SB19-105: Vulnerability Summary for the Week of April 8, 2019

Original release date: April 15, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech — webaccessAdvantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.2019-04-097.5CVE-2019-3940
BID
MISC
advantech — webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6550
MISC
advantech — webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6552
MISC
airsonic_project — airsonicIn Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.2019-04-077.5CVE-2019-10908
MISC
apache — http_serverIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.2019-04-087.2CVE-2019-0211
SUSE
MISC
MISC
MISC
MISC
MLIST
BID
REDHAT
MISC
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
BUGTRAQ
CONFIRM
UBUNTU
DEBIAN
EXPLOIT-DB
capsuletech — smartlinx_neuron_2_firmwareA restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running version 6.9.1. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.2019-04-117.2CVE-2019-5024
MISC
f5 — big-ip_access_policy_managerOn versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the BIG-IP system is vulnerable to a denial of service attack when performing URL classification using the APM module.2019-04-119.0CVE-2019-6610
CONFIRM
forcepoint — email_securityA configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.2019-04-097.5CVE-2019-6140
MISC
fortinet — fortiosA privilege escalation vulnerability in Fortinet FortiOS all versions below 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations.2019-04-099.0CVE-2017-17544
BID
MISC
gatship — web_moduleGAT-Ship Web Module before 1.40 suffers from a vulnerability allowing attackers to upload any file type, leading to privilege escalation.2019-04-097.5CVE-2019-11028
MISC
glory-global — rbw-100_firmwareAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.2019-04-059.0CVE-2019-10478
MISC
glory-global — rbw-100_firmwareAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.2019-04-0510.0CVE-2019-10479
MISC
gnu — glibcThe getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.2019-04-107.5CVE-2005-3590
BID
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.2019-04-087.5CVE-2019-11005
MISC
MISC
ibm — api_connectIBM API Connect’s Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.2019-04-087.5CVE-2019-4155
CONFIRM
BID
XF
ibm — bigfix_platformIBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.2019-04-109.0CVE-2019-4013
CONFIRM
XF
ibm — infosphere_information_server_on_cloudIBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.2019-04-107.5CVE-2018-1994
XF
CONFIRM
ibm — sterling_connect:directIBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.2019-04-107.2CVE-2018-1903
CONFIRM
XF
jfrog — artifactoryAn issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory’s API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.2019-04-117.5CVE-2019-9733
MISC
CONFIRM
CONFIRM
joomla — joomla!An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.2019-04-107.5CVE-2019-10945
MISC
juniper — junosA certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.2019-04-107.5CVE-2019-0008
CONFIRM
lighttpd — lighttpdlighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c.2019-04-107.5CVE-2019-11072
MISC
MISC
magento — magentoAn unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. This issue is fixed in Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.2.8, Magento 2.3.1.2019-04-107.5CVE-2019-7139
MISC
matrixssl — matrixsslpubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure TLS Toolkit, through 4.0.2 Open has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.2019-04-087.5CVE-2019-10914
MISC
MISC
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0611.2019-04-087.6CVE-2019-0592
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0609
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0592.2019-04-087.6CVE-2019-0611
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.2019-04-097.6CVE-2019-0739
BID
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0769
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0771
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783.2019-04-087.6CVE-2019-0773
CONFIRM
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0806
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0810
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0812
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0829
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861.2019-04-097.6CVE-2019-0860
BID
MISC
microsoft — chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860.2019-04-097.6CVE-2019-0861
BID
MISC
microsoft — edgeA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0770
CONFIRM
microsoft — edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ‘Microsoft Edge Memory Corruption Vulnerability’.2019-04-087.6CVE-2019-0779
CONFIRM
microsoft — edgeA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’.2019-04-087.6CVE-2019-0780
CONFIRM
microsoft — excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0828
MISC
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0639
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772.2019-04-087.6CVE-2019-0665
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.2019-04-087.6CVE-2019-0666
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.2019-04-087.6CVE-2019-0667
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0680
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.2019-04-097.6CVE-2019-0752
MISC
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.2019-04-097.6CVE-2019-0753
MISC
microsoft — internet_explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’.2019-04-087.6CVE-2019-0763
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773.2019-04-087.6CVE-2019-0783
CONFIRM
microsoft — internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.2019-04-097.6CVE-2019-0862
BID
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’.2019-04-089.3CVE-2019-0748
CONFIRM
microsoft — officeA remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0822
MISC
