Vulnerability Summary for the Week of July 15, 2019

Original release date: July 22, 2019

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-07-18 7.5 CVE-2019-7850
MISC
archivesunleashed — graphpass borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable. 2019-07-15 7.5 CVE-2019-1010044
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. 2019-07-16 8.5 CVE-2019-13359
MISC
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. 2019-07-16 7.5 CVE-2019-13360
MISC
MISC
fanucamerica — robotics_virtual_robot_controller The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. 2019-07-17 7.5 CVE-2019-13585
MISC
BUGTRAQ
foliovision — fv_flowplayer_video_player A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. 2019-07-17 10.0 CVE-2019-13573
MISC
CONFIRM
CONFIRM
gdnsd — gdnsd The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data. 2019-07-18 7.5 CVE-2019-13951
MISC
gdnsd — gdnsd The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. 2019-07-18 7.5 CVE-2019-13952
MISC
getvera — vera_edge_firmware LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the “No unsafe lua allowed” code block is skipped. 2019-07-14 10.0 CVE-2019-13598
MISC
gnu — glibc GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. 2019-07-15 7.5 CVE-2019-1010022
MISC
layerbb — layerbb LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. 2019-07-19 7.5 CVE-2019-13973
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 7.5 CVE-2019-1010293
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 7.5 CVE-2019-1010295
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 10.0 CVE-2019-1010296
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 10.0 CVE-2019-1010297
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 10.0 CVE-2019-1010298
MISC
microsoft — chakracore A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. 2019-07-15 7.6 CVE-2019-1001
MISC
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. 2019-07-15 7.6 CVE-2019-1062
MISC
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. 2019-07-15 7.6 CVE-2019-1092
MISC
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107. 2019-07-15 7.6 CVE-2019-1103
N/A
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107. 2019-07-15 7.6 CVE-2019-1106
N/A
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106. 2019-07-15 7.6 CVE-2019-1107
N/A
microsoft — edge A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. 2019-07-15 7.6 CVE-2019-1104
N/A
microsoft — excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1111. 2019-07-15 9.3 CVE-2019-1110
N/A
microsoft — excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1110. 2019-07-15 9.3 CVE-2019-1111
N/A
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059. 2019-07-15 7.6 CVE-2019-1004
MISC
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059. 2019-07-15 7.6 CVE-2019-1056
MISC
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056. 2019-07-15 7.6 CVE-2019-1059
MISC
microsoft — internet_explorer A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. 2019-07-15 7.6 CVE-2019-1063
MISC
microsoft — team_foundation_server A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka ‘Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability’. 2019-07-15 7.5 CVE-2019-1072
MISC
microsoft — windows_10 A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. 2019-07-15 8.5 CVE-2019-0887
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. 2019-07-15 7.2 CVE-2019-0999
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. 2019-07-15 7.2 CVE-2019-1067
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1074. 2019-07-15 7.2 CVE-2019-1082
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka ‘Windows RPCSS Elevation of Privilege Vulnerability’. 2019-07-15 7.2 CVE-2019-1089
MISC
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrlvr.dll Elevation of Privilege Vulnerability’. 2019-07-15 7.2 CVE-2019-1090
MISC
microsoft — windows_10 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. 2019-07-15 9.3 CVE-2019-1102
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1117
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1118
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1119
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1120
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1121
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1122
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1123
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1124
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128. 2019-07-15 9.3 CVE-2019-1127
N/A
microsoft — windows_10 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127. 2019-07-15 9.3 CVE-2019-1128
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1130. 2019-07-15 7.2 CVE-2019-1129
N/A
microsoft — windows_10 An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1129. 2019-07-15 7.2 CVE-2019-1130
N/A
microsoft — windows_7 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. 2019-07-15 7.2 CVE-2019-1132
N/A
microsoft — windows_server_2012 A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’. 2019-07-15 7.5 CVE-2019-0785
MISC
onosproject — onos In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. 2019-07-16 10.0 CVE-2019-13624
MISC
rapid7 — insight_agent Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at “C:\DLLs\python3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4. 2019-07-12 7.2 CVE-2019-5629
