SB19-014: Vulnerability Summary for the Week of January 7, 2019

Original release date: January 14, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. 2019-01-08 7.6 CVE-2019-0565
BID
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arc_project — arc ARC 5.21q allows directory traversal via a full pathname in an archive file. 2019-01-07 5.0 CVE-2015-9275
MISC
MISC
getbootstrap — bootstrap In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. 2019-01-09 4.3 CVE-2016-10735
MISC
MISC
MISC
MISC
MISC
MISC
ibm — api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. 2019-01-04 6.5 CVE-2018-1859
BID
XF
CONFIRM
microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka “ASP.NET Core Denial of Service Vulnerability.” This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. 2019-01-08 5.0 CVE-2019-0564
BID
REDHAT
CONFIRM
microsoft — office An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka “Microsoft Outlook Information Disclosure Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. 2019-01-08 4.3 CVE-2019-0559
BID
CONFIRM
microsoft — office An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka “Microsoft Office Information Disclosure Vulnerability.” This affects Office 365 ProPlus, Microsoft Office. 2019-01-08 4.3 CVE-2019-0560
BID
CONFIRM
yunucms — yunucms YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. 2019-01-04 4.3 CVE-2019-5310
MISC
yunucms — yunucms An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. 2019-01-04 4.3 CVE-2019-5311
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
frog_cms_project — frog_cms Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. 2019-01-09 3.5 CVE-2018-20680
MISC
ibm — rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. 2019-01-04 3.5 CVE-2018-1657
BID
XF
CONFIRM
ibm — rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. 2019-01-04 3.5 CVE-2018-1951
BID
XF
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — karaf
 
Apache Karaf provides a features deployer, which allows users to “hot deploy” a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn’t contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. 2019-01-07 not yet calculated CVE-2018-11788
MISC
BID
apache — thrift Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. 2019-01-07 not yet calculated CVE-2018-1320
MISC
apache — thrift The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. 2019-01-07 not yet calculated CVE-2018-11798
BID
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4043
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4047
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4032
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4033
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4034
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4045
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. 2019-01-10 not yet calculated CVE-2018-4036
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4037
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4035
MISC
apple — cleanmymac_x An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4046
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4041
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4042
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4044
MISC
apple — ios In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. 2019-01-11 not yet calculated CVE-2017-2411
CONFIRM
apple — ios In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4404
MISC
CONFIRM
EXPLOIT-DB
apple — ios In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. 2019-01-11 not yet calculated CVE-2017-13891
CONFIRM
apple — ios In iOS before 11.2, a type confusion issue was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2017-13888
CONFIRM
apple — ios In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4330
BID
SECTRACK
CONFIRM
apple — ios In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. 2019-01-11 not yet calculated CVE-2016-7576
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4257
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4255
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4254
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. 2019-01-11 not yet calculated CVE-2018-4217
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. 2019-01-11 not yet calculated CVE-2018-4183
CONFIRM
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. 2019-01-11 not yet calculated CVE-2018-4182
CONFIRM
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4181
MLIST
CONFIRM
UBUNTU
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4180
MLIST
CONFIRM
UBUNTU
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. 2019-01-11 not yet calculated CVE-2018-4258
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4256
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. 2019-01-11 not yet calculated CVE-2018-4179
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. 2019-01-11 not yet calculated CVE-2017-13886
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. 2019-01-11 not yet calculated CVE-2017-13887
CONFIRM
apple — multiple_products In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4194
MISC
CONFIRM
MISC
MISC
MISC
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. 2019-01-11 not yet calculated CVE-2017-13889
CONFIRM
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4169
CONFIRM
apple — multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. 2019-01-11 not yet calculated CVE-2018-4278
SECTRACK
GENTOO
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4277
SECTRACK
MISC
MISC
MISC
CONFIRM
MISC
apple — multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4262
SECTRACK
GENTOO
MISC
CONFIRM
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4213
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
UBUNTU
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. 2019-01-11 not yet calculated CVE-2018-4298
CONFIRM
MISC
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4212
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4210
GENTOO
MISC
MISC
MISC
CONFIRM
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4209
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4208
GENTOO
MISC
MISC
MISC
CONFIRM
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4207
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4189
CONFIRM
MISC
MISC
MISC
apple — multiple_products In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4147
CONFIRM
MISC
MISC
MISC
MISC
apple — multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. 2019-01-11 not yet calculated CVE-2016-4644
MISC
MISC
CONFIRM
apple — multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. 2019-01-11 not yet calculated CVE-2016-4643
MISC
MISC
CONFIRM
apple — multiple_products In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. 2019-01-11 not yet calculated CVE-2018-4185
MISC
MISC
CONFIRM
MISC
apple — multiple_products
 
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. 2019-01-11 not yet calculated CVE-2016-4642
MISC
MISC
CONFIRM
apple — safari In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. 2019-01-11 not yet calculated CVE-2018-4186
CONFIRM
apple — swiftnio In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4281
CONFIRM
artifex — mupdf Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. 2019-01-11 not yet calculated CVE-2019-6130
MISC
artifex — mupdf svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. 2019-01-11 not yet calculated CVE-2019-6131
MISC
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. 2019-01-09 not yet calculated CVE-2018-0634
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. 2019-01-09 not yet calculated CVE-2018-0635
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. 2019-01-09 not yet calculated CVE-2018-0636
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0638
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0639
MISC
JVN
aterm — hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0640
MISC
JVN
aterm — hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0641
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0637
MISC
JVN
aterm — w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. 2019-01-09 not yet calculated CVE-2018-0633
MISC
JVN
aterm — w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0632
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0631
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0629
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0630
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0628
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0627
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. 2019-01-09 not yet calculated CVE-2018-0626
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0625
MISC
JVN
bento4 — bento4
 
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac. 2019-01-11 not yet calculated CVE-2019-6132
MISC
bodhi — bodhi
 
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. 2019-01-10 not yet calculated CVE-2017-1002152
CONFIRM
bootstrap — bootstrap In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. 2019-01-09 not yet calculated CVE-2018-20677
MISC
MISC
MISC
MISC
MISC
bootstrap — bootstrap
 
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. 2019-01-09 not yet calculated CVE-2018-20676
MISC
MISC
MISC
MISC
MISC
busybox — busybox
 
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. 2019-01-09 not yet calculated CVE-2019-5747
MISC
MISC
busybox — busybox
 
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. 2019-01-09 not yet calculated CVE-2018-20679
MISC
MISC
MISC
cimtechniques — cimscan In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. 2019-01-10 not yet calculated CVE-2018-16803
MISC
MISC
cisco — 900_series_aggregation_services_router A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. 2019-01-11 not yet calculated CVE-2018-15464
CISCO
cisco — cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA. 2019-01-10 not yet calculated CVE-2018-15453
BID
CISCO
cisco — cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. 2019-01-10 not yet calculated CVE-2018-15460
BID
CISCO
cisco — firepower_management_center A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. 2019-01-10 not yet calculated CVE-2018-15458
BID
CISCO
cisco — identity_services_engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-15456
BID
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. 2019-01-09 not yet calculated CVE-2018-0282
BID
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device. 2019-01-10 not yet calculated CVE-2018-0484
CISCO
cisco — ip_phone_8800_series_software A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. 2019-01-10 not yet calculated CVE-2018-0461
BID
CISCO
cisco — jabber_client_framework A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. 2019-01-10 not yet calculated CVE-2018-0449
BID
CISCO
cisco — jabber_client_framework A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information. 2019-01-10 not yet calculated CVE-2018-0483
BID
CISCO
cisco — policy_suite_for_mobile_and_policy_suite_diameter_routing_agent_software A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. 2019-01-09 not yet calculated CVE-2018-0181
CISCO
cisco — policy_suite
 
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. 2019-01-11 not yet calculated CVE-2018-15466
BID
CISCO
cisco — prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-10 not yet calculated CVE-2018-15457
BID
CISCO
cisco — prime_network_control_system A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. 2019-01-10 not yet calculated CVE-2018-0482
BID
CISCO
cisco — telepresence_management_suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-01-11 not yet calculated CVE-2018-15467
BID
CISCO
cisco — unified_communications_manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-0474
CISCO
cisco — webex_business_suite A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. 2019-01-10 not yet calculated CVE-2018-15461
BID
CISCO
cybozu — dezie Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0705
JVN
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. 2019-01-09 not yet calculated CVE-2018-16178
JVN
MISC
cybozu — mailwise Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0702
JVN
MISC
cybozu — office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0703
JVN
MISC
cybozu — office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. 2019-01-09 not yet calculated CVE-2018-0704
JVN
MISC
cybozu — remote_service Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16169
JVN
MISC
cybozu — remote_service Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. 2019-01-09 not yet calculated CVE-2018-16172
JVN
MISC
cybozu — remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16171
JVN
MISC
cybozu — remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16170
JVN
MISC
d-link — multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. 2019-01-08 not yet calculated CVE-2018-20675
MISC
d-link — multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. 2019-01-08 not yet calculated CVE-2018-20674
MISC
digital_arts — i-filter HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16181
MISC
JVN
digital_arts — i-filter Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16180
MISC
JVN
django — django
 
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. 2019-01-09 not yet calculated CVE-2019-3498
BID
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
docker_engine — docker_engine
 
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a –cpuset-mems or –cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. 2019-01-11 not yet calculated CVE-2018-20699
MISC
MISC
dokan — dokan
 
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. 2019-01-07 not yet calculated CVE-2018-5410
BID
MISC
CONFIRM
CERT-VN
elfinder — elfinder
 
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP’s curl extension is enabled and safe_mode or open_basedir is not set. 2019-01-10 not yet calculated CVE-2019-5884
MISC
MISC
fork — fork_cms
 
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka “Admin ids” input in the Facebook section). 2019-01-09 not yet calculated CVE-2018-20682
MISC
frog_cms — frog_cms Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). 2019-01-11 not yet calculated CVE-2019-6243
MISC
frontaccounting — frontaccounting
 
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. 2019-01-08 not yet calculated CVE-2019-5720
MISC
frrouting — frrouting
 
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed. 2019-01-10 not yet calculated CVE-2019-5892
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
gitolite — gitolite
 
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a “bad” impact by triggering use of an option other than -v, -n, -q, or -P. 2019-01-09 not yet calculated CVE-2018-20683
MISC
MISC
MISC
MISC
gnu — binutils load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. 2019-01-04 not yet calculated CVE-2018-20671
BID
MISC
MISC
gnu — binutils The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for “Create an array for saving the template argument values”) that can trigger a heap-based buffer overflow, as demonstrated by nm. 2019-01-04 not yet calculated CVE-2018-20673
BID
MISC
google — chrome The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16084
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20069
CONFIRM
MISC
google — chrome Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20068
CONFIRM
MISC
google — chrome A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20067
CONFIRM
MISC
google — chrome Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20066
CONFIRM
MISC
google — chrome Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-20065
CONFIRM
MISC
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6166
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6163
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6165
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6164
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6162
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17470
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-17461
CONFIRM
MISC
google — chrome Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17459
REDHAT
CONFIRM
MISC
google — chrome An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17458
REDHAT
CONFIRM
MISC
google — chrome An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17457
CONFIRM
MISC
google — chrome JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6160
BID
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-20070
CONFIRM
MISC
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6167
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20071
CONFIRM
MISC
google — chrome Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15428
CONFIRM
MISC
google — chrome A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2016-9651
REDHAT
BID
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15401
CONFIRM
MISC
google — chrome Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15402
CONFIRM
MISC
google — chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15403
CONFIRM
MISC
google — chrome An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15404
CONFIRM
MISC
google — chrome Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15405
CONFIRM
MISC
google — chrome Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6179
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6153
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6178
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6175
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6174
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6173
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6172
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6170
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6169
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6158
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6151
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16085
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16080
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16078
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6097
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16079
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6100
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6106
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6109
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. 2019-01-09 not yet calculated CVE-2018-6110
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6111
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-16081
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6096
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16082
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16083
BID
REDHAT
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6112
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6113
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6114
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6117
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6120
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16088
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16087
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-16076
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6093
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. 2019-01-09 not yet calculated CVE-2018-6147
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6127
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6144
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6143
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6141
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6140
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6139
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6137
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6135
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6133
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6126
BID
BID
SECTRACK
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
DEBIAN
EXPLOIT-DB
google — chrome Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6091
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6124
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6123
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16065
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16066
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16068
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2019-01-09 not yet calculated CVE-2018-16071
BID
REDHAT
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16072
BID
CONFIRM
MISC
GENTOO
google — chrome Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6056
BID
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. 2019-01-09 not yet calculated CVE-2018-6084
BID
BID
CONFIRM
MISC
EXPLOIT-DB
google — chrome A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16067
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome
 
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2016-10403
CONFIRM
MISC
ibm — api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175. 2019-01-08 not yet calculated CVE-2018-1932
CONFIRM
BID
XF
ibm — i_access_for_windows An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079. 2019-01-04 not yet calculated CVE-2018-1888
BID
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785. 2019-01-08 not yet calculated CVE-2018-1918
CONFIRM
BID
XF
ibm — spectrum_scale IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. 2019-01-08 not yet calculated CVE-2018-1993
BID
XF
CONFIRM
imperva — securesphere Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. 2019-01-10 not yet calculated CVE-2018-5412
EXPLOIT-DB
imperva — securesphere Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. 2019-01-10 not yet calculated CVE-2018-5413
EXPLOIT-DB
imperva — securesphere_gateway Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. 2019-01-10 not yet calculated CVE-2018-5403
EXPLOIT-DB
intel — nuc_firmware
 