microsoft — windows_10A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka ‘Windows Deployment Services TFTP Server Remote Code Execution Vulnerability’.2019-04-088.5CVE-2019-0603
CONFIRM
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.2019-04-089.3CVE-2019-0617
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.2019-04-097.2CVE-2019-0685
MISC
microsoft — windows_10An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.2019-04-087.2CVE-2019-0696
CONFIRM
microsoft — windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka ‘Windows DHCP Client Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.2019-04-087.5CVE-2019-0697
CONFIRM
microsoft — windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka ‘Windows DHCP Client Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.2019-04-087.5CVE-2019-0698
CONFIRM
microsoft — windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka ‘Windows DHCP Client Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.2019-04-087.5CVE-2019-0726
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka ‘Windows CSRSS Elevation of Privilege Vulnerability’.2019-04-097.2CVE-2019-0735
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’.2019-04-089.3CVE-2019-0756
CONFIRM
microsoft — windows_10A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka ‘Comctl32 Remote Code Execution Vulnerability’.2019-04-089.3CVE-2019-0765
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’.2019-04-087.2CVE-2019-0766
CONFIRM
microsoft — windows_10A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.2019-04-089.3CVE-2019-0772
CONFIRM
microsoft — windows_10A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka ‘Windows ActiveX Remote Code Execution Vulnerability’.2019-04-087.6CVE-2019-0784
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka ‘SMB Server Elevation of Privilege Vulnerability’.2019-04-097.5CVE-2019-0786
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0790
BID
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0791
BID
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0792
BID
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.2019-04-099.3CVE-2019-0793
BID
MISC
microsoft — windows_10A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka ‘OLE Automation Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0794
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.2019-04-099.3CVE-2019-0795
BID
MISC
microsoft — windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0808.2019-04-087.2CVE-2019-0797
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.2019-04-097.2CVE-2019-0803
MISC
microsoft — windows_10An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.2019-04-097.2CVE-2019-0841
MISC
MISC
EXPLOIT-DB
microsoft — windows_10A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0842
BID
MISC
microsoft — windows_10A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka ‘Windows IOleCvt Interface Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0845
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0846
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0847
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0851
MISC
microsoft — windows_10A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.2019-04-099.3CVE-2019-0853
MISC
microsoft — windows_10A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’.2019-04-099.0CVE-2019-0856
MISC
microsoft — windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.2019-04-097.2CVE-2019-0859
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.2019-04-097.2CVE-2019-0877
MISC
microsoft — windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.2019-04-097.2CVE-2019-0879
BID
MISC
microsoft — windows_7An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797.2019-04-087.2CVE-2019-0808
CONFIRM
mikrotik — routerosMikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).2019-04-107.5CVE-2019-3943
MISC
ncp-e — ncp_secure_entry_clientThe Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, “Sophos IPSec Client” 11.04 is a rebranded version of NCP “Secure Entry Client” 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user’s computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.2019-04-099.3CVE-2017-17023
MISC
CONFIRM
odoo — odooImproper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.2019-04-099.0CVE-2018-15640
MISC
paloaltonetworks — globalprotectGlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow an attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.2019-04-097.5CVE-2019-1573
BID
MISC
CERT-VN
rancher — rancherAn issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.2019-04-109.0CVE-2018-20321
CONFIRM
CONFIRM
reolink — c1_pro_firmwareOn Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the “TestEmail” functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.2019-04-089.0CVE-2019-11001
MISC
MISC
roxyfileman — roxy_filemanRoxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.2019-04-097.5CVE-2019-7174
MISC
silverstripe — silverstripeAll versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.2019-04-117.5CVE-2019-5715
MISC
MISC
solideos — architectural_information_systemArchitectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.2019-04-097.5CVE-2019-9134
MISC
teeworlds — teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.2019-04-057.5CVE-2019-10877
MISC
teeworlds — teeworldsIn Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.2019-04-057.5CVE-2019-10878
MISC
teeworlds — teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.2019-04-057.5CVE-2019-10879
MISC
ui — edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.2019-04-109.0CVE-2019-5424
CONFIRM
MISC
ui — edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.2019-04-109.0CVE-2019-5425
CONFIRM
MISC
ui — edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the “local port forwarding” and “dynamic port forwarding” (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.2019-04-109.3CVE-2019-5426
CONFIRM
MISC
verizon — fios_quantum_gateway_g1100_firmwareRemote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.2019-04-119.0CVE-2019-3914
MISC