MISC
FULLDISC
MISC
CONFIRM
BUGTRAQ
realization — concerto_critical_chain_planner Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. 2019-07-12 7.5 CVE-2019-13027
MISC
saltstack — salt_2018 SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://ift.tt/2XQbbC5). The attack vector is: specially crafted password string. The fixed version is: 2018.3.4. 2019-07-18 7.5 CVE-2019-1010259
MISC
MISC
MISC
schneider-electric — proclima A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. 2019-07-15 10.0 CVE-2019-6823
MISC
schneider-electric — proclima A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. 2019-07-15 10.0 CVE-2019-6824
MISC
sertek — xpare An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection. 2019-07-17 10.0 CVE-2019-13447
MISC
videolan — vlc_media_player VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp. 2019-07-16 7.5 CVE-2019-13615
MISC
wpeverest — everest_forms A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php 2019-07-18 7.5 CVE-2019-13575
CONFIRM
MISC
MISC
MISC
MISC
zohocorp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. 2019-07-17 8.5 CVE-2019-12876
BID
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-07-18 5.0 CVE-2019-7843
MISC
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-07-18 5.0 CVE-2019-7846
MISC
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user. 2019-07-18 5.0 CVE-2019-7847
MISC
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-07-18 5.0 CVE-2019-7848
MISC
adobe — campaign Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-07-18 5.0 CVE-2019-7941
MISC
adobe — dreamweaver Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. 2019-07-18 6.8 CVE-2019-7956
MISC
adobe — experience_manager Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. 2019-07-18 4.3 CVE-2019-7953
MISC
adobe — experience_manager Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. 2019-07-18 5.8 CVE-2019-7955
MISC
altn — mdaemon_webmail MDaemon Webmail (formerly WorldClient) has CSRF. 2019-07-19 6.8 CVE-2018-17792
MISC
MISC
apache — roller A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller’s Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3. 2019-07-15 4.3 CVE-2019-0234
CONFIRM
automattic — camptix_event_ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. 2019-07-18 5.1 CVE-2016-10762
MISC
MISC
axiosys — bento4 In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186. 2019-07-18 4.3 CVE-2019-13959
MISC
blackberry — qnx_software_development_platform An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. 2019-07-12 4.6 CVE-2019-8998
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. 2019-07-16 5.0 CVE-2019-13383
MISC
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360. 2019-07-16 6.5 CVE-2019-13605
MISC
MISC
MISC
cmsmadesimple — bable:multilingual_site Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a “newurl” parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. 2019-07-16 5.8 CVE-2019-1010290
MISC
MISC
deepsoft — weblibrarian Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function “AllBarCodes” (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC. 2019-07-15 4.0 CVE-2019-1010034
MISC
digium — asterisk Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. 2019-07-12 4.0 CVE-2019-12827
CONFIRM
CONFIRM
dolibarr — dolibarr Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. 2019-07-14 4.3 CVE-2019-1010016
MISC
dolibarr — dolibarr Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. 2019-07-18 6.8 CVE-2019-1010054
MISC
domainmod — domainmod domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: https://ift.tt/30ygraq https://ift.tt/2xWSfSI https://ift.tt/32yERSV. The attack vector is: After the administrator logged in, open the html page. 2019-07-18 6.8 CVE-2019-1010094
MISC
domainmod — domainmod domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: https://ift.tt/2xWSfSI. The attack vector is: After the administrator logged in, open the html page. 2019-07-18 6.8 CVE-2019-1010095
MISC
domainmod — domainmod domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: https://ift.tt/32yERSV. The attack vector is: After the administrator logged in, open the html page. 2019-07-18 6.8 CVE-2019-1010096
MISC
eclipse — openj9 AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 2019-07-17 4.6 CVE-2019-11771
CONFIRM
fanucamerica — robotics_virtual_robot_controller The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. 2019-07-17 5.0 CVE-2019-13584
MISC
BUGTRAQ
flatcore — flatcore A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. 2019-07-18 6.8 CVE-2019-13961
MISC
MISC
gitea — gitea Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation – PR to fix: https://ift.tt/2K1QWYH. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later. 2019-07-18 4.3 CVE-2019-1010261
MISC
gnome — evince Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. 2019-07-14 6.8 CVE-2019-1010006
MISC
MISC
gnu — glibc GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. 2019-07-15 6.8 CVE-2019-1010023
BID
MISC
gnu — glibc GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. 2019-07-15 5.0 CVE-2019-1010024
BID
MISC
gnu — glibc GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. 2019-07-15 5.0 CVE-2019-1010025
MISC
gpac — gpac In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. 2019-07-16 5.0 CVE-2019-13618
MISC
MISC
hexoeditor_project — hexoeditor HexoEditor v1.1.8-beta is affected by: XSS to code execution. 2019-07-14 4.3 CVE-2019-1010005