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. 2019-01-10 not yet calculated CVE-2017-3718
CONFIRM
intel — optane_ssd_dc_p4800x Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. 2019-01-10 not yet calculated CVE-2018-12167
CONFIRM
intel — optane_ssd_dc_p4800x Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. 2019-01-10 not yet calculated CVE-2018-12166
CONFIRM
intel — proset/wireless_wifi_software Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-12177
CONFIRM
intel — sgx_sdk_and_platform_software_for_window Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-18098
CONFIRM
intel — ssd_data_center_tool_for_windows Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-3703
CONFIRM
intel — system_support_utility_for_windows Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2019-0088
CONFIRM
irssi — irssi
 
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. 2019-01-09 not yet calculated CVE-2019-5882
MISC
MISC
MISC
japan_atomic_energy_agency — mapping_tool Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16176
MISC
JVN
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000412
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. 2019-01-09 not yet calculated CVE-2018-1000422
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins. 2019-01-09 not yet calculated CVE-2018-1000407
CONFIRM
jenkins — jenkins A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory. 2019-01-09 not yet calculated CVE-2018-1000408
CONFIRM
jenkins — jenkins A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. 2019-01-09 not yet calculated CVE-2018-1000409
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. 2019-01-09 not yet calculated CVE-2018-1000426
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. 2019-01-09 not yet calculated CVE-2018-1000425
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. 2019-01-09 not yet calculated CVE-2018-1000423
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000421
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. 2019-01-09 not yet calculated CVE-2018-1000411
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000420
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000419
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000418
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. 2019-01-09 not yet calculated CVE-2018-1000417
CONFIRM
jenkins — jenkins A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. 2019-01-09 not yet calculated CVE-2018-1000416
CONFIRM
jenkins — jenkins An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. 2019-01-09 not yet calculated CVE-2018-1000410
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. 2019-01-09 not yet calculated CVE-2018-1000414
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000413
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. 2019-01-09 not yet calculated CVE-2018-1000415
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. 2019-01-09 not yet calculated CVE-2018-1000424
CONFIRM
jenkins — jenkins
 
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. 2019-01-09 not yet calculated CVE-2018-1000406
CONFIRM
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16168
MISC
MISC
jpcert_coordination_center — logontracer Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16165
MISC
MISC
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16166
MISC
MISC
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16167
MISC
MISC
lib60870 — lib60870
 
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference. 2019-01-11 not yet calculated CVE-2019-6137
MISC
libiec61850 — libiec61850 An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. 2019-01-11 not yet calculated CVE-2019-6136
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c. 2019-01-11 not yet calculated CVE-2019-6138
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. 2019-01-11 not yet calculated CVE-2019-6135
MISC
MISC
libpng — libpng
 
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. 2019-01-11 not yet calculated CVE-2019-6129
MISC
libtiff — libtiff
 
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. 2019-01-11 not yet calculated CVE-2019-6128
MISC

linux — linux_kernel
 

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. 2019-01-07 not yet calculated CVE-2019-5489
MISC
BID
MISC
MISC
MISC
MISC

linux — linux_kernel
 

EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database. 2019-01-07 not yet calculated CVE-2019-5488
MISC
lockon — ec-cube Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16191
JVN
MISC
mate_desktop_environment — mate-screensaver mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse. 2019-01-09 not yet calculated CVE-2018-20681
MISC
MISC
MISC
MISC
mcafee — web_gateway
 
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. 2019-01-09 not yet calculated CVE-2019-3581
CONFIRM
micronet — inplc INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670. 2019-01-09 not yet calculated CVE-2018-0669
MISC
JVN
micronet — inplc Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS) condition that may result in executing arbtrary code via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0668
MISC
JVN
micronet — inplc Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0671
MISC
JVN
micronet — inplc INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669. 2019-01-09 not yet calculated CVE-2018-0670
MISC
JVN
micronet — inplc
 
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-0667
MISC
JVN
microsoft — .net_framework An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka “.NET Framework Information Disclosure Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. 2019-01-08 not yet calculated CVE-2019-0545
BID
REDHAT
CONFIRM
microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka “ASP.NET Core Denial of Service Vulnerability.” This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. 2019-01-08 not yet calculated CVE-2019-0548
BID
REDHAT
CONFIRM
microsoft — edge An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka “Microsoft Edge Elevation of Privilege Vulnerability.” This affects Microsoft Edge. 2019-01-08 not yet calculated CVE-2019-0566
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567. 2019-01-08 not yet calculated CVE-2019-0568
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. 2019-01-08 not yet calculated CVE-2019-0539
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568. 2019-01-08 not yet calculated CVE-2019-0567
BID
CONFIRM
microsoft — exchange_server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. 2019-01-08 not yet calculated CVE-2019-0586
BID
CONFIRM
microsoft — exchange_server
 
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka “Microsoft Exchange Information Disclosure Vulnerability.” This affects Microsoft Exchange Server. 2019-01-08 not yet calculated CVE-2019-0588
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka “Microsoft Word Information Disclosure Vulnerability.” This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. 2019-01-08 not yet calculated CVE-2019-0561
BID
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka “MSHTML Engine Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. 2019-01-08 not yet calculated CVE-2019-0541
BID
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka “Microsoft Word Remote Code Execution Vulnerability.” This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. 2019-01-08 not yet calculated CVE-2019-0585
BID
CONFIRM
microsoft — multiple_products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. 2019-01-08 not yet calculated CVE-2019-0558
BID
CONFIRM
microsoft — sharepoint A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558. 2019-01-08 not yet calculated CVE-2019-0556
BID
CONFIRM
microsoft — sharepoint An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint. 2019-01-08 not yet calculated CVE-2019-0562
BID
CONFIRM
microsoft — sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558. 2019-01-08 not yet calculated CVE-2019-0557
BID
CONFIRM
microsoft — skype_for_android An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka “Skype for Android Elevation of Privilege Vulnerability.” This affects Skype 8.35. 2019-01-08 not yet calculated CVE-2019-0622
BID
CONFIRM
microsoft — visual_studio A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka “Visual Studio Remote Code Execution Vulnerability.” This affects Microsoft Visual Studio. 2019-01-08 not yet calculated CVE-2019-0546
BID
CONFIRM
microsoft — visual_studio An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka “Microsoft Visual Studio Information Disclosure Vulnerability.” This affects Microsoft Visual Studio. 2019-01-08 not yet calculated CVE-2019-0537
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0571
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka “Windows Runtime Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0570
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. 2019-01-08 not yet calculated CVE-2019-0569
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0538
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka “Windows Hyper-V Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551. 2019-01-08 not yet calculated CVE-2019-0550
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0549
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka “Microsoft Windows Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0543
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka “Microsoft XmlDocument Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0555
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0554
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka “Windows Subsystem for Linux Information Disclosure Vulnerability.” This affects Windows 10 Servers, Windows 10, Windows Server 2019. 2019-01-08 not yet calculated CVE-2019-0553
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0573
BID
CONFIRM
microsoft — windows An elevation of privilege exists in Windows COM Desktop Broker, aka “Windows COM Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0552
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka “Windows Hyper-V Remote Code Execution Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550. 2019-01-08 not yet calculated CVE-2019-0551
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0572
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0576
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. 2019-01-08 not yet calculated CVE-2019-0574
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0577
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0581
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0582
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0578
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0579
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0580
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0583
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583. 2019-01-08 not yet calculated CVE-2019-0584
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0575
BID
CONFIRM
microsoft — windows
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0536
BID
CONFIRM
mizuho_bank — mizuho_direct_app_for_android The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2019-01-09 not yet calculated CVE-2018-16179
MISC
MISC
modulemd — modulemd
 
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. 2019-01-10 not yet calculated CVE-2017-1002157
CONFIRM
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. 2019-01-09 not yet calculated CVE-2018-16195
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16192
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16193
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16194
MISC
JVN
nelson — open_source_erp
 
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. 2019-01-10 not yet calculated CVE-2019-5893
MISC
EXPLOIT-DB
netapp — oncommand_unified_manager_for_7-mode OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. 2019-01-07 not yet calculated CVE-2018-5481
CONFIRM
nippon_telegraph_and_telephone_west_corporation — security_measures_tool Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16177
MISC
JVN
npm — cordova-plugin-ionic-webview Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16202
MISC
JVN
MISC
openssh — openssh
 
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. 2019-01-10 not yet calculated CVE-2018-20685
BID
MISC
MISC
panasonic — bn-sdwbp3_firmware Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0678
JVN
MISC
panasonic — bn-sdwbp3_firmware BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0677
JVN
MISC
panasonic — bn-sdwbp3_firmware
 
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0676
JVN
MISC
panasonic — multiple_pcs An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. 2019-01-09 not yet calculated CVE-2018-16183
JVN
MISC
pgpool — global_development_group_pgpooladmin PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16203
JVN
MISC
phpscriptsmall.com — advance_peer_to_peer_mlm_script The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. 2019-01-11 not yet calculated CVE-2019-6126
MISC
phpscriptsmall.com — citysearch_/_hotfrog_/_gelbeseiten_clone_script PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. 2019-01-12 not yet calculated CVE-2019-6248
MISC
pivotal — concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user’s browser history could obtain the access token and use it to authenticate as the user. 2019-01-11 not yet calculated CVE-2019-3803
CONFIRM
policykit — policykit
 
In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. 2019-01-11 not yet calculated CVE-2019-6133
MISC
MISC
MISC
MISC
qibosoft — qibosoft
 
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. 2019-01-08 not yet calculated CVE-2019-5725
MISC
rakuten_securities — market_speed Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16182
JVN
MISC
red_hat — satellite
 
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. 2019-01-12 not yet calculated CVE-2018-16887
CONFIRM
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16184
JVN
MISC
ricoh — interactive_whiteboard The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. 2019-01-09 not yet calculated CVE-2018-16187
JVN
MISC
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. 2019-01-09 not yet calculated CVE-2018-16186
JVN
MISC
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. 2019-01-09 not yet calculated CVE-2018-16185
JVN
MISC
ricoh — interactive_whiteboard
 
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16188
JVN
MISC
sap — business_objects_mobile_for_android SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. 2019-01-08 not yet calculated CVE-2019-0240
BID
MISC
MISC
sap — bw/4hana Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-01-08 not yet calculated CVE-2019-0243
BID
MISC
MISC
sap — cloud_connector SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. 2019-01-08 not yet calculated CVE-2019-0247
MISC
MISC
sap — cloud_connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. 2019-01-08 not yet calculated CVE-2019-0246
BID
MISC
MISC
sap — commerce
 
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0238
BID
MISC
MISC
sap — crm_webclient_ui SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0244
BID
MISC
MISC
sap — crm_webclient_ui SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0245
BID
MISC
MISC
sap — enterprise_financial_services SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-01-08 not yet calculated CVE-2018-2484
BID
MISC
MISC
sap — financial_consolidation_cube_designer A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. 2019-01-08 not yet calculated CVE-2018-2499
BID
MISC
MISC
sap — gateway_of_abap_application_server Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. 2019-01-08 not yet calculated CVE-2019-0248
BID
MISC
MISC
sap — landscape_management Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. 2019-01-08 not yet calculated CVE-2019-0249
BID
MISC
MISC
sap — work_and_inventory_manager SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2019-01-08 not yet calculated CVE-2019-0241
BID
MISC
MISC
seiko_epson — printers_and_scanners HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user’s web browser. 2019-01-09 not yet calculated CVE-2018-0689
JVN
MISC
seiko_epson — printers_and_scanners Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product. 2019-01-09 not yet calculated CVE-2018-0688
JVN
MISC
shopxo — shopxo An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using “../” directory traversal. 2019-01-10 not yet calculated CVE-2019-5887
MISC
shopxo — shopxo
 
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation. 2019-01-10 not yet calculated CVE-2019-5886
MISC
svgpp — svgpp An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap. 2019-01-12 not yet calculated CVE-2019-6247
MISC
svgpp — svgpp An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read. 2019-01-12 not yet calculated CVE-2019-6246
MISC
svgpp — svgpp
 
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 – x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 – x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption. 2019-01-12 not yet calculated CVE-2019-6245
MISC
systemd-journald — systemd-journald An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16866
BID
CONFIRM
UBUNTU
MISC
systemd-journald — systemd-journald An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16865
BID
CONFIRM
UBUNTU
MISC
systemd-journald — systemd-journald
 
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16864
BID
CONFIRM
UBUNTU
MISC

toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. 2019-01-09 not yet calculated CVE-2018-16197
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. 2019-01-09 not yet calculated CVE-2018-16198
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16199
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. 2019-01-09 not yet calculated CVE-2018-16200
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. 2019-01-09 not yet calculated CVE-2018-16201
MISC
JVN
traccar — traccar_server
 
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. 2019-01-09 not yet calculated CVE-2019-5748
MISC
MISC
usualtoolcms — usualtoolcms
 
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. 2019-01-11 not yet calculated CVE-2019-6244
MISC
weseek — growi Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal. 2019-01-09 not yet calculated CVE-2018-16205
JVN
MISC
weseek — growi
 
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0698
JVN
MISC
windows — dhcp_client A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka “Windows DHCP Client Remote Code Execution Vulnerability.” This affects Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0547
BID
CONFIRM
winscp — winscp
 
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. 2019-01-10 not yet calculated CVE-2018-20684
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. 2019-01-08 not yet calculated CVE-2019-5718
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. 2019-01-08 not yet calculated CVE-2019-5719
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. 2019-01-08 not yet calculated CVE-2019-5717
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. 2019-01-08 not yet calculated CVE-2019-5721
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. 2019-01-08 not yet calculated CVE-2019-5716
BID
MISC
MISC
MISC
wordpress — wordpress Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-12 not yet calculated CVE-2018-16206
JVN
MISC
wordpress — wordpress SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16175
JVN
MISC
wordpress — wordpress Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16174
JVN
MISC
wordpress — wordpress Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16173
JVN
MISC
wordpress — wordpress
 