vpcsbd — integrated_university_management_systemAn authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students’ personal information or modify various settings).2019-04-1110.0CVE-2019-11196
MISC
vstarcam — eye4The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker’s fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password).2019-04-0810.0CVE-2019-11014
MISC
MISC
xmlsoft — libxsltlibxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.2019-04-107.5CVE-2019-11068
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech — webaccessAdvantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.2019-04-096.4CVE-2019-3941
BID
MISC
advantech — webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.2019-04-055.0CVE-2019-6554
MISC
airsonic_project — airsonicAirsonic 10.2.1 uses Spring’s default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.2019-04-075.0CVE-2019-10907
MISC
apache — airflowA number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.2019-04-106.8CVE-2019-0229
MLIST
BID
MISC
apache — http_serverIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.2019-04-086.0CVE-2019-0215
MLIST
BID
MISC
MLIST
FEDORA
FEDORA
CONFIRM
apache — http_serverIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.2019-04-086.0CVE-2019-0217
SUSE
MLIST
BID
MISC
MISC
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
UBUNTU
UBUNTU
DEBIAN
apache — tomcatThe HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API’s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.2019-04-105.0CVE-2019-0199
MISC
autodesk — advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7358
MISC
autodesk — advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7359
MISC
autodesk — advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7360
MISC
autodesk — advance_steelAn attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.2019-04-096.8CVE-2019-7361
MISC
aveva — wonderware_system_platformAVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.2019-04-114.0CVE-2019-6525
MISC
CONFIRM
bolt — boltCross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.2019-04-056.8CVE-2019-10874
MISC
MISC
MISC
EXPLOIT-DB
cantemo — portalCantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.2019-04-106.0CVE-2019-7551
CONFIRM
CONFIRM
MISC
MISC
checkpoint — ipsec_vpnCheck Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.2019-04-094.3CVE-2019-8456
MISC
clamav — clamavA vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.2019-04-086.8CVE-2019-1785
MISC
GENTOO
clamav — clamavA vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1786
MISC
MISC
GENTOO
clamav — clamavA vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1787
MISC
GENTOO
clamav — clamavA vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1788
MISC
GENTOO
clamav — clamavA vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1798
MISC
GENTOO
claws-mail — mailIn Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10735
MISC
cmsmadesimple — cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.2019-04-116.5CVE-2019-9056
CONFIRM
CONFIRM
ctolog — thinkadminapplicationadmincontrollerUser.php in ThinkAdmin V4.0 does not prevent continued use of an administrator’s cookie-based credentials after a password change.2019-04-085.0CVE-2019-11018
MISC
cyberark — endpoint_privilege_managerCyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.2019-04-094.6CVE-2018-14894
MISC
MISC
EXPLOIT-DB
MISC
dasannetworks — h660rm_firmwarediag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.2019-04-116.4CVE-2019-9974
MISC
MISC
BUGTRAQ
dasannetworks — h660rm_firmwareDASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.2019-04-115.0CVE-2019-9975
MISC
MISC
BUGTRAQ
dasannetworks — h660rm_firmwareThe Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.2019-04-114.0CVE-2019-9976
MISC
eclipse — kuraIn Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.2019-04-095.0CVE-2019-10242
BID
CONFIRM
eclipse — kuraIn Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.2019-04-095.0CVE-2019-10243
BID
CONFIRM
eclipse — kuraIn Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.2019-04-095.0CVE-2019-10244
BID
CONFIRM
elgg — elggElgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.2019-04-085.8CVE-2019-11016
MISC
MISC
MISC
fastadmin — fastadminFastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.2019-04-106.0CVE-2019-11077
MISC
fedoraproject — fedorasimple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.2019-04-084.3CVE-2019-9844
MISC
FEDORA
MISC
fortinet — fortiosAn information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.2019-04-095.0CVE-2018-13366
CONFIRM
freedesktop — popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.2019-04-054.3CVE-2019-10871
BID
MISC
freedesktop — popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.2019-04-056.8CVE-2019-10872
BID
MISC
freedesktop — popplerAn issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.2019-04-054.3CVE-2019-10873
BID
MISC
freedesktop — popplerFontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.2019-04-084.3CVE-2019-11026
MISC
MISC
gemalto — sentinel_ultrapro_client_libraryThe uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.2019-04-116.8CVE-2019-6534
MISC
MISC
MISC
CONFIRM
gitlab — gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2).2019-04-114.3CVE-2019-6796
MISC
MISC
MISC
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.2019-04-086.4CVE-2019-11006
MISC
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.2019-04-085.8CVE-2019-11007
MISC
MISC
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.2019-04-086.8CVE-2019-11008
MISC
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.2019-04-085.8CVE-2019-11009
MISC
MISC
graphicsmagick — graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.2019-04-084.3CVE-2019-11010
MISC
MISC
graphviz — graphvizThe agroot() function in cgraphobj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.2019-04-086.8CVE-2019-11023
MISC
MISC
ibm — api_connectSome URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.2019-04-085.0CVE-2019-4051
BID
XF
CONFIRM
ibm — business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.2019-04-085.0CVE-2018-1885
BID
XF
CONFIRM