MISC
MISC
ht2labs — learning_locker In HT2 Labs Learning Locker 3.15.1, it’s possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. 2019-07-16 4.3 CVE-2019-12834
MISC
http-file-server_project — http-file-server A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. 2019-07-15 5.0 CVE-2019-5447
MISC
ibm — jazz_for_service_management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033. 2019-07-17 4.0 CVE-2019-4194
CONFIRM
XF
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. 2019-07-17 5.0 CVE-2019-4430
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345. 2019-07-17 4.3 CVE-2018-2021
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346. 2019-07-17 5.0 CVE-2018-2022
XF
CONFIRM
jenkins — jenkins CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. 2019-07-17 5.1 CVE-2019-10353
MLIST
MISC
jhead_project — jhead jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. 2019-07-15 4.3 CVE-2019-1010301
MISC
jhead_project — jhead jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. 2019-07-15 4.3 CVE-2019-1010302
MISC
knot-resolver — knot_resolver A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. 2019-07-16 5.0 CVE-2019-10190
CONFIRM
FEDORA
FEDORA
CONFIRM
layerbb — layerbb LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. 2019-07-19 4.3 CVE-2019-13972
MISC
layerbb — layerbb LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. 2019-07-19 6.8 CVE-2019-13974
MISC
libnmap — libnmap libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload. 2019-07-14 5.0 CVE-2019-1010017
MISC
libsdl — libsdl SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. 2019-07-16 6.8 CVE-2019-13616
MISC
linaro — op-tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. 2019-07-15 5.0 CVE-2019-1010294
MISC
lodash — lodash lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11. 2019-07-17 4.0 CVE-2019-1010266
MISC
CONFIRM
MISC
metinfo — metinfo Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. 2019-07-19 6.5 CVE-2019-13969
MISC
microsoft — .net_framework An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka ‘WCF/WIF SAML Token Authentication Bypass Vulnerability’. 2019-07-15 5.0 CVE-2019-1006
MISC
microsoft — .net_framework A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka ‘.NET Denial of Service Vulnerability’. 2019-07-15 5.0 CVE-2019-1083
MISC
microsoft — .net_framework A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET Framework Remote Code Execution Vulnerability’. 2019-07-15 6.8 CVE-2019-1113
N/A
microsoft — asp.net_core A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka ‘ASP.NET Core Spoofing Vulnerability’. 2019-07-15 5.8 CVE-2019-1075
MISC
microsoft — azure_automation An elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role, aka ‘Azure Automation Elevation of Privilege Vulnerability’. 2019-07-15 4.0 CVE-2019-0962
MISC
microsoft — exchange_server An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ‘Microsoft Exchange Server Elevation of Privilege Vulnerability’. 2019-07-15 5.1 CVE-2019-1136
N/A
microsoft — office A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka ‘Microsoft Office Spoofing Vulnerability’. 2019-07-15 6.4 CVE-2019-1109
N/A
microsoft — office An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’. 2019-07-15 4.3 CVE-2019-1112
N/A
microsoft — sql_server A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka ‘Microsoft SQL Server Remote Code Execution Vulnerability’. 2019-07-15 6.5 CVE-2019-1068
MISC
microsoft — visual_studio An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka ‘Visual Studio Information Disclosure Vulnerability’. 2019-07-15 4.3 CVE-2019-1079
MISC
microsoft — visual_studio_2017 An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka ‘Visual Studio Elevation of Privilege Vulnerability’. 2019-07-15 6.6 CVE-2019-1077
MISC
microsoft — windows_10 A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. 2019-07-15 4.6 CVE-2019-0880
MISC
microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. 2019-07-15 5.5 CVE-2019-0966
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. 2019-07-15 6.9 CVE-2019-1037
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka ‘Windows WLAN Service Elevation of Privilege Vulnerability’. 2019-07-15 4.6 CVE-2019-1085
MISC
microsoft — windows_10 An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088. 2019-07-15 4.6 CVE-2019-1086
MISC
microsoft — windows_10 An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. 2019-07-15 4.6 CVE-2019-1087
MISC
microsoft — windows_10 An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. 2019-07-15 4.6 CVE-2019-1088
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1094
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1095
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka ‘Remote Desktop Protocol Client Information Disclosure Vulnerability’. 2019-07-15 4.0 CVE-2019-1108
N/A
microsoft — windows_7 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1098
N/A
microsoft — windows_7 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1099
N/A
microsoft — windows_7 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1101, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1100
N/A
microsoft — windows_7 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1116. 2019-07-15 4.3 CVE-2019-1101
N/A
microsoft — windows_7 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101. 2019-07-15 4.3 CVE-2019-1116
