC
MISC
grandstream — ucm6204_devicesGrandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10662
MISC
grandstream — ucm6204_devicesGrandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10663
MISC
honeywell — experion_pksMultiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-03-25not yet calculatedCVE-2014-9187
MISC
honeywell — experion_pksMultiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-03-25not yet calculatedCVE-2014-9189
MISC
hospira — lifecare_pca_infusion_systemWireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.2019-03-25not yet calculatedCVE-2015-1012
MISC
hospira — plum_and_symbiq_infusion_systemsWireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3952
MISC
hospira — plum_and_symbiq_infusion_systemsHard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3953
MISC
hospira — plum_and_symbiq_infusion_systemsHospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3954
MISC
hospira — plum_and_symbiq_infusion_systemsHospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.2019-03-25not yet calculatedCVE-2015-3956
MISC
hp_development_company — multiple_printers
 
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.2019-03-27not yet calculatedCVE-2018-5923
CONFIRM
hp_development_company — tommy_hilfiger_th24/7_android_appA potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.2019-03-27not yet calculatedCVE-2017-2752
CONFIRM
hybbs — hybbs
 
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.2019-03-29not yet calculatedCVE-2019-10644
MISC
imagemagick — imagemagickIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.2019-03-30not yet calculatedCVE-2019-10650
BID
MISC
imagemagick — imagemagickIn ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.2019-03-30not yet calculatedCVE-2019-10649
BID
MISC
jboss — management_consoleA cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.2019-03-27not yet calculatedCVE-2018-10934
CONFIRM
jenkins — jenkinsA vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.2019-03-28not yet calculatedCVE-2019-1003048
MLIST
BID
MISC
jenkins — jenkinsA missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-03-28not yet calculatedCVE-2019-1003047
MLIST
BID
MISC
jenkins — jenkinsA cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.2019-03-28not yet calculatedCVE-2019-1003046
MLIST
BID
MISC
jenkins — jenkinsA vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin’s configuration.2019-03-28not yet calculatedCVE-2019-1003045
MLIST
BID
MISC
jenkins — jenkinsA cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-03-28not yet calculatedCVE-2019-1003044
MLIST
BID
MISC
jenkins — jenkinsA missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-03-28not yet calculatedCVE-2019-1003043
MLIST
BID
MISC
jenkins — jenkinsA cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.2019-03-28not yet calculatedCVE-2019-1003042
MLIST
BID
MISC
jenkins — jenkinsA sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.2019-03-28not yet calculatedCVE-2019-1003041
MLIST
BID
MISC
jenkins — jenkins
 
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.2019-03-28not yet calculatedCVE-2019-1003040
MLIST
BID
MISC
jenzabar — internet_campus_solutionICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.2019-03-25not yet calculatedCVE-2019-10011
MISC
joomla! — joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.2019-03-29not yet calculatedCVE-2019-9921
MISC
MISC
joomla! — joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.2019-03-29not yet calculatedCVE-2019-9922
MISC
MISC
joomla! — joomla!An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.2019-03-29not yet calculatedCVE-2019-9920
MISC
MISC
joomla! — joomla!
 
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.2019-03-29not yet calculatedCVE-2019-9919
MISC
MISC
kentico — kentico
 
An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.2019-03-26not yet calculatedCVE-2019-10068
MISC
kinagacms — kinagacms
 
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2019-03-27not yet calculatedCVE-2019-5926
MISC
MISC
MISC
kubevirt — virt-cdi-importerKubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content.2019-03-25not yet calculatedCVE-2019-3841
CONFIRM
MISC
lcds — laquis_scadaOpening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.2019-03-27not yet calculatedCVE-2019-6536
MISC
lcds — laquis_scada
 
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration.2019-03-27not yet calculatedCVE-2018-18994
MISC
linux — linux_kernelThe SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.2019-03-25not yet calculatedCVE-2019-3874
CONFIRM
lrzip — lrzip
 