ibm — business_automation_workflowIBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.2019-04-084.0CVE-2018-1997
XF
CONFIRM
ibm — business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.2019-04-084.0CVE-2018-1999
XF
CONFIRM
ibm — business_automation_workflowIBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.2019-04-086.8CVE-2018-2000
BID
XF
CONFIRM
ibm — business_automation_workflowIBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.2019-04-084.0CVE-2019-4045
XF
CONFIRM
ibm — qradar_security_information_and_event_managerIBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.2019-04-085.5CVE-2019-4210
BID
XF
CONFIRM
isc — bindA denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.2019-04-095.0CVE-2017-3139
CONFIRM
CONFIRM
ivanti — workspace_controlAn issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.2019-04-054.6CVE-2019-10885
MISC
jenkins — jenkinsUsers who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.2019-04-106.8CVE-2019-1003049
MISC
joomla — joomla!An issue was discovered in Joomla! before 3.9.5. The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.2019-04-105.0CVE-2019-10946
MISC
juniper — junosSpecific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.2019-04-105.0CVE-2019-0031
BID
CONFIRM
juniper — junosA firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.2019-04-105.0CVE-2019-0033
BID
CONFIRM
juniper — junosStarting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data. Configuration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical ‘set’ operations on the device. These APIs need the client to be authenticated for which the username/password can be used. Successful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network Agent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R1-S3. This issue does not affect Junos OS releases prior to 16.1.2019-04-105.8CVE-2019-0034
BID
CONFIRM
MISC
MISC
MISC
juniper — junosIf REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.2019-04-104.3CVE-2019-0039
CONFIRM
juniper — junosOn EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.2019-04-105.0CVE-2019-0041
CONFIRM
juniper — junosReceipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160.2019-04-105.0CVE-2019-0044
BID
CONFIRM
k-9_mail_project — k-9_mailK-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states “We don’t plan to take any action because of this.”2019-04-074.3CVE-2019-10741
MISC
kde — kmailIn KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10732
MISC
kmplayer — kmplayerWhen processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn’t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.2019-04-094.3CVE-2019-9133
MISC
libsixel_project — libsixelThe load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.2019-04-084.3CVE-2019-11024
MISC
MISC
linux — linux_kernelThe Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.2019-04-114.7CVE-2019-11190
BID
MISC
MISC
MISC
MISC
linux — linux_kernelThe Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.2019-04-114.7CVE-2019-11191
BID
MISC
MISC
linux — linux_kernelIt was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.2019-04-114.9CVE-2019-3837
CONFIRM
linux — linux_kernelA flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0’s APIC register values via L2 guest, when ‘virtualize x2APIC mode’ is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.2019-04-094.7CVE-2019-3887
BID
CONFIRM
materializecss — materializeIn Materialize through 1.0.0, XSS is possible via the Tooltip feature.2019-04-084.3CVE-2019-11002
MISC
materializecss — materializeIn Materialize through 1.0.0, XSS is possible via the Autocomplete feature.2019-04-084.3CVE-2019-11003
MISC
materializecss — materializeIn Materialize through 1.0.0, XSS is possible via the Toast feature.2019-04-084.3CVE-2019-11004
MISC
mi — mi_browserA URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the “q” query parameter. The portion of an https URL before the ?q= substring is not shown to the user.2019-04-054.3CVE-2019-10875
MISC
MISC
MISC
microsoft — .net_core_sdkA tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package’s folder structure, aka ‘NuGet Package Manager Tampering Vulnerability’.2019-04-084.0CVE-2019-0757
CONFIRM
microsoft — asp.net_coreA denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.2019-04-095.0CVE-2019-0815
BID
MISC
microsoft — azure_devops_server_2019A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Spoofing Vulnerability’.2019-04-094.3CVE-2019-0857
BID
MISC
microsoft — azure_devops_server_2019A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka ‘Azure DevOps Server HTML Injection Vulnerability’.2019-04-094.3CVE-2019-0869
BID
MISC
microsoft — azure_devops_server_2019A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Cross-site Scripting Vulnerability’.2019-04-094.3CVE-2019-0874
BID
MISC
microsoft — azure_devops_server_2019An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka ‘Azure DevOps Server Elevation of Privilege Vulnerability’.2019-04-095.0CVE-2019-0875
MISC
microsoft — chakracoreAn information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka ‘Scripting Engine Information Disclosure Vulnerability’.2019-04-084.3CVE-2019-0746
CONFIRM
microsoft — edgeAn elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’.2019-04-084.0CVE-2019-0678
CONFIRM
microsoft — edgeA security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka ‘Microsoft Browsers Security Feature Bypass Vulnerability’.2019-04-084.3CVE-2019-0762
CONFIRM
microsoft — edgeA tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka ‘Microsoft Browsers Tampering Vulnerability’.2019-04-094.3CVE-2019-0764
BID
MISC
microsoft — edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ‘Microsoft Edge Information Disclosure Vulnerability’.2019-04-094.3CVE-2019-0833
BID
MISC
microsoft — exchange_serverA spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka ‘Microsoft Exchange Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0858.2019-04-095.8CVE-2019-0817
MISC
microsoft — exchange_serverA spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka ‘Microsoft Exchange Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0817.2019-04-094.3CVE-2019-0858