N/A
microsoft — windows_server_2012 A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka ‘Windows DNS Server Denial of Service Vulnerability’. 2019-07-15 5.0 CVE-2019-0811
MISC
microstrategy — microstrategy_web In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. 2019-07-17 4.3 CVE-2019-12475
MISC
mirumee — saleor In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. 2019-07-14 6.8 CVE-2019-13594
MISC
moinejf — abcm2ps moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. 2019-07-18 4.3 CVE-2019-1010069
MISC
MISC
myt_project — myt In MyT 1.5.1, the User[username] parameter has XSS. 2019-07-17 4.3 CVE-2019-13346
EXPLOIT-DB
netfilter — iptables A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. 2019-07-12 4.3 CVE-2019-11360
MISC
CONFIRM
nginx — njs njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. 2019-07-16 4.3 CVE-2019-13617
MISC
MISC
nsa — ghidra In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. 2019-07-16 6.8 CVE-2019-13623
MISC
MISC
ovidentia — ovidentia Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. 2019-07-19 6.5 CVE-2019-13978
MISC
paloaltonetworks — pan-os Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. 2019-07-16 6.5 CVE-2019-1575
BID
CONFIRM
paloaltonetworks — pan-os Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions. 2019-07-16 6.5 CVE-2019-1576
CONFIRM
python — python http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. 2019-07-13 5.0 CVE-2018-20852
MISC
MISC
rust-lang — rust The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. 2019-07-15 5.0 CVE-2019-1010299
MISC
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. 2019-07-15 6.8 CVE-2019-6827
MISC
schneider-electric — proclima A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. 2019-07-15 6.8 CVE-2019-6825
MISC
schneider-electric — zelio_soft_2 A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file. 2019-07-15 6.8 CVE-2019-6822
MISC
school_college_portal_with_erp_script_project — school_college_portal_with_erp_script phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />. 2019-07-15 4.3 CVE-2019-1010028
MISC
sertek — xpare An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product’s clients. 2019-07-17 4.3 CVE-2019-13448
MISC
solarwinds — network_performance_monitor SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. 2019-07-16 6.5 CVE-2018-13442
MISC
soundexchange — sound_exchange SoX – Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. 2019-07-14 4.3 CVE-2019-1010004
MISC
MISC
syguestbook_a5_project — syguestbook_a5 SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. 2019-07-18 6.8 CVE-2019-13949
MISC
MISC
temenos — cwx Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information. 2019-07-17 5.0 CVE-2019-13403
MISC
videolan — vlc_media_player An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. 2019-07-14 6.8 CVE-2019-13602
BID
MISC
MISC
wireshark — wireshark In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. 2019-07-17 5.0 CVE-2019-13619
BID
MISC
MISC
MISC
zammad — zammad Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) – CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3. 2019-07-16 4.3 CVE-2019-1010018
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
automattic — camptix_event_ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. 2019-07-18 3.5 CVE-2016-10763
MISC
MISC
firefly-iii — firefly_iii Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. 2019-07-17 3.5 CVE-2019-13644
MISC
MISC
firefly-iii — firefly_iii Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. 2019-07-17 3.5 CVE-2019-13645
MISC
MISC
firefly-iii — firefly_iii Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. 2019-07-17 3.5 CVE-2019-13646
MISC
MISC
firefly-iii — firefly_iii Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. 2019-07-17 3.5 CVE-2019-13647
MISC
MISC
glpi-project — glpi GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the “Link Tickets” feature, 3- a request to the endpoint fetches js and executes it. 2019-07-15 3.5 CVE-2019-1010307
MISC
MISC
glpi-project — glpi GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1. 2019-07-12 3.5 CVE-2019-1010310
MISC
MISC
ibm — campaign IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857. 2019-07-17 3.5 CVE-2018-1921
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. 2019-07-17 2.1 CVE-2019-4054
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131. 2019-07-17 3.5 CVE-2019-4211
XF
CONFIRM
microsoft — exchange_server A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka ‘Microsoft Exchange Server Spoofing Vulnerability’. 2019-07-15 3.5 CVE-2019-1137
N/A
microsoft — sharepoint_enterprise_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. 2019-07-15 3.5 CVE-2019-1134
N/A
microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka ‘Team Foundation Server Cross-site Scripting Vulnerability’. 2019-07-15 3.5 CVE-2019-1076
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1073. 2019-07-15 2.1 CVE-2019-1071
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1071. 2019-07-15 2.1 CVE-2019-1073
MISC
microsoft — windows_10 An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1082. 2019-07-15 2.1 CVE-2019-1074
MISC
microsoft — windows_10 An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka ‘Microsoft unistore.dll Information Disclosure Vulnerability’. 2019-07-15 2.1 CVE-2019-1091
MISC