The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.2019-03-30not yet calculatedCVE-2019-10654
MISC
marel — food_processing_systemsSystems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.2019-03-27not yet calculatedCVE-2017-9626
MISC
mcafee — network_security_managerAuthentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.2019-03-26not yet calculatedCVE-2019-3597
BID
CONFIRM
mcafee — network_security_managerData Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.2019-03-26not yet calculatedCVE-2019-3606
BID
CONFIRM
medtronic — multiple_devicesThe Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product?s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.2019-03-25not yet calculatedCVE-2019-6538
BID
CONFIRM
medtronic — multiple_devicesThe Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.2019-03-26not yet calculatedCVE-2019-6540
BID
MISC
micro_focus — solutions_business_managerReflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19644
CONFIRM
micro_focus — solutions_business_managerUnauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19641
CONFIRM
micro_focus — solutions_business_managerInformation leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19643
CONFIRM
micro_focus — solutions_business_managerDenial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.2019-03-27not yet calculatedCVE-2018-19642
CONFIRM
moodle — moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.2019-03-26not yet calculatedCVE-2019-3849
CONFIRM
MISC
moodle — moodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar’s edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)2019-03-26not yet calculatedCVE-2019-3848
CONFIRM
MISC
mybb — mybbA reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the ‘username’ parameter.2019-03-29not yet calculatedCVE-2018-19201
MISC
node-opencv — node-opencv
 
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.2019-03-25not yet calculatedCVE-2019-10061
MISC
MISC
MISC
node.js — node.jsKeep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.2019-03-28not yet calculatedCVE-2019-5739
SUSE
MISC
node.js — node.js
 
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11.2019-03-28not yet calculatedCVE-2019-5737
SUSE
MISC
nvidia — geforce_experienceNVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.2019-03-28not yet calculatedCVE-2019-5674
BID
CONFIRM
opensynergy — blue_sdkThe L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.2019-03-29not yet calculatedCVE-2018-20378
MISC
CONFIRM
opto_22 — multiple_productsA specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.2019-03-25not yet calculatedCVE-2015-1007
MISC
phoenix_contact — multiple_productsAn issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.2019-03-26not yet calculatedCVE-2019-9743
BID
MISC
phoenix_contact — multiple_productsAn issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.2019-03-26not yet calculatedCVE-2019-9744
MISC
phpfk — phpfk
 
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.2019-03-27not yet calculatedCVE-2017-18364
MISC
phpscriptsmall.com — online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.2019-03-29not yet calculatedCVE-2019-9604
MISC
project_jupyter — jupyter_notebook_and_jupyterhub
 
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.2019-03-28not yet calculatedCVE-2019-10255
MISC
MISC
MISC
MISC
MISC
prometheus — prometheus
 
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.2019-03-26not yet calculatedCVE-2019-3826
CONFIRM
CONFIRM
CONFIRM
provisio — sitekioskAn elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.2019-03-29not yet calculatedCVE-2018-18766
CONFIRM
red_hat — ansible_towerIt was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.2019-03-25not yet calculatedCVE-2019-3838
REDHAT
MISC
CONFIRM
FEDORA
FEDORA
red_hat — ansible_towerIt was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.2019-03-25not yet calculatedCVE-2019-3835
REDHAT
MISC
CONFIRM
FEDORA
FEDORA
red_hat — openstack_platform_directorIn a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.2019-03-26not yet calculatedCVE-2018-16856
CONFIRM
robocode — robocode
 
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.2019-03-30not yet calculatedCVE-2019-10648
MISC
MISC
rockwell_automation — ethernet/ip_web_server_modulesRockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.2019-03-27not yet calculatedCVE-2018-19016
MISC
rockwell_automation — factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2807
MISC
rockwell_automation — factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2806
MISC
rockwell_automation — factorytalk_services_platform_and_rslinx_enterprise_productsRockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/5375992019-03-26not yet calculatedCVE-2013-2805
MISC
rockwell_automation — plc-5_and_slc_5/0x_controllersThe potential exists for exposure of the product’s password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation’s FactoryTalk Security services.2019-03-26not yet calculatedCVE-2010-5305
MISC
rpm-software-management — libcomps
 
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.2019-03-27not yet calculatedCVE-2019-3817
CONFIRM
CONFIRM
CONFIRM
rubyonrails — railsA remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.2019-03-27not yet calculatedCVE-2019-5420
CONFIRM
CONFIRM
rubyonrails — railsThere is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.2019-03-27not yet calculatedCVE-2019-5419
MLIST
CONFIRM
MLIST
CONFIRM
rubyonrails — rails
 