MISC
microsoft — internet_explorerA security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0768.2019-04-084.3CVE-2019-0761
CONFIRM
microsoft — internet_explorerA security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0761.2019-04-084.3CVE-2019-0768
CONFIRM
microsoft — internet_explorerAn information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka ‘Microsoft Scripting Engine Information Disclosure Vulnerability’.2019-04-094.3CVE-2019-0835
MISC
microsoft — lync_serverA spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka ‘Skype for Business and Lync Spoofing Vulnerability’.2019-04-084.3CVE-2019-0798
CONFIRM
microsoft — officeA remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka ‘Office Remote Code Execution Vulnerability’.2019-04-096.8CVE-2019-0801
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0823
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0824
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0825
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827.2019-04-096.8CVE-2019-0826
MISC
microsoft — officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826.2019-04-096.8CVE-2019-0827
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0866
BID
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0867
BID
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0868
BID
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.2019-04-094.3CVE-2019-0870
BID
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.2019-04-094.3CVE-2019-0871
BID
MISC
microsoft — visual_studio_2017A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka ‘Visual Studio Remote Code Execution Vulnerability’.2019-04-086.8CVE-2019-0809
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0774.2019-04-084.3CVE-2019-0614
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0682
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka ‘Windows TCP/IP Information Disclosure Vulnerability’.2019-04-095.0CVE-2019-0688
MISC
microsoft — windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0689
CONFIRM
microsoft — windows_10A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.2019-04-085.5CVE-2019-0690
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0692
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694.2019-04-084.6CVE-2019-0693
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693.2019-04-084.6CVE-2019-0694
CONFIRM
microsoft — windows_10A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.2019-04-085.5CVE-2019-0695
CONFIRM
microsoft — windows_10A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.2019-04-085.5CVE-2019-0701
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.2019-04-084.0CVE-2019-0703
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.2019-04-084.0CVE-2019-0704
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0730
MISC
microsoft — windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0731
MISC
microsoft — windows_10A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Security Feature Bypass Vulnerability’.2019-04-094.6CVE-2019-0732
MISC
microsoft — windows_10A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’.2019-04-084.9CVE-2019-0754
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0614.2019-04-084.3CVE-2019-0774
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0849.2019-04-094.3CVE-2019-0802
MISC
microsoft — windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0805
MISC
microsoft — windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.2019-04-084.0CVE-2019-0821
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.2019-04-094.6CVE-2019-0836
BID
MISC
microsoft — windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0802.2019-04-094.3CVE-2019-0849
MISC
microsoft — windows_7An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka ‘Active Directory Elevation of Privilege Vulnerability’.2019-04-084.3CVE-2019-0683
CONFIRM
mkcms_project — mkcmsMKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.2019-04-106.8CVE-2019-11078
MISC
mybb — mybbA reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the ‘upsetting[bburl]’ parameter.2019-04-114.3CVE-2018-19202
CONFIRM
CONFIRM
nvidia — jetson_tx1NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.2019-04-116.4CVE-2019-5672
CONFIRM
odoo — odooImproper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.2019-04-094.0CVE-2018-15631
MISC
odoo — odooCross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.2019-04-094.3CVE-2018-15635
MISC
omron — common_componentsWhen processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-04-106.8CVE-2019-6556
MISC
openstack — neutronAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.2019-04-054.0CVE-2019-10876
MLIST
MISC
MISC
CONFIRM
paessler — prtgPRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.2019-04-104.3CVE-2018-14683
CONFIRM
pivotal_software — spring_securitySpring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.2019-04-095.0CVE-2019-3795
BID
CONFIRM
rancher — rancherIn Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.2019-04-106.5CVE-2019-6287
CONFIRM
CONFIRM
redhat — gluster_storageA flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.2019-04-095.5CVE-2019-3880
SUSE
MISC
CONFIRM
MLIST
CONFIRM
MISC
redhat — satelliteA lack of access control was found in the message queues maintained by Satellite’s QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.2019-04-115.2CVE-2019-3845
CONFIRM
redhat — satelliteIn Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the “delete_compute_resource” permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.2019-04-094.0CVE-2019-3893
BID
CONFIRM
MISC
MISC
roundcube — webmailIn Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10740
MISC
roundup-tracker — roundupRoundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.2019-04-064.3CVE-2019-10904
MLIST
MISC
MISC
MLIST
MISC
salicru — slc-20-cube3(5)A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.2019-04-054.3CVE-2019-10887
MISC
MISC
EXPLOIT-DB