microsoft — windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1097. 2019-07-15 2.1 CVE-2019-1093
MISC
microsoft — windows_10 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. 2019-07-15 2.1 CVE-2019-1096
MISC
microsoft — windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1093. 2019-07-15 2.1 CVE-2019-1097
MISC
norton — password_manager Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. 2019-07-16 1.7 CVE-2019-9700
CONFIRM
openenergymonitor — emoncms OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in “Name”, “Location”, “Bio” and “Starting Page” fields in the “My Account” page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible. 2019-07-14 3.5 CVE-2019-1010008
MISC
ovidentia — ovidentia index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. 2019-07-19 3.5 CVE-2019-13977
MISC
rdbrck — shift Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 2.1 CVE-2019-12912
CONFIRM
rdbrck — shift Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 2.1 CVE-2019-12913
CONFIRM
sitecore — experience_platform In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. 2019-07-17 3.5 CVE-2019-13493
MISC
syguestbook_a5_project — syguestbook_a5 SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. 2019-07-18 3.5 CVE-2019-13948
MISC
MISC
syguestbook_a5_project — syguestbook_a5 index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. 2019-07-18 3.5 CVE-2019-13950
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — bridge_cc
 
Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-07-18 not yet calculated CVE-2019-7963
MISC
adobe — experience_manager
 
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. 2019-07-18 not yet calculated CVE-2019-7954
MISC
akeo_consulting — rufus Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379. 2019-07-19 not yet calculated CVE-2019-1010101
MISC
akeo_consulting — rufus Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. 2019-07-19 not yet calculated CVE-2019-1010100
MISC
antsword_project — antsword In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js. 2019-07-19 not yet calculated CVE-2019-13970
MISC
MISC
MISC
aquaverde — aquarius_cms Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. 2019-07-15 not yet calculated CVE-2019-1010308
MISC
MISC
arduino — arduino Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity. 2019-07-19 not yet calculated CVE-2019-13991
MISC
audiocodes — multiple_mediant_devices
 
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions. 2019-07-19 not yet calculated CVE-2019-9229
MISC
audiocodes — multiple_mediant_devices
 
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. 2019-07-18 not yet calculated CVE-2019-9230
MISC
audiocodes — multiple_mediant_devices
 
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented. 2019-07-18 not yet calculated CVE-2019-9231
MISC
avast — antivirus In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart. 2019-07-18 not yet calculated CVE-2019-11230
MISC
b3log — wide b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. 2019-07-18 not yet calculated CVE-2019-13915
MISC
bacnet — stack_bacserv BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow. The impact is: exploit was not explored. The component is: bacserv BVLC forwarded NPDU. bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6. 2019-07-18 not yet calculated CVE-2019-1010073
MISC
MISC
chinamobile — plc_wireless_router_gpn2.4p21-c-cn ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control – Unauthenticated Remote Reboot. The impact is: PLC Wireless Router’s are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote. 2019-07-19 not yet calculated CVE-2019-1010136
EXPLOIT-DB
MISC

cisco — findit_network_manager_and_findit_network_probe_release

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable. 2019-07-17 not yet calculated CVE-2019-1919
BID
CISCO
cisco — identity_services_engine A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior. 2019-07-17 not yet calculated CVE-2019-1942
BID
CISCO
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0. 2019-07-17 not yet calculated CVE-2019-1941
BID
CISCO
cisco — industrial_network_director A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. 2019-07-17 not yet calculated CVE-2019-1940
BID
CISCO
cisco — ios_access_points_software A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly. 2019-07-17 not yet calculated CVE-2019-1920
CISCO
cisco — small_business_200_and_300_and_500_series_switches A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user’s HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. 2019-07-17 not yet calculated CVE-2019-1943
BID
CISCO
cisco — small_business_spa500_series_ip_phones A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device’s physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. 2019-07-17 not yet calculated CVE-2019-1923
BID
CISCO
cisco — vision_dynamic_signage_director A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled. 2019-07-17 not yet calculated CVE-2019-1917
BID
CISCO
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. 2019-07-16 not yet calculated CVE-2019-12989
MISC
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). 2019-07-16 not yet calculated CVE-2019-12987
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). 2019-07-16 not yet calculated CVE-2019-12988
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). 2019-07-16 not yet calculated CVE-2019-12992