The “Social Pug – Easy Social Share Buttons” plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. 2019-01-09 not yet calculated CVE-2016-10736
MISC
wordpress — wordpress
 
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16164
JVN
MISC
MISC
MISC
wordpress — wordpress
 
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16204
JVN
MISC
xiaocms — xiaocms
 
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via “INTO OUTFILE” with a .php filename. 2019-01-11 not yet calculated CVE-2019-6127
MISC
xterm.js — xterm.js
 
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka “Xterm Remote Code Execution Vulnerability.” This affects xterm.js. 2019-01-09 not yet calculated CVE-2019-0542
BID
MISC
yamaha — multiple_routers
 
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user’s web browser. This is a different vulnerability from CVE-2018-0666. 2019-01-09 not yet calculated CVE-2018-0665
MISC
MISC
JVN
MISC
yamaha — multiple_routers
 
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user’s web browser. This is a different vulnerability from CVE-2018-0665. 2019-01-09 not yet calculated CVE-2018-0666
MISC
MISC
JVN
MISC
yokogawa — multiple_products
 
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0651
BID
MISC
MISC
yokogawa — multiple_products
 
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 – R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 – R3.09.50), CENTUM VP(R4.01.00 – R6.03.10), CENTUM VP Entry Class(R4.01.00 – R6.03.10), Exaopc(R3.10.00 – R3.75.00), PRM(R2.06.00 – R3.31.00), ProSafe-RS(R1.02.00 – R4.02.00), FAST/TOOLS(R9.02.00 – R10.02.00), B/M9000 VP(R6.03.01 – R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver’s communication via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16196
BID
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB19-014: Vulnerability Summary for the Week of January 7, 2019

Original release date: January 14, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. 2019-01-08 7.6 CVE-2019-0565
BID
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arc_project — arc ARC 5.21q allows directory traversal via a full pathname in an archive file. 2019-01-07 5.0 CVE-2015-9275
MISC
MISC
getbootstrap — bootstrap In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. 2019-01-09 4.3 CVE-2016-10735
MISC
MISC
MISC
MISC
MISC
MISC
ibm — api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. 2019-01-04 6.5 CVE-2018-1859
BID
XF
CONFIRM
microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka “ASP.NET Core Denial of Service Vulnerability.” This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. 2019-01-08 5.0 CVE-2019-0564
BID
REDHAT
CONFIRM
microsoft — office An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka “Microsoft Outlook Information Disclosure Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. 2019-01-08 4.3 CVE-2019-0559
BID
CONFIRM
microsoft — office An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka “Microsoft Office Information Disclosure Vulnerability.” This affects Office 365 ProPlus, Microsoft Office. 2019-01-08 4.3 CVE-2019-0560
BID
CONFIRM
yunucms — yunucms YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. 2019-01-04 4.3 CVE-2019-5310
MISC
yunucms — yunucms An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. 2019-01-04 4.3 CVE-2019-5311
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
frog_cms_project — frog_cms Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. 2019-01-09 3.5 CVE-2018-20680
MISC
ibm — rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. 2019-01-04 3.5 CVE-2018-1657
BID
XF
CONFIRM
ibm — rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. 2019-01-04 3.5 CVE-2018-1951
BID
XF
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — karaf
 
Apache Karaf provides a features deployer, which allows users to “hot deploy” a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn’t contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. 2019-01-07 not yet calculated CVE-2018-11788
MISC
BID
apache — thrift Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. 2019-01-07 not yet calculated CVE-2018-1320
MISC
apache — thrift The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. 2019-01-07 not yet calculated CVE-2018-11798
BID
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4043
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4047
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4032
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4033
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4034
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4045
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. 2019-01-10 not yet calculated CVE-2018-4036
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4037
MISC
apple — cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4035
MISC
apple — cleanmymac_x An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4046
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4041
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4042
MISC
apple — cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4044
MISC
apple — ios In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. 2019-01-11 not yet calculated CVE-2017-2411
CONFIRM
apple — ios In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4404
MISC
CONFIRM
EXPLOIT-DB
apple — ios In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. 2019-01-11 not yet calculated CVE-2017-13891
CONFIRM
apple — ios In iOS before 11.2, a type confusion issue was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2017-13888
CONFIRM
apple — ios In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4330
BID
SECTRACK
CONFIRM
apple — ios In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. 2019-01-11 not yet calculated CVE-2016-7576
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4257
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4255
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4254
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. 2019-01-11 not yet calculated CVE-2018-4217
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. 2019-01-11 not yet calculated CVE-2018-4183
CONFIRM
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. 2019-01-11 not yet calculated CVE-2018-4182
CONFIRM
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4181
MLIST
CONFIRM
UBUNTU
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4180
MLIST
CONFIRM
UBUNTU
DEBIAN
apple — macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. 2019-01-11 not yet calculated CVE-2018-4258
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4256
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. 2019-01-11 not yet calculated CVE-2018-4179
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. 2019-01-11 not yet calculated CVE-2017-13886
CONFIRM
apple — macos_high_sierra In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. 2019-01-11 not yet calculated CVE-2017-13887
CONFIRM
apple — multiple_products In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4194
MISC
CONFIRM
MISC
MISC
MISC
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. 2019-01-11 not yet calculated CVE-2017-13889
CONFIRM
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4169
CONFIRM
apple — multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. 2019-01-11 not yet calculated CVE-2018-4278
SECTRACK
GENTOO
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4277
SECTRACK
MISC
MISC
MISC
CONFIRM
MISC
apple — multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4262
SECTRACK
GENTOO
MISC
CONFIRM
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4213
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
UBUNTU
apple — multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. 2019-01-11 not yet calculated CVE-2018-4298
CONFIRM
MISC
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4212
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4210
GENTOO
MISC
MISC
MISC
CONFIRM
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4209
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4208
GENTOO
MISC
MISC
MISC
CONFIRM
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4207
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple — multiple_products In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4189
CONFIRM
MISC
MISC
MISC
apple — multiple_products In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4147
CONFIRM
MISC
MISC
MISC
MISC
apple — multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. 2019-01-11 not yet calculated CVE-2016-4644
MISC
MISC
CONFIRM
apple — multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. 2019-01-11 not yet calculated CVE-2016-4643
MISC
MISC
CONFIRM
apple — multiple_products In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. 2019-01-11 not yet calculated CVE-2018-4185
MISC
MISC
CONFIRM
MISC
apple — multiple_products
 
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. 2019-01-11 not yet calculated CVE-2016-4642
MISC
MISC
CONFIRM
apple — safari In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. 2019-01-11 not yet calculated CVE-2018-4186
CONFIRM
apple — swiftnio In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4281
CONFIRM
artifex — mupdf Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. 2019-01-11 not yet calculated CVE-2019-6130
MISC
artifex — mupdf svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. 2019-01-11 not yet calculated CVE-2019-6131
MISC
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. 2019-01-09 not yet calculated CVE-2018-0634
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. 2019-01-09 not yet calculated CVE-2018-0635
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. 2019-01-09 not yet calculated CVE-2018-0636
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0638
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0639
MISC
JVN
aterm — hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0640
MISC
JVN
aterm — hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0641
MISC
JVN
aterm — hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0637
MISC
JVN
aterm — w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. 2019-01-09 not yet calculated CVE-2018-0633
MISC
JVN
aterm — w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0632
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0631
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0629
MISC
JVN
aterm — w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0630
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0628
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0627
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. 2019-01-09 not yet calculated CVE-2018-0626
MISC
JVN
aterm — wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0625
MISC
JVN
bento4 — bento4
 
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac. 2019-01-11 not yet calculated CVE-2019-6132
MISC
bodhi — bodhi
 
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. 2019-01-10 not yet calculated CVE-2017-1002152
CONFIRM
bootstrap — bootstrap In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. 2019-01-09 not yet calculated CVE-2018-20677
MISC
MISC
MISC
MISC
MISC
bootstrap — bootstrap
 
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. 2019-01-09 not yet calculated CVE-2018-20676
MISC
MISC
MISC
MISC
MISC
busybox — busybox
 
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. 2019-01-09 not yet calculated CVE-2019-5747
MISC
MISC
busybox — busybox
 
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. 2019-01-09 not yet calculated CVE-2018-20679
MISC
MISC
MISC
cimtechniques — cimscan In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. 2019-01-10 not yet calculated CVE-2018-16803
MISC
MISC
cisco — 900_series_aggregation_services_router A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. 2019-01-11 not yet calculated CVE-2018-15464
CISCO
cisco — cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA. 2019-01-10 not yet calculated CVE-2018-15453
BID
CISCO
cisco — cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. 2019-01-10 not yet calculated CVE-2018-15460
BID
CISCO
cisco — firepower_management_center A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. 2019-01-10 not yet calculated CVE-2018-15458
BID
CISCO
cisco — identity_services_engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-15456
BID
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. 2019-01-09 not yet calculated CVE-2018-0282
BID
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device. 2019-01-10 not yet calculated CVE-2018-0484
CISCO
cisco — ip_phone_8800_series_software A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. 2019-01-10 not yet calculated CVE-2018-0461
BID
CISCO
cisco — jabber_client_framework A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. 2019-01-10 not yet calculated CVE-2018-0449
BID
CISCO
cisco — jabber_client_framework A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information. 2019-01-10 not yet calculated CVE-2018-0483
BID
CISCO
cisco — policy_suite_for_mobile_and_policy_suite_diameter_routing_agent_software A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. 2019-01-09 not yet calculated CVE-2018-0181
CISCO
cisco — policy_suite
 
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. 2019-01-11 not yet calculated CVE-2018-15466
BID
CISCO
cisco — prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-10 not yet calculated CVE-2018-15457
BID
CISCO
cisco — prime_network_control_system A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. 2019-01-10 not yet calculated CVE-2018-0482
BID
CISCO
cisco — telepresence_management_suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-01-11 not yet calculated CVE-2018-15467
BID
CISCO
cisco — unified_communications_manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-0474
CISCO
cisco — webex_business_suite A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. 2019-01-10 not yet calculated CVE-2018-15461
BID
CISCO
cybozu — dezie Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0705
JVN
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. 2019-01-09 not yet calculated CVE-2018-16178
JVN
MISC
cybozu — mailwise Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0702
JVN
MISC
cybozu — office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0703
JVN
MISC
cybozu — office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. 2019-01-09 not yet calculated CVE-2018-0704
JVN
MISC
cybozu — remote_service Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16169
JVN
MISC
cybozu — remote_service Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. 2019-01-09 not yet calculated CVE-2018-16172
JVN
MISC
cybozu — remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16171
JVN
MISC
cybozu — remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16170
JVN
MISC
d-link — multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. 2019-01-08 not yet calculated CVE-2018-20675
MISC
d-link — multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. 2019-01-08 not yet calculated CVE-2018-20674
MISC
digital_arts — i-filter HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16181
MISC
JVN
digital_arts — i-filter Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16180
MISC
JVN
django — django
 
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. 2019-01-09 not yet calculated CVE-2019-3498
BID
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
docker_engine — docker_engine
 
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a –cpuset-mems or –cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. 2019-01-11 not yet calculated CVE-2018-20699
MISC
MISC
dokan — dokan
 
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. 2019-01-07 not yet calculated CVE-2018-5410
BID
MISC
CONFIRM
CERT-VN
elfinder — elfinder
 
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP’s curl extension is enabled and safe_mode or open_basedir is not set. 2019-01-10 not yet calculated CVE-2019-5884
MISC
MISC
fork — fork_cms
 
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka “Admin ids” input in the Facebook section). 2019-01-09 not yet calculated CVE-2018-20682
MISC
frog_cms — frog_cms Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). 2019-01-11 not yet calculated CVE-2019-6243
MISC
frontaccounting — frontaccounting
 
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. 2019-01-08 not yet calculated CVE-2019-5720
MISC
frrouting — frrouting
 
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed. 2019-01-10 not yet calculated CVE-2019-5892
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
gitolite — gitolite
 
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a “bad” impact by triggering use of an option other than -v, -n, -q, or -P. 2019-01-09 not yet calculated CVE-2018-20683
MISC
MISC
MISC
MISC
gnu — binutils load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. 2019-01-04 not yet calculated CVE-2018-20671
BID
MISC
MISC
gnu — binutils The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for “Create an array for saving the template argument values”) that can trigger a heap-based buffer overflow, as demonstrated by nm. 2019-01-04 not yet calculated CVE-2018-20673
BID
MISC
google — chrome The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16084
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20069
CONFIRM
MISC
google — chrome Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20068
CONFIRM
MISC
google — chrome A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20067
CONFIRM
MISC
google — chrome Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20066
CONFIRM
MISC
google — chrome Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-20065
CONFIRM
MISC
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6166
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6163
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6165
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6164
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6162
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17470
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-17461
CONFIRM
MISC
google — chrome Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17459
REDHAT
CONFIRM
MISC
google — chrome An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17458
REDHAT
CONFIRM
MISC
google — chrome An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17457
CONFIRM
MISC
google — chrome JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6160
BID
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-20070
CONFIRM
MISC
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6167
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20071
CONFIRM
MISC
google — chrome Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15428
CONFIRM
MISC
google — chrome A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2016-9651
REDHAT
BID
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15401
CONFIRM
MISC
google — chrome Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15402
CONFIRM
MISC
google — chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15403
CONFIRM
MISC
google — chrome An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15404
CONFIRM
MISC
google — chrome Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15405
CONFIRM
MISC
google — chrome Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6179
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6153
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6178
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6175
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6174
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6173
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6172
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6170
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6169
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6158
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6151
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16085
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16080
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16078
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6097
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16079
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6100
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6106
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6109
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. 2019-01-09 not yet calculated CVE-2018-6110
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6111
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-16081
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6096
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16082
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16083
BID
REDHAT
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6112
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6113
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6114
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6117
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6120
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16088
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16087
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-16076
BID
REDHAT
CONFIRM
MISC
GENTOO
google — chrome Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6093
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. 2019-01-09 not yet calculated CVE-2018-6147
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6127
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-6144
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6143
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6141
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6140
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. 2019-01-09 not yet calculated CVE-2018-6139
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6137
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6135
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6133
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6126
BID
BID
SECTRACK
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
DEBIAN
EXPLOIT-DB
google — chrome Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6091
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6124
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6123
BID
SECTRACK
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16065
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16066
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16068
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2019-01-09 not yet calculated CVE-2018-16071
BID
REDHAT
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google — chrome A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16072
BID
CONFIRM
MISC
GENTOO
google — chrome Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6056
BID
REDHAT
CONFIRM
MISC
DEBIAN
google — chrome Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. 2019-01-09 not yet calculated CVE-2018-6084
BID
BID
CONFIRM
MISC
EXPLOIT-DB
google — chrome A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16067
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google — chrome
 