sap — business_application_software_integrated_solutionABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.2019-04-106.5CVE-2019-0279
CONFIRM
CONFIRM
sap — crystal_reportsThe .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.2019-04-105.0CVE-2019-0285
CONFIRM
CONFIRM
sap — netweaver_process_integrationUnder certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.2019-04-104.0CVE-2019-0278
CONFIRM
CONFIRM
sap — netweaver_process_integrationSeveral web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.2019-04-105.0CVE-2019-0282
CONFIRM
CONFIRM
sap — netweaver_process_integrationSAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.2019-04-105.5CVE-2019-0283
CONFIRM
CONFIRM
search-guard — search_guardThe floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.2019-04-094.3CVE-2018-20698
CONFIRM
CONFIRM
spip — spipSPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.2019-04-106.5CVE-2019-11071
MISC
MISC
MISC
MISC
symantec — endpoint_encryptionSymantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-04-104.6CVE-2019-9694
CONFIRM
symantec — vip_enterprise_gatewaySymantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.2019-04-094.3CVE-2019-9696
BID
CONFIRM
systemd_project — systemdIn systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the “allow_active” element rather than “allow_any”.2019-04-094.4CVE-2019-3842
CONFIRM
FEDORA
tibco — activematrix_businessworksThe HTTP Connector component of TIBCO Software Inc.’s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP “Basic Authentication” policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.2019-04-096.8CVE-2019-8990
BID
MISC
MISC
trendmicro — apex_oneA directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product’s management console.2019-04-055.0CVE-2019-9489
CONFIRM
CONFIRM
trendmicro — interscan_web_security_virtual_applianceA vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.2019-04-054.0CVE-2019-9490
BID
CONFIRM
trojita_project — trojitaIn KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10734
MISC
uipath — orchestratorUiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.2019-04-116.5CVE-2018-17305
CONFIRM
ukcms — ukcmsA CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.2019-04-056.8CVE-2019-10888
MISC
uniqkey — password_managerAn issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id=”uniqkey-password-popup” and password-popup/popup.html.2019-04-084.3CVE-2019-10676
MISC
MISC
MISC
MISC
uniqkey — password_managerAn issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn’t registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id=”uniqkey-password-popup” and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676.2019-04-084.3CVE-2019-10845
MISC
FULLDISC
MISC
uniqkey — password_managerUniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.2019-04-054.3CVE-2019-10884
MISC
verizon — fios_quantum_gateway_g1100_firmwareAuthentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.2019-04-115.4CVE-2019-3915
BID
MISC
verizon — fios_quantum_gateway_g1100_firmwareInformation disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).2019-04-115.0CVE-2019-3916
MISC
webkitgtk — webkitgtkWebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.2019-04-105.0CVE-2019-11070
MISC
MLIST
MISC
BUGTRAQ
MISC
winmagic — securedoc_disk_encryptionWINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search Path or Element.2019-04-084.6CVE-2018-20341
CONFIRM
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.2019-04-095.0CVE-2019-10894
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.2019-04-095.0CVE-2019-10895
BID
MISC
MISC
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.2019-04-095.0CVE-2019-10896
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.2019-04-095.0CVE-2019-10897
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.2019-04-095.0CVE-2019-10898
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.2019-04-095.0CVE-2019-10899
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.2019-04-095.0CVE-2019-10900
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.2019-04-095.0CVE-2019-10901
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.2019-04-095.0CVE-2019-10902
BID
MISC
MISC
MISC
wireshark — wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.2019-04-095.0CVE-2019-10903
BID
MISC
MISC
MISC
wpape — ape_galleryThe wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.2019-04-094.3CVE-2019-6117
MISC
xmltooling_project — xmltoolingThe XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.2019-04-115.0CVE-2019-9628
MISC
MISC
UBUNTU
MISC
zarafa — webaccessUnauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead.2019-04-114.3CVE-2019-7219
MISC
MISC
zyxel — nas326_firmwareA plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.2019-04-094.0CVE-2019-10630
MISC
zyxel — nas326_firmwareShell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.2019-04-096.5CVE-2019-10631
MISC
zyxel — nas326_firmwareA directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user’s files.2019-04-094.0CVE-2019-10632
MISC
zyxel — nas326_firmwareAn eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.2019-04-096.5CVE-2019-10633
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache — airflowA malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.2019-04-103.5CVE-2019-0216
MLIST
BID
MISC
cacti — cactiIn clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.2019-04-083.5CVE-2019-11025
MISC
MISC
canonical — ubuntu_linuxA security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka ‘Azure SSH Keypairs Security Feature Bypass Vulnerability’.2019-04-081.9CVE-2019-0816
CONFIRM
canonical — ubuntu_linuxA heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.2019-04-113.3CVE-2019-3460
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
forticlient — forticlientAn improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application’s performance via modifying the contents of a file used by several FortiClientMac processes.2019-04-093.6CVE-2019-5585
BID
CONFIRM
gnu — glibcThe nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.2019-04-102.1CVE-2006-7254
MISC