There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.2019-03-27not yet calculatedCVE-2019-5418
MISC
MLIST
CONFIRM
MLIST
CONFIRM
EXPLOIT-DB
schneider_electric — opc_factory_serverA successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.2019-03-25not yet calculatedCVE-2015-1014
MISC
shareit — shareitThe SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public “open” Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a “recognized device.”2019-03-22not yet calculatedCVE-2019-9938
MISC
siemens — scalanceA vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions 2019-03-26not yet calculatedCVE-2019-6569
BID
MISC
signal — private_messenger_and_desktopOpen Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-23not yet calculatedCVE-2019-9970
BID
MISC
snipe-it — snipe-it
 
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user’s last name in the API.2019-03-27not yet calculatedCVE-2019-10118
MISC
symantec_norton — coreNorton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.2019-03-29not yet calculatedCVE-2019-9695
BID
CONFIRM
system_security_services_daemon — system_security_services_daemon
 
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.2019-03-25not yet calculatedCVE-2018-16838
CONFIRM
teclib_group — glpiTeclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.2019-03-27not yet calculatedCVE-2019-10233
MISC
MISC
teclib_group — glpiTeclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).2019-03-27not yet calculatedCVE-2019-10231
MISC
MISC
teclib_group — glpiThe FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.2019-03-29not yet calculatedCVE-2019-10477
MISC
MISC
MISC
MISC
MISC
telegram — telegramTelegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-25not yet calculatedCVE-2019-10044
BID
MISC
telemetry — ceilometerA vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.2019-03-26not yet calculatedCVE-2019-3830
CONFIRM
teltonika — rtu9xx_devicesAn issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user’s password.2019-03-28not yet calculatedCVE-2018-19879
MISC
MISC
tenable — nagios_xiSQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.2019-03-28not yet calculatedCVE-2019-9204
CONFIRM
tenable — nagios_xiAuthorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.2019-03-28not yet calculatedCVE-2019-9203
CONFIRM
tenable — nagios_xiNagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.2019-03-28not yet calculatedCVE-2019-9202
CONFIRM
tenable — nagios_xiPrivilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.2019-03-28not yet calculatedCVE-2019-9166
CONFIRM
CONFIRM
tenable — nagios_xiCross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.2019-03-28not yet calculatedCVE-2019-9167
CONFIRM
CONFIRM
tenable — nagios_xiSQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.2019-03-28not yet calculatedCVE-2019-9165
CONFIRM
CONFIRM
tesla — model_3_vehiclesThe renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.2019-03-24not yet calculatedCVE-2019-9977
BID
MISC
MISC
tibco_software — tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.’s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8989
BID
MISC
MISC
tibco_software — tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.’s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.’s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8988
BID
MISC
MISC
tibco_software — tibco_data_science_for_aws_and_tibco_spotfire_data_scienceThe application server component of TIBCO Software Inc.’s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.’s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.2019-03-26not yet calculatedCVE-2019-8987
BID
MISC
MISC
tp-link — tl-wr840n_devicesTP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an “nmap -f” command.2019-03-29not yet calculatedCVE-2018-15840
MISC
ucweb — uc_browserUCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks.2019-03-28not yet calculatedCVE-2019-10250
MISC
ucweb — uc_browserThe UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks.2019-03-28not yet calculatedCVE-2019-10251
MISC
MISC
wecon_technology — pi_studioWECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.2019-03-27not yet calculatedCVE-2018-14814
MISC
western_bridge_cobub_razor — western_bridge_cobub_razor
 
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.2019-03-29not yet calculatedCVE-2019-10276
MISC
MISC
wikindx — wikindx
 
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.2019-03-26not yet calculatedCVE-2019-9961
MISC
CONFIRM
wolf — cms
 
Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.2019-03-29not yet calculatedCVE-2019-10646
MISC
wordpress — wordpress
 
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf WordPress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.2019-03-27not yet calculatedCVE-2019-1000031
MISC
BUGTRAQ
wordpress — wordpress
 
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf WordPress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file’s path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.2019-03-27not yet calculatedCVE-2019-1010257
MISC
BUGTRAQ
MISC
wordpress — wordpress
 
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.2019-03-24not yet calculatedCVE-2019-9978
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zoho — manageengine_servicedesk_plusManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.2019-03-25not yet calculatedCVE-2017-9376
BID
MISC
zoho — manageengine_servicedesk_plusManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.2019-03-25not yet calculatedCVE-2017-9362
MISC
zzzcms — zzzphpZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).2019-03-30not yet calculatedCVE-2019-10647
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.