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2016-10403
CONFIRM
MISC
ibm — api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175. 2019-01-08 not yet calculated CVE-2018-1932
CONFIRM
BID
XF
ibm — i_access_for_windows An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079. 2019-01-04 not yet calculated CVE-2018-1888
BID
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785. 2019-01-08 not yet calculated CVE-2018-1918
CONFIRM
BID
XF
ibm — spectrum_scale IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. 2019-01-08 not yet calculated CVE-2018-1993
BID
XF
CONFIRM
imperva — securesphere Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. 2019-01-10 not yet calculated CVE-2018-5412
EXPLOIT-DB
imperva — securesphere Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. 2019-01-10 not yet calculated CVE-2018-5413
EXPLOIT-DB
imperva — securesphere_gateway Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. 2019-01-10 not yet calculated CVE-2018-5403
EXPLOIT-DB
intel — nuc_firmware
 
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. 2019-01-10 not yet calculated CVE-2017-3718
CONFIRM
intel — optane_ssd_dc_p4800x Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. 2019-01-10 not yet calculated CVE-2018-12167
CONFIRM
intel — optane_ssd_dc_p4800x Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. 2019-01-10 not yet calculated CVE-2018-12166
CONFIRM
intel — proset/wireless_wifi_software Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-12177
CONFIRM
intel — sgx_sdk_and_platform_software_for_window Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-18098
CONFIRM
intel — ssd_data_center_tool_for_windows Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2018-3703
CONFIRM
intel — system_support_utility_for_windows Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2019-01-10 not yet calculated CVE-2019-0088
CONFIRM
irssi — irssi
 
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. 2019-01-09 not yet calculated CVE-2019-5882
MISC
MISC
MISC
japan_atomic_energy_agency — mapping_tool Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16176
MISC
JVN
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000412
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. 2019-01-09 not yet calculated CVE-2018-1000422
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins. 2019-01-09 not yet calculated CVE-2018-1000407
CONFIRM
jenkins — jenkins A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory. 2019-01-09 not yet calculated CVE-2018-1000408
CONFIRM
jenkins — jenkins A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. 2019-01-09 not yet calculated CVE-2018-1000409
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. 2019-01-09 not yet calculated CVE-2018-1000426
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. 2019-01-09 not yet calculated CVE-2018-1000425
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. 2019-01-09 not yet calculated CVE-2018-1000423
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000421
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. 2019-01-09 not yet calculated CVE-2018-1000411
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000420
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000419
CONFIRM
jenkins — jenkins An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000418
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. 2019-01-09 not yet calculated CVE-2018-1000417
CONFIRM
jenkins — jenkins A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. 2019-01-09 not yet calculated CVE-2018-1000416
CONFIRM
jenkins — jenkins An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. 2019-01-09 not yet calculated CVE-2018-1000410
CONFIRM
jenkins — jenkins A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. 2019-01-09 not yet calculated CVE-2018-1000414
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. 2019-01-09 not yet calculated CVE-2018-1000413
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. 2019-01-09 not yet calculated CVE-2018-1000415
CONFIRM
jenkins — jenkins An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. 2019-01-09 not yet calculated CVE-2018-1000424
CONFIRM
jenkins — jenkins
 
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. 2019-01-09 not yet calculated CVE-2018-1000406
CONFIRM
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16168
MISC
MISC
jpcert_coordination_center — logontracer Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16165
MISC
MISC
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16166
MISC
MISC
jpcert_coordination_center — logontracer LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16167
MISC
MISC
lib60870 — lib60870
 
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference. 2019-01-11 not yet calculated CVE-2019-6137
MISC
libiec61850 — libiec61850 An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. 2019-01-11 not yet calculated CVE-2019-6136
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c. 2019-01-11 not yet calculated CVE-2019-6138
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. 2019-01-11 not yet calculated CVE-2019-6135
MISC
MISC
libpng — libpng
 
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. 2019-01-11 not yet calculated CVE-2019-6129
MISC
libtiff — libtiff
 
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. 2019-01-11 not yet calculated CVE-2019-6128
MISC

linux — linux_kernel
 

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. 2019-01-07 not yet calculated CVE-2019-5489
MISC
BID
MISC
MISC
MISC
MISC

linux — linux_kernel
 

EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database. 2019-01-07 not yet calculated CVE-2019-5488
MISC
lockon — ec-cube Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16191
JVN
MISC
mate_desktop_environment — mate-screensaver mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse. 2019-01-09 not yet calculated CVE-2018-20681
MISC
MISC
MISC
MISC
mcafee — web_gateway
 
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. 2019-01-09 not yet calculated CVE-2019-3581
CONFIRM
micronet — inplc INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670. 2019-01-09 not yet calculated CVE-2018-0669
MISC
JVN
micronet — inplc Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS) condition that may result in executing arbtrary code via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0668
MISC
JVN
micronet — inplc Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0671
MISC
JVN
micronet — inplc INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669. 2019-01-09 not yet calculated CVE-2018-0670
MISC
JVN
micronet — inplc
 
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-0667
MISC
JVN
microsoft — .net_framework An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka “.NET Framework Information Disclosure Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. 2019-01-08 not yet calculated CVE-2019-0545
BID
REDHAT
CONFIRM
microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka “ASP.NET Core Denial of Service Vulnerability.” This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. 2019-01-08 not yet calculated CVE-2019-0548
BID
REDHAT
CONFIRM
microsoft — edge An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka “Microsoft Edge Elevation of Privilege Vulnerability.” This affects Microsoft Edge. 2019-01-08 not yet calculated CVE-2019-0566
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567. 2019-01-08 not yet calculated CVE-2019-0568
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. 2019-01-08 not yet calculated CVE-2019-0539
BID
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568. 2019-01-08 not yet calculated CVE-2019-0567
BID
CONFIRM
microsoft — exchange_server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. 2019-01-08 not yet calculated CVE-2019-0586
BID
CONFIRM
microsoft — exchange_server
 
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka “Microsoft Exchange Information Disclosure Vulnerability.” This affects Microsoft Exchange Server. 2019-01-08 not yet calculated CVE-2019-0588
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka “Microsoft Word Information Disclosure Vulnerability.” This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. 2019-01-08 not yet calculated CVE-2019-0561
BID
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka “MSHTML Engine Remote Code Execution Vulnerability.” This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. 2019-01-08 not yet calculated CVE-2019-0541
BID
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka “Microsoft Word Remote Code Execution Vulnerability.” This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. 2019-01-08 not yet calculated CVE-2019-0585
BID
CONFIRM
microsoft — multiple_products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. 2019-01-08 not yet calculated CVE-2019-0558
BID
CONFIRM
microsoft — sharepoint A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558. 2019-01-08 not yet calculated CVE-2019-0556
BID
CONFIRM
microsoft — sharepoint An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint Server, Microsoft SharePoint. 2019-01-08 not yet calculated CVE-2019-0562
BID
CONFIRM
microsoft — sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft Office SharePoint XSS Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558. 2019-01-08 not yet calculated CVE-2019-0557
BID
CONFIRM
microsoft — skype_for_android An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka “Skype for Android Elevation of Privilege Vulnerability.” This affects Skype 8.35. 2019-01-08 not yet calculated CVE-2019-0622
BID
CONFIRM
microsoft — visual_studio A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka “Visual Studio Remote Code Execution Vulnerability.” This affects Microsoft Visual Studio. 2019-01-08 not yet calculated CVE-2019-0546
BID
CONFIRM
microsoft — visual_studio An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka “Microsoft Visual Studio Information Disclosure Vulnerability.” This affects Microsoft Visual Studio. 2019-01-08 not yet calculated CVE-2019-0537
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0571
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka “Windows Runtime Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0570
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. 2019-01-08 not yet calculated CVE-2019-0569
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0538
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka “Windows Hyper-V Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551. 2019-01-08 not yet calculated CVE-2019-0550
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0549
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka “Microsoft Windows Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0543
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka “Microsoft XmlDocument Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0555
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0554
BID
CONFIRM
microsoft — windows An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka “Windows Subsystem for Linux Information Disclosure Vulnerability.” This affects Windows 10 Servers, Windows 10, Windows Server 2019. 2019-01-08 not yet calculated CVE-2019-0553
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0573
BID
CONFIRM
microsoft — windows An elevation of privilege exists in Windows COM Desktop Broker, aka “Windows COM Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0552
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka “Windows Hyper-V Remote Code Execution Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550. 2019-01-08 not yet calculated CVE-2019-0551
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. 2019-01-08 not yet calculated CVE-2019-0572
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0576
BID
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka “Windows Data Sharing Service Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. 2019-01-08 not yet calculated CVE-2019-0574
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0577
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0581
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0582
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0578
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0579
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0580
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0583
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583. 2019-01-08 not yet calculated CVE-2019-0584
BID
CONFIRM
microsoft — windows A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka “Jet Database Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. 2019-01-08 not yet calculated CVE-2019-0575
BID
CONFIRM
microsoft — windows
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. 2019-01-08 not yet calculated CVE-2019-0536
BID
CONFIRM
mizuho_bank — mizuho_direct_app_for_android The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2019-01-09 not yet calculated CVE-2018-16179
MISC
MISC
modulemd — modulemd
 
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. 2019-01-10 not yet calculated CVE-2017-1002157
CONFIRM
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. 2019-01-09 not yet calculated CVE-2018-16195
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16192
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16193
MISC
JVN
nec — aterm_wf1200cr_and_aterm_wg1200cr Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16194
MISC
JVN
nelson — open_source_erp
 
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. 2019-01-10 not yet calculated CVE-2019-5893
MISC
EXPLOIT-DB
netapp — oncommand_unified_manager_for_7-mode OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. 2019-01-07 not yet calculated CVE-2018-5481
CONFIRM
nippon_telegraph_and_telephone_west_corporation — security_measures_tool Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16177
MISC
JVN
npm — cordova-plugin-ionic-webview Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16202
MISC
JVN
MISC
openssh — openssh
 
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. 2019-01-10 not yet calculated CVE-2018-20685
BID
MISC
MISC
panasonic — bn-sdwbp3_firmware Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0678
JVN
MISC
panasonic — bn-sdwbp3_firmware BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0677
JVN
MISC
panasonic — bn-sdwbp3_firmware
 
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0676
JVN
MISC
panasonic — multiple_pcs An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. 2019-01-09 not yet calculated CVE-2018-16183
JVN
MISC
pgpool — global_development_group_pgpooladmin PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16203
JVN
MISC
phpscriptsmall.com — advance_peer_to_peer_mlm_script The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. 2019-01-11 not yet calculated CVE-2019-6126
MISC
phpscriptsmall.com — citysearch_/_hotfrog_/_gelbeseiten_clone_script PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. 2019-01-12 not yet calculated CVE-2019-6248
MISC
pivotal — concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user’s browser history could obtain the access token and use it to authenticate as the user. 2019-01-11 not yet calculated CVE-2019-3803
CONFIRM
policykit — policykit
 
In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. 2019-01-11 not yet calculated CVE-2019-6133
MISC
MISC
MISC
MISC
qibosoft — qibosoft
 
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. 2019-01-08 not yet calculated CVE-2019-5725
MISC
rakuten_securities — market_speed Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-01-09 not yet calculated CVE-2018-16182
JVN
MISC
red_hat — satellite
 
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. 2019-01-12 not yet calculated CVE-2018-16887
CONFIRM
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16184
JVN
MISC
ricoh — interactive_whiteboard The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. 2019-01-09 not yet calculated CVE-2018-16187
JVN
MISC
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. 2019-01-09 not yet calculated CVE-2018-16186
JVN
MISC
ricoh — interactive_whiteboard RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. 2019-01-09 not yet calculated CVE-2018-16185
JVN
MISC
ricoh — interactive_whiteboard
 
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16188
JVN
MISC
sap — business_objects_mobile_for_android SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. 2019-01-08 not yet calculated CVE-2019-0240
BID
MISC
MISC
sap — bw/4hana Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-01-08 not yet calculated CVE-2019-0243
BID
MISC
MISC
sap — cloud_connector SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. 2019-01-08 not yet calculated CVE-2019-0247
MISC
MISC
sap — cloud_connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. 2019-01-08 not yet calculated CVE-2019-0246
BID
MISC
MISC
sap — commerce
 
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0238
BID
MISC
MISC
sap — crm_webclient_ui SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0244
BID
MISC
MISC
sap — crm_webclient_ui SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-01-08 not yet calculated CVE-2019-0245
BID
MISC
MISC
sap — enterprise_financial_services SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-01-08 not yet calculated CVE-2018-2484
BID
MISC
MISC
sap — financial_consolidation_cube_designer A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. 2019-01-08 not yet calculated CVE-2018-2499
BID
MISC
MISC
sap — gateway_of_abap_application_server Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. 2019-01-08 not yet calculated CVE-2019-0248
BID
MISC
MISC
sap — landscape_management Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. 2019-01-08 not yet calculated CVE-2019-0249
BID
MISC
MISC
sap — work_and_inventory_manager SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2019-01-08 not yet calculated CVE-2019-0241
BID
MISC
MISC
seiko_epson — printers_and_scanners HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user’s web browser. 2019-01-09 not yet calculated CVE-2018-0689
JVN
MISC
seiko_epson — printers_and_scanners Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product. 2019-01-09 not yet calculated CVE-2018-0688
JVN
MISC
shopxo — shopxo An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using “../” directory traversal. 2019-01-10 not yet calculated CVE-2019-5887
MISC
shopxo — shopxo
 