ibm — cloud_privateIBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.2019-04-083.5CVE-2018-1943
BID
XF
CONFIRM
ibm — cloud_privateThe IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.2019-04-082.1CVE-2019-4143
BID
XF
CONFIRM
ibm — spectrum_protect_for_virtual_environmentsIBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.2019-04-082.1CVE-2018-1787
CONFIRM
XF
ibm — spectrum_protect_for_virtual_environmentsIn a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.2019-04-081.9CVE-2018-1882
CONFIRM
CONFIRM
BID
XF
iobit — smart_defragSmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a “big” pool.2019-04-112.1CVE-2019-6493
MISC
MISC
jenkins — jenkinsThe f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.2019-04-103.5CVE-2019-1003050
BID
MISC
lenovo — 510-15ikl_firmwareIn Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.2019-04-102.1CVE-2019-6156
MISC
microsoft — edgeA security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka ‘Microsoft Edge Security Feature Bypass Vulnerability’.2019-04-082.6CVE-2019-0612
CONFIRM
microsoft — sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.2019-04-083.5CVE-2019-0778
CONFIRM
microsoft — sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2019-0831.2019-04-093.5CVE-2019-0830
MISC
microsoft — sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2019-0830.2019-04-093.5CVE-2019-0831
MISC
microsoft — team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka ‘Team Foundation Server Cross-site Scripting Vulnerability’.2019-04-083.5CVE-2019-0777
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0702
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0755
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka ‘Windows Print Spooler Information Disclosure Vulnerability’.2019-04-082.1CVE-2019-0759
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0767
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.2019-04-081.9CVE-2019-0775
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’.2019-04-082.1CVE-2019-0776
CONFIRM
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.2019-04-082.1CVE-2019-0782
CONFIRM
microsoft — windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-092.1CVE-2019-0796
MISC
microsoft — windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0848.2019-04-092.1CVE-2019-0814
MISC
microsoft — windows_10An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Information Disclosure Vulnerability’.2019-04-092.1CVE-2019-0837
MISC
microsoft — windows_10An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka ‘Windows Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0839.2019-04-092.1CVE-2019-0838
MISC
microsoft — windows_10An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka ‘Windows Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0838.2019-04-092.1CVE-2019-0839
MISC
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0844.2019-04-092.1CVE-2019-0840
MISC
microsoft — windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0840.2019-04-092.1CVE-2019-0844
MISC
microsoft — windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0814.2019-04-092.1CVE-2019-0848
MISC
nvidia — jetson_tx2NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3.2019-04-113.6CVE-2019-5673
CONFIRM
osisoft — pi_visionOSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes.2019-04-083.5CVE-2018-19006
MISC
paloaltonetworks — expedition_migration_toolThe Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.2019-04-093.5CVE-2019-1567
MISC
paloaltonetworks — expedition_migration_toolCross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.2019-04-123.5CVE-2019-1574
CONFIRM
rapid7 — insightvmUsers with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.2019-04-093.5CVE-2019-5615
CONFIRM
redhat — enterprise_mrgA heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.2019-04-113.3CVE-2019-3459
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
samba — sambaA vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.2019-04-093.6CVE-2019-3870
CONFIRM
MISC
MISC
sap — hanaSLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.2019-04-103.6CVE-2019-0284
CONFIRM
CONFIRM
zyxel — nas326_firmwareAn XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.2019-04-093.5CVE-2019-10634
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
auth0 — auth0-wcf-service-jwtAuth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.2019-04-11not yet calculatedCVE-2019-7644
MISC
d-link — multiple_devicesOn D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.2019-04-11not yet calculatedCVE-2018-19300
MISC
CONFIRM
MISC
MISC
forecpoint — email_securityA stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.2019-04-09not yet calculatedCVE-2018-16530
MISC
fortinet — fortisandboxA reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.2019-04-09not yet calculatedCVE-2018-1356
BID
CONFIRM
gradle — gradleGradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.2019-04-09not yet calculatedCVE-2019-11065
MISC
hanwha_techwin — srn-4000Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.2019-04-08not yet calculatedCVE-2017-7912
MISC
honeywell — experion_pksA directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-5436
MISC
honeywell — experion_pksAn arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-5435
MISC
honeywell — experion_pksA file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-9186
MISC
hp_development_company — multiple_printersHP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.2019-04-11not yet calculatedCVE-2019-6318
CONFIRM
hpe — gen10_proliant_serversA remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.2019-04-09not yet calculatedCVE-2018-7117
MISC
hpe — service_pack_for_proliantA local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.2019-04-09not yet calculatedCVE-2018-7118
MISC
ibm — spectrum_protectIBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.2019-04-08not yet calculatedCVE-2018-1853
CONFIRM
XF
inteno — iopsys
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an “include” and point the “path” argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.2019-04-11not yet calculatedCVE-2018-20487