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. 2019-07-16 not yet calculated CVE-2019-12990
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). 2019-07-16 not yet calculated CVE-2019-12991
MISC
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). 2019-07-16 not yet calculated CVE-2019-12986
BID
MISC
MISC
citrix — sd-wan_and_netscaler_sd-wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). 2019-07-16 not yet calculated CVE-2019-12985
BID
MISC
MISC
cjson — cjson DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. 2019-07-19 not yet calculated CVE-2019-1010239
MISC
MISC
cloud_foundry — uua Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA’s frontend sites. 2019-07-18 not yet calculated CVE-2019-3794
CONFIRM
code42 — code42_enterprise_and_crashplan_for_small_business Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user. 2019-07-19 not yet calculated CVE-2019-11552
MISC
CONFIRM
code42 — code42_for_enterprise Code42 for Enterprise through 6.8.4 has Incorrect Access Control. 2019-07-19 not yet calculated CVE-2019-11553
CONFIRM
cohesity — dataplatform A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. 2019-07-12 not yet calculated CVE-2019-11242
CONFIRM
computerlab — maple_wbt_snmp_administrator SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. 2019-07-17 not yet calculated CVE-2019-13577
MISC
MISC
FULLDISC
BUGTRAQ
dancer-plugin-simplecrud — dancer-plugin-simplecrud Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes. 2019-07-17 not yet calculated CVE-2019-1010084
MISC
dell_emc — unity_and_unityvsa Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. 2019-07-18 not yet calculated CVE-2019-3741
MISC
dell_emc — unity_and_unityvsa Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users. 2019-07-18 not yet calculated CVE-2019-3734
MISC
dglogik_inc — dglux_server DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server. 2019-07-14 not yet calculated CVE-2019-1010009
MISC
discuz!ml — discuz!ml Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en’.phpinfo().’; (if the random prefix 4gH4_0df5_ were used). 2019-07-18 not yet calculated CVE-2019-13956
MISC
docker — docker_ce_and_docker_ee In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. 2019-07-18 not yet calculated CVE-2019-13509
MISC
dpic — dpic dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. 2019-07-19 not yet calculated CVE-2019-13989
MISC
eclipse — openj9 In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager. 2019-07-17 not yet calculated CVE-2019-11772
CONFIRM
elcom — elcom_cms Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. 2019-07-19 not yet calculated CVE-2019-12946
MISC
epsocrm — epsocrm Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. 2019-07-17 not yet calculated CVE-2019-13643
MISC
MISC
facebook — hhvm Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. 2019-07-18 not yet calculated CVE-2019-3570
CONFIRM
CONFIRM
facebook — whatsapp_desktop An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. 2019-07-16 not yet calculated CVE-2019-3571
CONFIRM
fitbit — multiple_products On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to “permanent trackability” and “considerable privacy concerns” without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. 2019-07-15 not yet calculated CVE-2014-10374
MISC
MISC
gnome — pango Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. 2019-07-19 not yet calculated CVE-2019-1010238
MISC
gnu — patch In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. 2019-07-17 not yet calculated CVE-2019-13636
MISC
MLIST
h3c — h3cloud H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. 2019-07-19 not yet calculated CVE-2019-12193
MISC
helm — helm helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://ift.tt/2Ls81Ov). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2. 2019-07-17 not yet calculated CVE-2019-1010275
MISC
MISC
MISC
hid_digitalpersona — u.are.u_4500_fingerprint_reader An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user’s fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user’s fingerprint image. 2019-07-16 not yet calculated CVE-2019-13603
MISC
MISC
MISC
hid_digitalpersona — u.are.u_4500_fingerprint_reader There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak. 2019-07-15 not yet calculated CVE-2019-13604
MISC
MISC
MISC
hpe — icewall_sso_agent_option_and_icewall_mfa A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. 2019-07-19 not yet calculated CVE-2019-11989
MISC
hpe — icewall_sso_agent_option_and_icewall_mfa A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. 2019-07-19 not yet calculated CVE-2019-11990
MISC
huawei — tony-al00b_smartphones There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure. 2019-07-17 not yet calculated CVE-2019-5222
MISC
hyland — perceptive_content_server A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. 2019-07-16 not yet calculated CVE-2018-19629
MISC
jenkins — jenkins A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. 2019-07-17 not yet calculated CVE-2019-10352
MLIST
BID
MISC
MISC
jenkins — jenkins A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. 2019-07-17 not yet calculated CVE-2019-10354
MLIST
MISC
jenkins — jenkins Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. 2019-07-19 not yet calculated CVE-2019-1010241
MISC