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation. 2019-01-10 not yet calculated CVE-2019-5886
MISC
svgpp — svgpp An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap. 2019-01-12 not yet calculated CVE-2019-6247
MISC
svgpp — svgpp An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read. 2019-01-12 not yet calculated CVE-2019-6246
MISC
svgpp — svgpp
 
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 – x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 – x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption. 2019-01-12 not yet calculated CVE-2019-6245
MISC
systemd-journald — systemd-journald An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16866
BID
CONFIRM
UBUNTU
MISC
systemd-journald — systemd-journald An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16865
BID
CONFIRM
UBUNTU
MISC
systemd-journald — systemd-journald
 
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. 2019-01-11 not yet calculated CVE-2018-16864
BID
CONFIRM
UBUNTU
MISC

toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. 2019-01-09 not yet calculated CVE-2018-16197
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. 2019-01-09 not yet calculated CVE-2018-16198
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16199
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. 2019-01-09 not yet calculated CVE-2018-16200
MISC
JVN
toshiba — toshiba_home_gateway_hem-gw16a_and_
hem-gw26a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. 2019-01-09 not yet calculated CVE-2018-16201
MISC
JVN
traccar — traccar_server
 
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. 2019-01-09 not yet calculated CVE-2019-5748
MISC
MISC
usualtoolcms — usualtoolcms
 
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. 2019-01-11 not yet calculated CVE-2019-6244
MISC
weseek — growi Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal. 2019-01-09 not yet calculated CVE-2018-16205
JVN
MISC
weseek — growi
 
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0698
JVN
MISC
windows — dhcp_client A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka “Windows DHCP Client Remote Code Execution Vulnerability.” This affects Windows 10, Windows 10 Servers. 2019-01-08 not yet calculated CVE-2019-0547
BID
CONFIRM
winscp — winscp
 
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. 2019-01-10 not yet calculated CVE-2018-20684
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. 2019-01-08 not yet calculated CVE-2019-5718
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. 2019-01-08 not yet calculated CVE-2019-5719
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. 2019-01-08 not yet calculated CVE-2019-5717
BID
MISC
MISC
MISC
wireshark — wireshark In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. 2019-01-08 not yet calculated CVE-2019-5721
MISC
MISC
MISC
wireshark — wireshark
 
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. 2019-01-08 not yet calculated CVE-2019-5716
BID
MISC
MISC
MISC
wordpress — wordpress Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-12 not yet calculated CVE-2018-16206
JVN
MISC
wordpress — wordpress SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16175
JVN
MISC
wordpress — wordpress Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16174
JVN
MISC
wordpress — wordpress Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16173
JVN
MISC
wordpress — wordpress
 
The “Social Pug – Easy Social Share Buttons” plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. 2019-01-09 not yet calculated CVE-2016-10736
MISC
wordpress — wordpress
 
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16164
JVN
MISC
MISC
MISC
wordpress — wordpress
 
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16204
JVN
MISC
xiaocms — xiaocms
 
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via “INTO OUTFILE” with a .php filename. 2019-01-11 not yet calculated CVE-2019-6127
MISC
xterm.js — xterm.js
 
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka “Xterm Remote Code Execution Vulnerability.” This affects xterm.js. 2019-01-09 not yet calculated CVE-2019-0542
BID
MISC
yamaha — multiple_routers
 
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user’s web browser. This is a different vulnerability from CVE-2018-0666. 2019-01-09 not yet calculated CVE-2018-0665
MISC
MISC
JVN
MISC
yamaha — multiple_routers
 
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user’s web browser. This is a different vulnerability from CVE-2018-0665. 2019-01-09 not yet calculated CVE-2018-0666
MISC
MISC
JVN
MISC
yokogawa — multiple_products
 
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0651
BID
MISC
MISC
yokogawa — multiple_products
 
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 – R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 – R3.09.50), CENTUM VP(R4.01.00 – R6.03.10), CENTUM VP Entry Class(R4.01.00 – R6.03.10), Exaopc(R3.10.00 – R3.75.00), PRM(R2.06.00 – R3.31.00), ProSafe-RS(R1.02.00 – R4.02.00), FAST/TOOLS(R9.02.00 – R10.02.00), B/M9000 VP(R6.03.01 – R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver’s communication via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16196
BID
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Cabinet Decisions taken on 11 JANUARY 2019

CABINET DECISIONS    11 JANUARY 2019
 
 
1.         Cabinet has agreed to the modalities for the implementation of a Scheme to provide free higher education in public Tertiary Education Institutions (TEIs) as from year 2019.The objectives of the Scheme are to –
 
(a)       better prepare young people for the challenges of the future;
 
(b)       further democratise access to tertiary education;
 
(c)        set a solid base for the development of a knowledge economy;
 
(d)       address the problem of skills mismatch in the labour market, especially as Mauritius pursues its ambition to become a digital economy as well as a Fintech Hub for Africa;
 
(e)       create capacity to foster the development of Artificial Intelligence technologies; and
 
(f)        catch up with countries like Singapore in terms of enrolment at tertiary level in order to lift up our national productivity.
 
The Scheme would cover the following public TEIs, namely –
 
(a)       University of Mauritius;
(b)       University of Technology, Mauritius;
(c)        Université des Mascareignes;
(d)       Open University of Mauritius;
(e)       Mahatma Gandhi Institute and Rabindranath Tagore Institute;
(f)        Mauritius Institute of Education;
(g)       Fashion and Design Institute;
(h)       Mauritius Institute of Training and Development; and
(i)         Polytechnics Mauritius Ltd.
 
The Scheme would apply for courses, whether part-time or full time, leading to the obtention of a first certificate, diploma or an undergraduate degree only. Beneficiaries would be newly-enrolled students as well as existing cohorts following programmes up to the undergraduate level.
 
***


 
2.         Cabinet has agreed to the setting up of a New Scholarship Scheme for postgraduate studies in Digital Technologies, including Artificial Intelligence and Blockchain, as announced in Budget Speech 2018/2019.  A new Postgraduate Scholarship Scheme would be set up at the level of the Ministry of Education and Human Resources, Tertiary Education and Scientific Research in February 2019.  The Scheme would provide for 15 Master’s level scholarship slots that would be of one-year duration if tenable overseas or of two years’ duration if studies are undertaken in a local higher education institution.  It would also make provision for five PhD level scholarship slots of up to four years’ duration.  A two-year full time Scholarship Scheme to support Mauritian students for a Master’s Level Degree course in Artificial Intelligence and Robotics would also be set up at the Université des Mascareignes.  Enrolment is planned for August 2019, with an annual cohort capacity of 25 students. 
 
 
***
 
 
3.         Cabinet has agreed to the appointment of a High Level Committee of Experts under the chairmanship of Lord Phillips to review the Law Practitioners Act and other relevant enactments concerning the legal profession in Mauritius such as the Mauritius Bar Association Act, the Mauritius Law Society Act, the Notaries Act and any enactments related thereto. The objects of the Committee would be to propose amendments to the enactments pertaining, inter alia, to –
 
(a)       the running of courses and examinations, including recognition of foreign qualifications, for admission to practice law in Mauritius; and
 
(b)       the legal framework pertaining to –
 
(i)         the institution and conduct of disciplinary proceedings against law practitioners; and
 
                        (ii)        the efficient and effective functioning of the Mauritius Bar Association, the Mauritius Law Society and the Chamber of Notaries.
 
 
***
 
 
4.         Cabinet has taken note that the Prime Minister would make the Gambling Regulatory Authority (Personal Management Licence) (Amendment) Regulations 2019 under the Gambling Regulatory Authority Act to define the term “officer” insofar as it relates to the issuance of Personal Management Licence for people involved in horseracing activities. 
 
 
***


 
5.         Cabinet has agreed to the Minister of Ocean Economy, Marine Resources, Fisheries and Shipping promulgating the Merchant Shipping (Prevention of Pollution by Oil and Noxious Liquid Substances in Bulk) Regulations under the Merchant Shipping Act 2007.  The Regulations would, inter alia, –
 
(a)       ensure that every ship is surveyed and issued with an International Oil Pollution Prevention Certificate and prohibit the discharge of oil or oily mixture into the sea;
 
(b)       ensure that every Mauritius tanker of 150 gross tonnage and above and every Mauritius ship other than 400 gross tonnage and above, would have to carry on board a shipboard oil pollution emergency plan and an oil record book;
 
(c)        categorize and regulate the carriage of noxious liquid substances in bulk and ensure that every Mauritius ship of 150 gross tonnage and above, approved to carry noxious liquid substances in bulk, has a shipboard marine pollution emergency plan for noxious liquid substances; and
 
(d)       provide for the conduct of initial, periodical and annual surveys followed by the issue of an International Pollution Prevention Certificate for the carriage of Noxious Liquid Substances in Bulk.
 
The Regulations would be effective on 01 February 2019.
 
***
 
6.         Cabinet has taken note of the setting up of the Mauritius Research Repository by the Mauritius Research Council.  The aim of the Mauritius Research Repository, which would be an online open access collection of research projects, reports, presentations, publications, scholarly contents, media and other research works related to the Republic of Mauritius or produced by an author of Mauritian origin, would be to create awareness, disseminate and increase visibility of research works to a wider audience, including the general public.  Individual researchers, innovators, local and overseas companies would be able to search for researchers or institutions/companies, based on their expertise and previous research work.  The repository would be made accessible to the public in due course.
 
***
 
7.         Cabinet has taken note that the Ministry of Technology, Communication and Innovation would, in collaboration with the World Bank, carry out a Cybersecurity Capacity Assessment in Mauritius, based on the Cybersecurity Capacity Maturity Model for Nations developed by Oxford University. The Cybersecurity Capacity Maturity Model review process would be carried out by the World Bank based on consultations with different stakeholders including Ministries and Departments, law enforcement agencies, international organisations, academia and private sector. The aim of the exercise is to gain an understanding of the country’s cybersecurity capacity in order to strategically prioritise further developments in the area of cybersecurity and cybercrime.
 
***
 


 
8.         Cabinet has taken note of the results of “The African Report on Child Wellbeing 2018: Progress in the child-friendliness of African governments” where Mauritius ranked first in the 2018 edition.
 
***
 
9.         Cabinet has taken note that Government will pay tribute to the memory of Kaya who passed away in February 1999.
 
***
 
10.       Cabinet has agreed to Mauritius hosting the World Travel Awards Gala Ceremony for the Africa and Indian Ocean Category in 2019.  The World Travel Awards has been rewarding success across all sectors of the tourism industry since 25 years.  Some 300 industry leaders, professionals from the regional tourism and hospitality industry as well as high ranking Government representatives would attend the event.  Such events are widely regarded as providing excellent networking opportunities as well as enhancing international visibility for the host country.
 
***
 
11.       Cabinet has taken note of the activities that would be organised to mark the 184th Anniversary of the Abolition of Slavery in Mauritius, commemorated on 1 February.  In this context, HE Filipe Nyusi, President of the Republic of Mozambique, would be the Chief Guest.  The activities would include –
 
            (a)       a symbolic wreath laying ceremony at the “Monument aux Esclaves”, Pointe Canon, Mahebourg; and
 
            (b)       a wreath laying ceremony on 1 February 2019 at the International Slave Route Monument, Le Morne Public Beach, followed by an official programme at Le Morne Village.
 
***
 
12.       Cabinet has taken note of the various activities being organised for the celebration of the Spring Festival at national level, including-
 
(a)       a Chinese Spring Festival Parade in the streets of Port Louis on 3 February 2019.  Shows with the participation of local and foreign artists and demonstrations of Chinese handicraft and cuisine would also be held;
 
(b)       a Gala Show on 5 February 2019 at the J&J Auditorium, Phoenix comprising performances by the Shaanxi Provincial Acrobatic Troupe Co. Ltd from China; and
 
(c)        a Cultural Show on the occasion of the Lantern Festival on 16 February 2019 at the Mahatma Gandhi Institute, Moka.
 
***
 


 
13.       Cabinet has taken note that the Ministry of Youth and Sports, in collaboration with the ‘Comité d’Organisation des 10èmes Jeux des Iles de l’Océan Indien’, would organise a major activity each month with the view to rallying the population around the forthcoming Indian Ocean Islands Games scheduled from 19 to 28 July 2019.  The activity would comprise a grand musical show, PS4 games, face painting and fun games for children and the public in general.  The activities would be organised at Port Louis Waterfront, Mahebourg Waterfront, Flacq Coeur de Ville, Flic en Flac Public Beach, Municipality of Curepipe, Plaza, Rose Hill and Grand Baie.
 
 
***
 
 
14.       Cabinet has taken note that Mauritius has been selected by the International Maritime Organization as a Lead Partnering Country under the GEF-UNDP-IMO GloFouling Partnerships Project. The GloFouling Partnerships Project is a collaboration between the Global Environment Facility, the United Nations Development Programme and the International Maritime Organization. The aim of the GloFouling Project is to build capacity in developing countries for implementing the International Maritime Organization and other relevant guidelines for biofouling management and to catalyse overall reductions in the transboundary introduction of biofouling-mediated invasive species with additional benefits in the reduction of Greenhouse Gas emissions from global shipping.
 