CONFIRM
MISC
juniper — identity_management_serviceJuniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.2019-04-10not yet calculatedCVE-2019-0042
CONFIRM
juniper — junos_osCrafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.2019-04-10not yet calculatedCVE-2019-0038
BID
CONFIRM
juniper — junos_osWhen “set system ports console insecure” is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using “set system root-authentication plain-text-password” on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0035
CONFIRM
juniper — junos_osIn MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10.2019-04-10not yet calculatedCVE-2019-0043
CONFIRM
juniper — junos_osOn Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS). Note: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue. This issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing: user@junos> show version | match kernel JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10] Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D236; 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8; 17.3 versions prior to 17.3R2; 17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0040
CONFIRM
juniper — junos_osIn a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0037
CONFIRM
juniper — junos_osWhen BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.2019-04-10not yet calculatedCVE-2019-0019
CONFIRM
juniper — junos_osOn Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected.2019-04-10not yet calculatedCVE-2019-0028
CONFIRM
juniper — junos_osWhen configuring a stateless firewall filter in Junos OS, terms named using the format “internal-n” (e.g. “internal-1”, “internal-2”, etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.2019-04-10not yet calculatedCVE-2019-0036
CONFIRM
juniper — service_insight_and_service_nowA password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.2019-04-10not yet calculatedCVE-2019-0032
BID
CONFIRM
MISC
kentico — kentico_cmsKentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.2019-04-10not yet calculatedCVE-2018-19453
MISC
lenovo — bootable_generatorA DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.2019-04-10not yet calculatedCVE-2019-6154
MISC
mcafee — dxl_platform_and_tie_serverInformation Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.2019-04-10not yet calculatedCVE-2019-3612
CONFIRM
microsoft — azure_linux_agentAn information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka ‘Azure Linux Agent Information Disclosure Vulnerability’.2019-04-08not yet calculatedCVE-2019-0804
CONFIRM
microsoft — open_enclave_sdkAn information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka ‘Open Enclave SDK Information Disclosure Vulnerability’.2019-04-09not yet calculatedCVE-2019-0876
BID
MISC
microsoft — windows_admin_centerAn elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka ‘Windows Admin Center Elevation of Privilege Vulnerability’.2019-04-09not yet calculatedCVE-2019-0813
MISC
norton — password_managerNorton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.2019-04-09not yet calculatedCVE-2018-18365
MISC
nvidia — jetson_tx2NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6269
CONFIRM
nvidia — jetson_tx2NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6239
CONFIRM
pallets — jinjaIn Pallets Jinja before 2.8.1, str.format allows a sandbox escape.2019-04-08not yet calculatedCVE-2016-10745
MISC
MISC
pallets — jinjaIn Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.2019-04-06not yet calculatedCVE-2019-10906
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
parsedown — parsedownParsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.2019-04-06not yet calculatedCVE-2019-10905
MISC
MISC

pulse_secure — pulse_desktop_client_and_pulse_connect_secure

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.2019-04-12not yet calculatedCVE-2019-11213
MISC
salesagility — suitecrmAn XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the “add dashboard pages” feature where users can receive a malicious attack through a phished URL, with script executed.2019-04-05not yet calculatedCVE-2018-20816
MISC
MISC
MISC
sequelize — sequelizeSequelize before 5.3.0 does not properly ensure that standard conforming strings are used.2019-04-10not yet calculatedCVE-2019-11069
MISC
MISC
silverpeas — silverpeasSilverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.2019-04-09not yet calculatedCVE-2018-19586
MISC
MISC
utimaco — cryptoserver_hsmIncorrect Access Controls of Security Officer (SO) in PKCS11 R2 provider that ships with the Utimaco CryptoServer HSM product package allows an SO authenticated to a slot to retrieve attributes of keys marked as private keys in external key storage, and also delete keys marked as private keys in external key storage. This compromises the availability of all keys configured with external key storage and may result in an economic attack in which the attacker denies legitimate users access to keys while maintaining possession of an encrypted copy (blob) of the external key store for ransom. This attack has been dubbed reverse ransomware attack and may be executed via a physical connection to the CryptoServer or remote connection if SSH or remote access to LAN CryptoServer has been compromised. The Confidentiality and Integrity of the affected keys, however, remain untarnished.2019-04-09not yet calculatedCVE-2018-19589
CONFIRM
MISC
vmware — horizon_connection_serverVMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server?s internal name, or the gateway?s internal IP address.2019-04-09not yet calculatedCVE-2019-5513
MISC
vmware — workstationVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.2019-04-09not yet calculatedCVE-2019-5511
MISC
vmware — workstationVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.2019-04-09not yet calculatedCVE-2019-5512
MISC
zephyr_project — zephyrA buffer overflow has been found in the Zephyr Project’s getaddrinfo() implementation in 1.9.0 and 1.10.0.2019-04-12not yet calculatedCVE-2017-14199
CONFIRM
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.