johnson_controls — exacqvision_server ExacqVision Server?s services ‘exacqVisionServer’, ‘dvrdhcpserver’ and ‘mdnsresponder’ have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4. 2019-07-19 not yet calculated CVE-2019-7590
BID
MISC
MISC
CONFIRM
MISC
MISC
kaspersky — multiple_products
 
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 2019-07-18 not yet calculated CVE-2019-8286
BID
CONFIRM
knot_resolver — knot_resolver A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. 2019-07-16 not yet calculated CVE-2019-10191
CONFIRM
FEDORA
FEDORA
CONFIRM
ladon — ladon Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://ift.tt/2XW9bIR. The attack vector is: Send a specially crafted SOAP call. 2019-07-18 not yet calculated CVE-2019-1010268
MISC
MISC
lawrence_livermore_national_laboratory — msr-safe Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0. 2019-07-18 not yet calculated CVE-2019-1010066
MISC
MISC
lenovoemc — nas_products A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. 2019-07-16 not yet calculated CVE-2019-6160
CONFIRM
libiec61850 — libiec61850 mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet. 2019-07-15 not yet calculated CVE-2019-1010300
MISC
libmspack — libmspack libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. 2019-07-15 not yet calculated CVE-2019-1010305
MISC
MISC
UBUNTU
libreoffice — libreoffice
 
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. 2019-07-17 not yet calculated CVE-2019-9848
FEDORA
UBUNTU
CONFIRM
libreoffice — libreoffice
 
LibreOffice has a ‘stealth mode’ in which only documents from locations deemed ‘trusted’ are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice’s ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. 2019-07-17 not yet calculated CVE-2019-9849
FEDORA
UBUNTU
CONFIRM
libsdl — libsdl SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. 2019-07-17 not yet calculated CVE-2019-13626
MISC
libssh2 — libssh2 In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. 2019-07-16 not yet calculated CVE-2019-13115
MISC
MISC
MISC
MISC
linario — op-tee Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. 2019-07-16 not yet calculated CVE-2019-1010292
MISC
linksys — wifi_extender_products Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. 2019-07-17 not yet calculated CVE-2019-11535
CONFIRM
linux — linux_kernel In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit’s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. 2019-07-17 not yet calculated CVE-2019-13272
MISC
MISC
CONFIRM
CONFIRM
MISC
MISC
MISC
FEDORA
DEBIAN
linux_foundation — onos The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. 2019-07-18 not yet calculated CVE-2019-1010250
MISC
MISC
linux_foundation — onos The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. 2019-07-18 not yet calculated CVE-2019-1010252
MISC
MISC
linux_foundation — onos The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. 2019-07-18 not yet calculated CVE-2019-1010249
MISC
MISC
linux_foundation — onos_sdn_controller The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. 2019-07-19 not yet calculated CVE-2019-1010245
MISC
MISC
linux — linux_kernel In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. 2019-07-19 not yet calculated CVE-2019-13648
MISC
linux — linux_kernel In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. 2019-07-17 not yet calculated CVE-2019-13631
BID
MISC
logmein — join.me In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. 2019-07-17 not yet calculated CVE-2019-13637
MISC
mailcleaner — mailcleaner MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9. 2019-07-18 not yet calculated CVE-2019-1010246
MISC
mcafee — agent Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory. 2019-07-18 not yet calculated CVE-2019-3592
CONFIRM
mdaemon_technologies — email_server MDaemon Email Server 19 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a customer deploys a server with sufficient resources to scan large messages. 2019-07-16 not yet calculated CVE-2019-13612
MISC
microsoft — active_directory_federation_services A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka ‘ADFS Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0975. 2019-07-15 not yet calculated CVE-2019-1126
N/A
microsoft — active_directory_federation_services A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka ‘ADFS Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-1126. 2019-07-15 not yet calculated CVE-2019-0975
MISC
microsoft — exchange An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka ‘Microsoft Exchange Information Disclosure Vulnerability’. 2019-07-15 not yet calculated CVE-2019-1084
MISC
microsoft — symcrypt A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures., aka ‘SymCrypt Denial of Service Vulnerability’. 2019-07-15 not yet calculated CVE-2019-0865
MISC
microsoft — windows_defender_application_control A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’. 2019-07-19 not yet calculated CVE-2019-1167
MISC
microstrategy — microstrategy_web In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. 2019-07-19 not yet calculated CVE-2019-12453
MISC
MISC
mongodb — mongodb_enterprise_server Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. 2019-07-19 not yet calculated CVE-2015-7882
CONFIRM
nasa — cfitsio NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a ‘4’ character. 2019-07-16 not yet calculated CVE-2019-1010060
MISC
MISC
MISC
MISC
MISC