***
 
 
15.       Cabinet has taken note of the recent mission of the Vice-Prime Minister, Minister of Local Government and Outer Islands, Minister of Gender Equality, Child Development and Family Welfare to Ethiopia where she participated in the High Level Dialogue on the Protocol to the African Charter on Human and People’s Rights on the Rights of Women in Africa.  The event was organised by the African Union Commission to commemorate the 15th anniversary celebration of the Maputo Protocol.  The objectives of the High Level Dialogue were to –
 
(a)       take stock of progress made so far in implementing gender equality and women’s empowerment as provided under the Articles of the Protocol;
 
(b)       raise awareness about critical gaps that must be addressed and identify creative ways to improve the status of women across Member States; and
 
(c)        develop strategies for promoting universal ratification, domestication and implementation of the Protocol.
 
 
 
***


 
16.       Cabinet has taken note of the outcome of the recent mission of the Minister of Education and Human Resources, Tertiary Education and Scientific Research to South Africa where she participated in the Harvard Ministerial Roundtable for Human Development Policy Innovation.  The key objective of the Roundtable was to inform about opportunities and inspire Ministers present to think through and work out steps to implement and scale-up innovative human development policy initiatives.  Following the Roundtable, participating Ministers were called upon to develop and present an agenda of innovative policy ideas that are relevant to their specific challenges and map directions as to how to implement same.  The Roundtable produced a set of policy briefs providing options and recommendations for innovative inter-sectoral human development policies applicable to different African contexts.
 
***
 
17.       Cabinet has taken note of the outcome of the “17ème Colloque VIH/SIDA Océan Indien” which was recently held in Mauritius.  The theme of the “Colloque” was “Une Région, Des Évolutions, Des Solutions …. Ensemble!”.  The main objectives of the “Colloque” were to –
 
(a)       update the knowledge and management of the HIV infection among the scientists, the medical and paramedical personnel and the service providers;
 
(b)       share best practices and experiences between health personnel and civil society of the Region; and
 
(c)        reinforce cooperation amongst Member States of the Indian Ocean Region with regard to HIV and AIDS and harm reduction strategies.
 
Eminent and renowned experts in the field of HIV and AIDS from France, Reunion Island and Mauritius participated in the “Colloque” and shared their experiences with some 300 participants.
 
***
 
18.       Cabinet has taken note of the reconstitution of –
 
(a)       the Discharged Persons’ Aid Committee with Mr Serge Roland Montille as Chairperson; and
 
(b)       the Jewellery Advisory Council with Mr Teswar Rai Ramkhalawon as Chairperson.
 
 
 
*******

 

SB18-358: Vulnerability Summary for the Week of December 17, 2018

Original release date: December 24, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1password — 1password
 
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user’s machine. This data could include usernames and passwords that a user manually entered into Safari. 2018-12-22 not yet calculated CVE-2018-19863
CONFIRM
adrenalin — hrms_software A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. 2018-12-20 not yet calculated CVE-2018-12651
MISC
advantech — webaccess/scada WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. 2018-12-19 not yet calculated CVE-2018-18999
BID
MISC
MISC
ahead_software — freeware_advanced_audio_decoder_2 An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-12-22 not yet calculated CVE-2018-20359
MISC
ahead_software — freeware_advanced_audio_decoder_2 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case. 2018-12-17 not yet calculated CVE-2018-20197
MISC
ahead_software — freeware_advanced_audio_decoder_2 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. 2018-12-17 not yet calculated CVE-2018-20199
MISC
ahead_software — freeware_advanced_audio_decoder_2 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case. 2018-12-17 not yet calculated CVE-2018-20194
MISC
ahead_software — freeware_advanced_audio_decoder_2 An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-12-22 not yet calculated CVE-2018-20360
MISC
ahead_software — freeware_advanced_audio_decoder_2 A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-12-17 not yet calculated CVE-2018-20195
MISC
ahead_software — freeware_advanced_audio_decoder_2 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. 2018-12-22 not yet calculated CVE-2018-20362
MISC
ahead_software — freeware_advanced_audio_decoder_2 An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-12-22 not yet calculated CVE-2018-20361
MISC
ahead_software — freeware_advanced_audio_decoder_2 A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. 2018-12-22 not yet calculated CVE-2018-20357
MISC
ahead_software — freeware_advanced_audio_decoder_2 An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2018-12-22 not yet calculated CVE-2018-20358
MISC
ahead_software — freeware_advanced_audio_decoder_2 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case. 2018-12-17 not yet calculated CVE-2018-20198
MISC
ahead_software — freeware_advanced_audio_decoder_2 There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. 2018-12-17 not yet calculated CVE-2018-20196
MISC
aio-libs — aiohttp-session aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value. 2018-12-20 not yet calculated CVE-2018-1000814
MISC
MISC
alpine — linux
 
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux’ package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1. 2018-12-20 not yet calculated CVE-2018-1000849
MISC
MISC
MISC
alzip — alzip
 
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution. 2018-12-21 not yet calculated CVE-2018-5196
MISC
MISC
antiy — avl_atool Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the ssdt.sys kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation. A failed exploit could lead to denial of service. 2018-12-22 not yet calculated CVE-2018-20331
MISC
anyplace — anyplace
 
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4. 2018-12-20 not yet calculated CVE-2018-1000829
MISC
MISC
apache — nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-12-19 not yet calculated CVE-2018-17193
CONFIRM
apache — nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-12-19 not yet calculated CVE-2018-17195
CONFIRM
apache — nifi When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-12-19 not yet calculated CVE-2018-17194
CONFIRM
apache — nifi
 
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2018-12-19 not yet calculated CVE-2018-17192
CONFIRM
apache — oozie
 
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user’s name. 2018-12-19 not yet calculated CVE-2018-11799
BID
MISC
arm — arm_trusted_firmware In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. 2018-12-18 not yet calculated CVE-2017-15031
BID
CONFIRM
artica — integria_ims Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. 2018-12-18 not yet calculated CVE-2018-19829
MISC
EXPLOIT-DB
artica — integria_ims
 
Artica Integria IMS 5.0.83 has XSS via the search_string parameter. 2018-12-17 not yet calculated CVE-2018-19828
MISC
EXPLOIT-DB
artifex — ghostscript In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. 2018-12-20 not yet calculated CVE-2018-19134
CONFIRM
BID
REDHAT
CONFIRM
MISC
CONFIRM
asset-pipeline — asset-pipeline Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8). 2018-12-20 not yet calculated CVE-2018-1000817
MISC
MISC
autopsy — autopsy
 
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata. 2018-12-20 not yet calculated CVE-2018-1000838
MISC
MISC
avahi — avahi
 
Avahi version 0.7 contains a Incorrect Access Control vulnerability in avahi-daemon that can result in Traffic reflection and amplification for DDoS attacks.. This attack appear to be exploitable via unicast IP network packet with spoofed source address. 2018-12-20 not yet calculated CVE-2018-1000845
MISC
backdrop — cms
 
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later. 2018-12-20 not yet calculated CVE-2018-1000813
MISC
barracuda — message_archiver Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. 2018-12-22 not yet calculated CVE-2018-20369
MISC
bento4 — bento4
 
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. 2018-12-17 not yet calculated CVE-2018-20186
MISC
berkeley — open_infrastructure_for_network_computing_boinc_server_and_website_code Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3. 2018-12-20 not yet calculated CVE-2018-1000875
MISC
blackberry — blackberry_uem A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. 2018-12-20 not yet calculated CVE-2018-8892
CONFIRM
blackberry — blackberry_uem Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. 2018-12-20 not yet calculated CVE-2018-8891
CONFIRM
blackberry — blackberry_uem
 
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. 2018-12-20 not yet calculated CVE-2018-8888
CONFIRM
bludit — bludit
 
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. 2018-12-20 not yet calculated CVE-2018-1000811
MISC
bolt — cms
 
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. 2018-12-17 not yet calculated CVE-2018-19933
MISC
EXPLOIT-DB
MISC
bosch — smart_home_cameras An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server. 2018-12-19 not yet calculated CVE-2018-20299
MISC
bosch_ip_cameras An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. 2018-12-17 not yet calculated CVE-2018-19036
CONFIRM
brave_software — brave
 
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2. 2018-12-20 not yet calculated CVE-2018-1000815
MISC
MISC
MISC
bw-calendar-engine — bw-calendar-engine
 
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server. 2018-12-20 not yet calculated CVE-2018-1000836
MISC
MISC

chamilo — chamilo-lms

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered “low risk” due to the nature of the feature it exploits. 2018-12-21 not yet calculated CVE-2018-20328
MISC
MISC

chamilo — chamilo-lms

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information. 2018-12-21 not yet calculated CVE-2018-20329
MISC
MISC

chamilo — chamilo-lms

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered “low risk” due to the nature of the feature it exploits. 2018-12-21 not yet calculated CVE-2018-20327
MISC
MISC
cms_made_simple — cms_made_simple
 
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. 2018-12-19 not yet calculated CVE-2018-19597
MISC
cmsimple — cmsimple CMSimple 4.7.5 has XSS via an admin’s upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. 2018-12-19 not yet calculated CVE-2018-19508
MISC
cmsimple — cmsimple
 
CMSimple 4.7.5 has XSS via an admin’s use of a ?file=config&action=array URI. 2018-12-19 not yet calculated CVE-2018-19507
MISC
codelibs — fess codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b. 2018-12-20 not yet calculated CVE-2018-1000822
MISC
MISC
comparex — miss_marple COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. 2018-12-20 not yet calculated CVE-2018-19233
MISC
FULLDISC
BUGTRAQ
MISC
comparex — miss_marple The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation. 2018-12-20 not yet calculated CVE-2018-19234
MISC
FULLDISC
BUGTRAQ
MISC
copay — bitcoin_wallet
 
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users’ private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later . 2018-12-20 not yet calculated CVE-2018-1000851
MISC
MISC
MISC
MISC
cscape — cscape
 
Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code. 2018-12-20 not yet calculated CVE-2018-19005
BID
MISC
d-link — 5592_routers
 
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page “/ui/cbpc/login” is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie “sid” generated by the page. The attacker will have access to the router control panel with administrator privileges. 2018-12-18 not yet calculated CVE-2018-17777
MISC
d-link — dcs_wifi_cameras D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. 2018-12-20 not yet calculated CVE-2018-18442
MISC
d-link — dcs_wifi_cameras D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. 2018-12-20 not yet calculated CVE-2018-18441
MISC
d-link — dir-140l_and_dir-640l_routers dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. 2018-12-21 not yet calculated CVE-2018-18009
FULLDISC
d-link — dir-816_devices
 
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. 2018-12-19 not yet calculated CVE-2018-20305
MISC
d-link — dsl-2770l_routers
 
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. 2018-12-21 not yet calculated CVE-2018-18007
FULLDISC
d-link — multiple_devices
 
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. 2018-12-21 not yet calculated CVE-2018-18008
FULLDISC
d-link — mydlink_baby An issue was discovered in D-Link ‘myDlink Baby App’ version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. 2018-12-20 not yet calculated CVE-2018-18767
MISC
domainmod — domainmod
 
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet. 2018-12-20 not yet calculated CVE-2018-1000856
MISC
driveragent — driveragent
 
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver’s subroutine will execute a wrmsr instruction with the user’s buffer for partial input. 2018-12-18 not yet calculated CVE-2018-19522
MISC
easymon — easymon
 
easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later. 2018-12-20 not yet calculated CVE-2018-1000855
MISC
MISC
elastic — elasticsearch_security Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning’s find_file_structure API. If a policy allowing external network access has been added to Elasticsearch’s Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to. 2018-12-20 not yet calculated CVE-2018-17247
MISC
CONFIRM
elastic — elasticsearch_security
 
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. 2018-12-20 not yet calculated CVE-2018-17244
MISC
CONFIRM

elixir-plug — plug

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6. 2018-12-20 not yet calculated CVE-2018-1000883
MISC
MISC
empire — cms
 
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. 2018-12-19 not yet calculated CVE-2018-20300
MISC
enigma2 — enigma2
 
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project. 2018-12-21 not yet calculated CVE-2018-20332
MISC
MISC
enlightenment — terminology Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe “cat README.md” command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run. 2018-12-17 not yet calculated CVE-2018-20167
MISC
MISC
MISC
esigate.org — esigate esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3. 2018-12-20 not yet calculated CVE-2018-1000854
MISC
espruino — espruino
 
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file. 2018-12-18 not yet calculated CVE-2018-20201
MISC
evernote — evernote
 
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. 2018-12-21 not yet calculated CVE-2018-20351
MISC
exist — exist
 
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. 2018-12-20 not yet calculated CVE-2018-1000823
MISC
MISC
f5 — big-ip On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. 2018-12-20 not yet calculated CVE-2018-15331
CONFIRM
f5 — big-ip On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file. 2018-12-20 not yet calculated CVE-2018-15330
CONFIRM
f5 — big-ip On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. 2018-12-20 not yet calculated CVE-2018-15329
CONFIRM
fasterxml — jackson
 
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. 2018-12-20 not yet calculated CVE-2018-1000873
MISC
MISC
fatfreecrm — fatfreecrm
 
FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2. 2018-12-20 not yet calculated CVE-2018-1000842
MISC
MISC
MISC
MISC
floureon — ip_camera_sp012 The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. 2018-12-21 not yet calculated CVE-2018-20342
MISC
freecol — freecol
 
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. 2018-12-20 not yet calculated CVE-2018-1000825
MISC
MISC
freerdp — freerdp
 
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client’s memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. 2018-12-20 not yet calculated CVE-2018-1000852
MISC
MISC
MISC
freshdns — freshdns FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker’s JavaScript code in victim’s session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later. 2018-12-20 not yet calculated CVE-2018-1000847
MISC
MISC
freshdns — freshdns
 
FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim’s privileges. This attack appear to be exploitable via Victim must open a website containing attacker’s javascript. This vulnerability appears to have been fixed in 1.0.5 and later. 2018-12-20 not yet calculated CVE-2018-1000846
MISC
MISC
frostwire — frostwire
 
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software. 2018-12-20 not yet calculated CVE-2018-1000828
MISC
MISC
fuel — cms
 
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. 2018-12-17 not yet calculated CVE-2018-20188
MISC
ge — mark_vie_distributed_control_system_and_associated_products GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. 2018-12-14 not yet calculated CVE-2018-19003
BID
MISC
gigabyte — multiple_products The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs). 2018-12-21 not yet calculated CVE-2018-19323
FULLDISC
BID
MISC
gigabyte — multiple_products The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. 2018-12-21 not yet calculated CVE-2018-19322
FULLDISC
BID
MISC
gigabyte — multiple_products The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. 2018-12-21 not yet calculated CVE-2018-19321
FULLDISC
BID
MISC
gigabyte — multiple_products
 
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. 2018-12-21 not yet calculated CVE-2018-19320
FULLDISC
BID
MISC
gigaset — maxwell_basic_voip_phones Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). 2018-12-20 not yet calculated CVE-2018-18871
MISC
gnu — binutils binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. 2018-12-20 not yet calculated CVE-2018-1000876
MISC
MISC
gnupg — gnupg
 
GnuPG version 2.1.12 – 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. 2018-12-20 not yet calculated CVE-2018-1000858
MISC
MISC
gogs — gogs
 
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. 2018-12-19 not yet calculated CVE-2018-20303
MISC
MISC
MISC
golang — golang The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. 2018-12-14 not yet calculated CVE-2018-16875
BID
CONFIRM
MISC
GENTOO
golang — golang In Go before 1.10.6 and 1.11.x before 1.11.3, the “go get” command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both ‘{‘ and ‘}’ characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at http://bit.ly/2RhAxF4). The attacker can cause an arbitrary filesystem write, which can lead to code execution. 2018-12-14 not yet calculated CVE-2018-16874
BID
CONFIRM
MISC
GENTOO
golang — golang In Go before 1.10.6 and 1.11.x before 1.11.3, the “go get” command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at http://bit.ly/2RhAxF4). Using custom domains, it’s possible to arrange things so that a Git repository is cloned to a folder named “.git” by using a vanity import path that ends with “/.git”. If the Git repository root contains a “HEAD” file, a “config” file, an “objects” directory, a “refs” directory, with some work to ensure the proper ordering of operations, “go get -u” can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the “config” file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running “go get -u”. 2018-12-14 not yet calculated CVE-2018-16873
BID
CONFIRM
MISC
GENTOO
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. 2018-12-20 not yet calculated CVE-2018-11988
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer. 2018-12-20 not yet calculated CVE-2018-11985
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. 2018-12-20 not yet calculated CVE-2018-11965
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. 2018-12-20 not yet calculated CVE-2018-11984
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table. 2018-12-20 not yet calculated CVE-2018-11983
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. 2018-12-20 not yet calculated CVE-2018-11960
BID
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. 2018-12-20 not yet calculated CVE-2018-11964
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver. 2018-12-20 not yet calculated CVE-2018-11963
BID
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. 2018-12-20 not yet calculated CVE-2018-11961
BID
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. 2018-12-20 not yet calculated CVE-2018-11987
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver. 2018-12-20 not yet calculated CVE-2018-11986
CONFIRM
google — android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free. 2018-12-20 not yet calculated CVE-2017-9704
CONFIRM
google — gvisor
 
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service (“physical address not valid” panic) via a crafted application. 2018-12-17 not yet calculated CVE-2018-20168
MISC
grafana — grafana
 
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. 2018-12-20 not yet calculated CVE-2018-1000816
MISC
graphicsmagick — graphicsmagick In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. 2018-12-17 not yet calculated CVE-2018-20189
MISC
BID
MISC
graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. 2018-12-17 not yet calculated CVE-2018-20185
MISC
BID
MISC
graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. 2018-12-17 not yet calculated CVE-2018-20184
MISC
BID
MISC
hancom — hancom_office
 
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions. 2018-12-21 not yet calculated CVE-2018-5201
MISC
hoteldruid — hoteldruid
 
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in “id_utente_mod” parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the “id_utente_mod=1” parameter. 2018-12-20 not yet calculated CVE-2018-1000871
EXPLOIT-DB
ibm — api_connect
 
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807. 2018-12-20 not yet calculated CVE-2018-1784
CONFIRM
XF
ibm — api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited ‘API Administrator level access to give themselves full ‘Administrator’ level access through the members functionality. IBM X-Force ID: 153914. 2018-12-20 not yet calculated CVE-2018-1973
XF
CONFIRM
ibm — business_automation_workflow IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. 2018-12-14 not yet calculated CVE-2018-1848
BID
XF
CONFIRM
ibm — datapower_gateways IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. 2018-12-20 not yet calculated CVE-2018-1677
XF
CONFIRM
ibm — datapower_gateways IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. 2018-12-20 not yet calculated CVE-2018-1661
XF
CONFIRM
ibm — db2
 
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032. 2018-12-14 not yet calculated CVE-2018-1977
CONFIRM
BID
XF
ibm — domino
 
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687. 2018-12-20 not yet calculated CVE-2018-1771
XF
CONFIRM
ibm — event_streams
 
IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507. 2018-12-18 not yet calculated CVE-2018-1833
XF
CONFIRM
ibm — loopback
 
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user&#195;&#162;&#194;&#128;&#194;&#153;s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801. 2018-12-20 not yet calculated CVE-2018-1778
CONFIRM
XF
ibm — security_guardium IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080. 2018-12-17 not yet calculated CVE-2018-1889
BID
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082. 2018-12-17 not yet calculated CVE-2018-1891
BID
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747. 2018-12-17 not yet calculated CVE-2017-1272
BID
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740. 2018-12-17 not yet calculated CVE-2017-1265
BID
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. 2018-12-17 not yet calculated CVE-2017-1597
BID
XF
CONFIRM
icinga — icinga_web Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single ‘$’ character as the Name of a Navigation item. 2018-12-17 not yet calculated CVE-2018-18250
MISC
icinga — icinga_web Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. 2018-12-17 not yet calculated CVE-2018-18247
MISC
icinga — icinga_web Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. 2018-12-17 not yet calculated CVE-2018-18248
MISC
icinga — icinga_web Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. 2018-12-17 not yet calculated CVE-2018-18249
MISC
icinga — icinga_web
 
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. 2018-12-17 not yet calculated CVE-2018-18246
MISC
igraph — igraph
 
The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object. 2018-12-21 not yet calculated CVE-2018-20349
MISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “Variables.jsp” has reflected XSS via the ConnPoolName and GroupId parameters. 2018-12-17 not yet calculated CVE-2018-19775
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “Users.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19770
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/SecurityPolicies.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19821
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “EditCurrentPresentSpace.jsp” has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. 2018-12-17 not yet calculated CVE-2018-19772
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “UserProperties.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19769
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “SubPagePackages.jsp” has reflected XSS via the ConnPoolName and GroupId parameters. 2018-12-17 not yet calculated CVE-2018-19768
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “PresentSpace.jsp” has reflected XSS via the ConnPoolName and GroupId parameters. 2018-12-17 not yet calculated CVE-2018-19767
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “GroupRessourceAdmin.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19766
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “EditCurrentPresentSpace.jsp” has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. 2018-12-17 not yet calculated CVE-2018-19765
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “EditCurrentUser.jsp” has reflected XSS via the GroupId and ConnPoolName parameters. 2018-12-17 not yet calculated CVE-2018-19773
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/SharedCriteria.jsp” has reflected XSS via the ConnPoolName or GroupId parameter. 2018-12-17 not yet calculated CVE-2018-19822
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/categorytree/ChooseCategory.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19816
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/GroupCopy.jsp” has reflected XSS via the ConnPoolName, GroupId, or type parameter. 2018-12-17 not yet calculated CVE-2018-19809
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/GroupMove.jsp” has reflected XSS via the ConnPoolName, GroupId, or type parameter. 2018-12-17 not yet calculated CVE-2018-19810
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “PresentSpace.jsp” has reflected XSS via the GroupId and ConnPoolName parameters. 2018-12-17 not yet calculated CVE-2018-19774
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/SubFolderPackages.jsp” has reflected XSS via the GroupId parameter. 2018-12-17 not yet calculated CVE-2018-19812
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Subscribers.jsp” has reflected XSS via the ConnPoolName or GroupId parameter. 2018-12-17 not yet calculated CVE-2018-19813
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Subscriptions.jsp” has reflected XSS via the ConnPoolName or GroupId parameter. 2018-12-17 not yet calculated CVE-2018-19814
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/UserPopupAddNewProp.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19815
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/AdminAuthorisationFrame.jsp” has reflected XSS via the ConnPoolName or GroupId parameter. 2018-12-17 not yet calculated CVE-2018-19817
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Rights.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19819
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Roles.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19820
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Import.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19811
MISC
FULLDISC
infovista — vistaportal Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “EditCurrentPool.jsp” has reflected XSS via the PropName parameter. 2018-12-17 not yet calculated CVE-2018-19771
MISC
FULLDISC
infovista — vistaportal
 
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Contacts.jsp” has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19818
MISC
FULLDISC
infovista — vistaportal
 
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. 2018-12-17 not yet calculated CVE-2018-19649
MISC
FULLDISC
integria — ims
 
&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047. 2018-12-20 not yet calculated CVE-2018-1000812
MISC
MISC
MISC
jco.ir — karma
 
SQL injection vulnerability in the “ContentPlaceHolder1_uxTitle” component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the “id” parameter. 2018-12-20 not yet calculated CVE-2018-18399
MISC
MISC
jenzabar — jenzabar
 
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). 2018-12-21 not yet calculated CVE-2018-16778
MISC
juniper — secure_access_ssl_vpn_products Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the “user” value, and saving the changes. 2018-12-21 not yet calculated CVE-2018-20193
FULLDISC
k9mail — k9mail
 
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server. 2018-12-20 not yet calculated CVE-2018-1000831
MISC
MISC
keepassdx — keepassdx
 
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. 2018-12-20 not yet calculated CVE-2018-1000835
MISC
MISC
kibana — kibana Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. 2018-12-20 not yet calculated CVE-2018-17246
MISC
CONFIRM
kibana — kibana
 
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. 2018-12-20 not yet calculated CVE-2018-17245
MISC
CONFIRM
kirby — kirby
 
panel/login in Kirby v2.5.12 allows Host header injection via the “forget password” feature. 2018-12-20 not yet calculated CVE-2018-16627
MISC
kmplayer — kmplayer
 
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution. 2018-12-20 not yet calculated CVE-2018-5200
MISC
knc — knc
 
The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host. 2018-12-20 not yet calculated CVE-2017-9732
MISC
FULLDISC
CONFIRM
MISC
lh-ehr — lh-ehr
 
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. 2018-12-20 not yet calculated CVE-2018-1000839
MISC
MISC
libarchive — libarchive libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser – libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. 2018-12-20 not yet calculated CVE-2018-1000879
MISC
MISC
MISC
libarchive — libarchive libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder – libarchive/archive_read_support_format_rar.c that can result in Crash/DoS – it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. 2018-12-20 not yet calculated CVE-2018-1000878
MISC
MISC
MISC
MLIST
libarchive — libarchive libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser – libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS – quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. 2018-12-20 not yet calculated CVE-2018-1000880
MISC
MISC
MISC
libarchive — libarchive
 
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder – libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. 2018-12-20 not yet calculated CVE-2018-1000877
MISC
MISC
MISC
MLIST
libexcel — libexcel
 
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product. 2018-12-18 not yet calculated CVE-2018-20213
MISC
libexcel — libexcel
 
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product. 2018-12-19 not yet calculated CVE-2018-20304
MISC
libjpeg-turbo — libjpeg-turbo
 
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. 2018-12-21 not yet calculated CVE-2018-20330
MISC
libpff — libpff
 
libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. 2018-12-21 not yet calculated CVE-2018-20348
MISC
libraw — libraw LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. 2018-12-22 not yet calculated CVE-2018-20364
MISC
libraw — libraw LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. 2018-12-22 not yet calculated CVE-2018-20365
MISC
libraw — libraw
 
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. 2018-12-21 not yet calculated CVE-2018-20337
MISC
libraw — libraw
 
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. 2018-12-22 not yet calculated CVE-2018-20363
MISC
libsass — libsass
 
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. 2018-12-17 not yet calculated CVE-2018-20190
BID
MISC
libvnc — libvnc LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. 2018-12-19 not yet calculated CVE-2018-20024
MISC
libvnc — libvnc LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution 2018-12-19 not yet calculated CVE-2018-20020
MISC
libvnc — libvnc LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution 2018-12-19 not yet calculated CVE-2018-15127
MISC
libvnc — libvnc LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR 2018-12-19 not yet calculated CVE-2018-20023
MISC
libvnc — libvnc LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR 2018-12-19 not yet calculated CVE-2018-20022
MISC
libvnc — libvnc LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM 2018-12-19 not yet calculated CVE-2018-20021
MISC
libvnc — libvnc
 
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution 2018-12-19 not yet calculated CVE-2018-20019
MISC
libvnc — libvnc
 
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. 2018-12-19 not yet calculated CVE-2018-6307
MISC
libvnc — libvnc
 
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution 2018-12-19 not yet calculated CVE-2018-15126
MISC
limesurvey — limesurvey
 
LimeSurvey contains an XSS vulnerability while uploading a ZIP file, resulting in JavaScript code execution against LimeSurvey admins. 2018-12-21 not yet calculated CVE-2018-20322
MISC
CONFIRM
linode — subsonic Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. 2018-12-19 not yet calculated CVE-2018-20228
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. 2018-12-17 not yet calculated CVE-2018-20169
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the Linux kernel’s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. 2018-12-18 not yet calculated CVE-2018-16884
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux
 
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. 2018-12-20 not yet calculated CVE-2018-18629
MISC
MISC
CONFIRM
log-user-session — log-user-session
 
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible. 2018-12-20 not yet calculated CVE-2018-1000857
MISC
logitech — harmony_hub Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. 2018-12-20 not yet calculated CVE-2018-15720
MISC
logitech — harmony_hub The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). 2018-12-20 not yet calculated CVE-2018-15723
MISC
logitech — harmony_hub The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. 2018-12-20 not yet calculated CVE-2018-15721
MISC
logitech — harmony_hub The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. 2018-12-20 not yet calculated CVE-2018-15722
MISC
luigi — luigi
 
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. 2018-12-20 not yet calculated CVE-2018-1000843
MISC
MISC
MISC
mcafee — application_and_change_control A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. 2018-12-20 not yet calculated CVE-2018-6669
CONFIRM
medtronic — carelink_programmer_and_encore_programmer Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. 2018-12-14 not yet calculated CVE-2018-18984
BID
MISC
megamek — megamek
 
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. 2018-12-20 not yet calculated CVE-2018-1000824
MISC
MISC
micromathematics — micromathematics MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8. 2018-12-20 not yet calculated CVE-2018-1000821
MISC
MISC
microsoft — internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643. 2018-12-20 not yet calculated CVE-2018-8653
BID
CONFIRM
microweber — microweber
 
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. 2018-12-20 not yet calculated CVE-2018-1000826
MISC
MISC
microworld_technologies — escan eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. 2018-12-20 not yet calculated CVE-2018-18388
CONFIRM
nagios — nagios_core Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. 2018-12-17 not yet calculated CVE-2018-18245
MISC
nasm — nasm
 
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. 2018-12-20 not yet calculated CVE-2018-1000886
MISC
netatalk — netatalk
 
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. 2018-12-20 not yet calculated CVE-2018-1160
CONFIRM
MISC
MISC
DEBIAN
EXPLOIT-DB
MISC
openkmip — pykmip
 
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0. 2018-12-20 not yet calculated CVE-2018-1000872
MISC
phkp — phkp
 
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search. 2018-12-20 not yet calculated CVE-2018-1000885
MISC
photorange — photo_vault PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by “GET /login.html__passwd1” and “GET /login.html__passwd2” and so on. 2018-12-22 not yet calculated CVE-2018-20371
MISC
php_markdown — php_markdown
 
PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in The parser allows a malicious crafted script to be executed that can result in Steal user data with a crafted script. This attack appear to be exploitable via User must open a crafted MD formatted file. 2018-12-20 not yet calculated CVE-2018-1000874
MISC
php_server_monitor — php_server_monitor
 
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. 2018-12-18 not yet calculated CVE-2018-18921
CONFIRM
MISC
phpipam — phpipam PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. 2018-12-20 not yet calculated CVE-2018-1000870
MISC
MISC
phpipam — phpipam
 
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh’><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance’s domain.. 2018-12-20 not yet calculated CVE-2018-1000860
MISC
phpipam — phpipam
 
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4. 2018-12-20 not yet calculated CVE-2018-1000869
MISC
MISC
pivotal — concourse_release Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user’s access token in Concourse. 2018-12-19 not yet calculated CVE-2018-15798
CONFIRM
pivotal — spring_security Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. 2018-12-19 not yet calculated CVE-2018-15801
CONFIRM
printeron — printeron
 
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. 2018-12-17 not yet calculated CVE-2018-19936
MISC
EXPLOIT-DB
processing_foundation — processing
 
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document. 2018-12-20 not yet calculated CVE-2018-1000840
MISC
MISC
pspp — pspp
 
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-12-19 not yet calculated CVE-2018-20230
MISC
ptc — thingworx_platform PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. 2018-12-17 not yet calculated CVE-2018-20092
CONFIRM
pulse_secure — virtual_traffic_manager A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. 2018-12-20 not yet calculated CVE-2018-20306
MISC
pulse_secure — virtual_traffic_manager Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. 2018-12-20 not yet calculated CVE-2018-20307
MISC
pylearn2 — pylearn2
 
The yaml_parse.load method in Pylearn2 allows code injection. 2018-12-17 not yet calculated CVE-2018-20027
MISC
python — python
 
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution. 2018-12-21 not yet calculated CVE-2018-20325
MISC
qemu — qemu hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. 2018-12-20 not yet calculated CVE-2018-20126
MLIST
MLIST
qemu — qemu hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. 2018-12-20 not yet calculated CVE-2018-20125
MLIST
MLIST
qemu — qemu hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. 2018-12-20 not yet calculated CVE-2018-20124
MLIST
MLIST
qemu — qemu
 
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). 2018-12-20 not yet calculated CVE-2018-20191
MLIST
BID
MLIST
qemu — qemu
 
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). 2018-12-20 not yet calculated CVE-2018-20216
MLIST
MLIST
qemu — qemu
 
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. 2018-12-17 not yet calculated CVE-2018-20123
MLIST
BID
MLIST
rdf4j — rdf4j
 
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. 2018-12-19 not yet calculated CVE-2018-20227
MISC
MISC
rendertron — rendertron Rendertron 1.0.0 allows for alternative protocols such as ‘file://’ introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. 2018-12-17 not yet calculated CVE-2017-18354
MISC
MISC
MISC
rendertron — rendertron Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the “_where” attribute of package.json files. 2018-12-17 not yet calculated CVE-2017-18355
MISC
MISC
MISC
rendertron — rendertron Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application. 2018-12-17 not yet calculated CVE-2017-18353
MISC
MISC
MISC
rendertron — rendertron
 
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs. 2018-12-17 not yet calculated CVE-2017-18352
MISC
MISC
MISC
runelite — runelite
 
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. 2018-12-20 not yet calculated CVE-2018-1000834
MISC
MISC
s3_browser — s3_browser
 
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol. 2018-12-19 not yet calculated CVE-2018-20298
MISC
MISC
samsung — samsung_galaxy_s6 Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. 2018-12-17 not yet calculated CVE-2018-14855
MISC
samsung — samsung_galaxy_s6 A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783. 2018-12-17 not yet calculated CVE-2018-14853
MISC
samsung — samsung_galaxy_s6 Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. 2018-12-17 not yet calculated CVE-2018-14856
MISC
samsung — samsung_galaxy_s6 Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip’s firmware. 2018-12-17 not yet calculated CVE-2018-14852
MISC
samsung — samsung_galaxy_s6 Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. 2018-12-17 not yet calculated CVE-2018-14854
MISC
schneider-electric — ecostruxure_products A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) – EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. 2018-12-17 not yet calculated CVE-2018-7797
BID
CONFIRM
schneider-electric — modicon_products A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker’s choosing. 2018-12-17 not yet calculated CVE-2018-7804
CONFIRM
schneider-electric — modicon_products An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. 2018-12-17 not yet calculated CVE-2018-7812
MISC
CONFIRM
schneider-electric — modicon_products An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable 2018-12-17 not yet calculated CVE-2018-7833
CONFIRM
skcertservice  — skcertservice
 
SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker’s choosing that could execute arbitrary code without the user’s knowledge. 2018-12-21 not yet calculated CVE-2018-5202
MISC
sqlite — sqlite
 
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. 2018-12-21 not yet calculated CVE-2018-20346
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
square — open_source_retrofit Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437. 2018-12-20 not yet calculated CVE-2018-1000844
MISC
square — retrofit
 
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later. 2018-12-20 not yet calculated CVE-2018-1000850
MISC
MISC
MISC
sssd — sssd
 
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the “allowed_uids” configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. 2018-12-19 not yet calculated CVE-2018-16883
BID
CONFIRM
stackstorm — stackstorm
 
Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys “?scope=all” and “?user=<username>” query filter parameters. Enterprise editions with RBAC enabled are not affected. 2018-12-21 not yet calculated CVE-2018-20345
MISC
statamic — statamic
 
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an ‘Add new user’ request. 2018-12-19 not yet calculated CVE-2018-19598
MISC
steve_pallen — coherence
 
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, “registration” endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request. 2018-12-20 not yet calculated CVE-2018-20301
MISC
steve_pallen — xain An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. 2018-12-19 not yet calculated CVE-2018-20302
MISC
MISC
swisscom — swisscom_internet-box A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. 2018-12-17 not yet calculated CVE-2018-16596
CONFIRM
sylabs — singularity Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. 2018-12-17 not yet calculated CVE-2018-19295
CONFIRM
symfony — symfony An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. 2018-12-18 not yet calculated CVE-2018-19790
BID
FEDORA
FEDORA
FEDORA
CONFIRM
symfony — symfony
 
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that’s the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. 2018-12-18 not yet calculated CVE-2018-19789
BID
FEDORA
FEDORA
FEDORA
CONFIRM
sz — netchat
 
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend. 2018-12-22 not yet calculated CVE-2018-20370
MISC
tenable — nagios_xi An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. 2018-12-17 not yet calculated CVE-2018-20172
MISC
MISC
tenable — nagios_xi An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. 2018-12-17 not yet calculated CVE-2018-20171
MISC
MISC
tenda — adsl_modem_routers Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. 2018-12-22 not yet calculated CVE-2018-20373
MISC
MISC
thehive-project — cortex An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. 2018-12-21 not yet calculated CVE-2018-20226
CONFIRM
CONFIRM
CONFIRM
tp-link — td-w8961nd devices TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. 2018-12-22 not yet calculated CVE-2018-20372
MISC
MISC
traccar — traccar_server
 
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code (‘Code Injection’) vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later. 2018-12-20 not yet calculated CVE-2018-1000881
MISC
trend_micro — dr._safety_for_android An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations. 2018-12-21 not yet calculated CVE-2018-18330
MISC
trend_micro — officescan A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. 2018-12-21 not yet calculated CVE-2018-18332
CONFIRM
trend_micro — officescan A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. 2018-12-21 not yet calculated CVE-2018-18331
CONFIRM
trendnet — tew-632brp_and_tew-673gru_routers Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication). 2018-12-20 not yet calculated CVE-2018-19242
MISC
FULLDISC
trendnet — tew-673gru_routers TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. 2018-12-20 not yet calculated CVE-2018-19239
MISC
FULLDISC
trendnet — tv-ip110wn_cameras Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). 2018-12-20 not yet calculated CVE-2018-19240
MISC
FULLDISC
trendnet — tv-ip110wn_cameras Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). 2018-12-20 not yet calculated CVE-2018-19241
MISC
FULLDISC
ubilling — ubilling
 
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. 2018-12-20 not yet calculated CVE-2018-1000827
MISC
MISC
uml_designer — uml_designer
 
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file. 2018-12-20 not yet calculated CVE-2018-1000837
MISC
MISC
vesta — vesta
 
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 — any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code — web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 — release version 0.9.8-19. 2018-12-20 not yet calculated CVE-2018-1000884
MISC
virus_total — yara In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. 2018-12-17 not yet calculated CVE-2018-19976
MISC
MISC
CONFIRM
virus_total — yara In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack). 2018-12-17 not yet calculated CVE-2018-19974
MISC
MISC
CONFIRM
virus_total — yara In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD. 2018-12-17 not yet calculated CVE-2018-19975
MISC
MISC
CONFIRM
vmware — vrealize_operations_manager vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. 2018-12-18 not yet calculated CVE-2018-6978
BID
CONFIRM
vyos — vyos A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges. 2018-12-17 not yet calculated CVE-2018-18556
MISC
CONFIRM
vyos — vyos
 
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account. 2018-12-17 not yet calculated CVE-2018-18555
CONFIRM
wampserver — wampserver
 
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later. 2018-12-20 not yet calculated CVE-2018-1000848
MISC
webid — webid WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user’s browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. 2018-12-20 not yet calculated CVE-2018-1000868
MISC
MISC
MISC
webid — webid
 
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. 2018-12-20 not yet calculated CVE-2018-1000882
MISC
MISC
MISC
webid — webid
 
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. 2018-12-20 not yet calculated CVE-2018-1000867
MISC
MISC
MISC
webroo — brightcloud_sdk An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability. 2018-12-18 not yet calculated CVE-2018-4015
MISC
weixin-java-tools — weixin-java-tools
 
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. 2018-12-20 not yet calculated CVE-2018-20318
MISC
wizvera — veraport In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file. 2018-12-20 not yet calculated CVE-2018-5199
MISC
wizvera — veraport
 
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. 2018-12-20 not yet calculated CVE-2018-5198
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. 2018-12-14 not yet calculated CVE-2018-20150
BID
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. 2018-12-14 not yet calculated CVE-2018-20153
BID
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. 2018-12-22 not yet calculated CVE-2018-20368
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. 2018-12-14 not yet calculated CVE-2018-20152
BID
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. 2018-12-19 not yet calculated CVE-2018-20231
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. 2018-12-14 not yet calculated CVE-2018-20149
BID
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine’s web crawler if an unusual configuration were chosen. The search engine could then index and display a user’s e-mail address and (rarely) the password that was generated by default. 2018-12-14 not yet calculated CVE-2018-20151
BID
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. 2018-12-14 not yet calculated CVE-2018-20147
BID
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. 2018-12-14 not yet calculated CVE-2018-20148
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. 2018-12-20 not yet calculated CVE-2018-14846
MISC
MISC
wstmart — wstmart
 
The “mall some commodity details: commodity consultation” component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. 2018-12-22 not yet calculated CVE-2018-20367
MISC
xml_parser — xml_parser
 
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c. 2018-12-20 not yet calculated CVE-2018-1000820
MISC