nfdump — nfdump nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. 2019-07-16 not yet calculated CVE-2019-1010057
MISC
nsa — ghidra NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. 2019-07-16 not yet calculated CVE-2019-13625
MISC
MISC
MISC
nvidia — jetson_tx1 In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges. 2019-07-19 not yet calculated CVE-2019-5680
CONFIRM
oecms — oecms OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3. 2019-07-18 not yet calculated CVE-2019-1010112
MISC
open_information_security_foundation — suricata Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service – TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://ift.tt/2JTKmTV). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. 2019-07-18 not yet calculated CVE-2019-1010279
MISC
MISC
MISC
open_information_security_foundation — suricata Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service – DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://ift.tt/2JTKhQ7, https://ift.tt/2XRcuk8). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2. 2019-07-18 not yet calculated CVE-2019-1010251
MISC
MISC
MISC
openmodelica — omcompiler OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable. 2019-07-15 not yet calculated CVE-2019-1010038
CONFIRM
opera_software — opera_mini_for_ios The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. 2019-07-18 not yet calculated CVE-2019-13607
MISC
otcms — otcms OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. 2019-07-19 not yet calculated CVE-2019-13971
MISC
pallets_project — flask The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. 2019-07-17 not yet calculated CVE-2019-1010083
CONFIRM
palo_alto_networks — pan-os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. 2019-07-19 not yet calculated CVE-2019-1579
BID
MISC
perl_crypt-jwt — perl_crypt-jwt  Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c. 2019-07-17 not yet calculated CVE-2019-1010263
MISC
MISC
pluckcms — pluckcms PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8. 2019-07-16 not yet calculated CVE-2019-1010062
MISC
MISC
premium_software — cleditor Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. 2019-07-19 not yet calculated CVE-2019-1010113
MISC
printeron — printeron_central_print_services An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests. 2019-07-19 not yet calculated CVE-2018-17210
MISC
proftpd — proftpd An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. 2019-07-19 not yet calculated CVE-2019-12815
MISC
MISC
MISC
python_engineio — python_engineio An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim’s credentials, because the Origin header is not restricted. 2019-07-15 not yet calculated CVE-2019-13611
MISC
qbittorrent — qbittorrent In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. 2019-07-17 not yet calculated CVE-2019-13640
MISC
quake3e — quake3e Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation. 2019-07-16 not yet calculated CVE-2019-1010043
MISC
ranger_studios — directus_7_api In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. 2019-07-19 not yet calculated CVE-2019-13979
MISC
MISC
ranger_studios — directus_7_api In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. 2019-07-19 not yet calculated CVE-2019-13980
MISC
ranger_studios — directus_7_api In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer. 2019-07-19 not yet calculated CVE-2019-13981
MISC
MISC
ranger_studios — directus_7_api Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. 2019-07-19 not yet calculated CVE-2019-13983
MISC
MISC
ranger_studios — directus_7_api Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File. 2019-07-19 not yet calculated CVE-2019-13984
MISC
MISC
ranger_studios — directus_7_api interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. 2019-07-19 not yet calculated CVE-2019-13982
MISC
redbrick — shift
 
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 not yet calculated CVE-2019-8932
CONFIRM
redbrick — shift
 
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 not yet calculated CVE-2019-8931
CONFIRM
redbrick — shift Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 not yet calculated CVE-2019-12914
CONFIRM
redbrick — shift Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. 2019-07-17 not yet calculated CVE-2019-12911
CONFIRM
rubygems — paranoid2_gem The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5. 2019-07-14 not yet calculated CVE-2019-13589
BID
MISC
MISC
sahi_pro — sahi_pro _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run “.sah” scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function. 2019-07-14 not yet calculated CVE-2019-13597
MISC
MISC
saleor — saleor Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop’s revenue data. The fixed version is: 2.3.1. 2019-07-15 not yet calculated CVE-2019-1010304
MISC
scapy — scapy scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. 2019-07-19 not yet calculated CVE-2019-1010142
MISC
MISC
MISC
schneider_electric — modicon_m580_cpu-bmep582040_and_modicon_ethernet_module_ bmenoc0301 A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU – BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. 2019-07-15 not yet calculated CVE-2018-7838
MISC
shenzhen — jisiwei_i3_robot_vacuum_cleaner A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone’s login credentials, which gives them full access to the robot vacuum cleaner. 2019-07-19 not yet calculated CVE-2019-12820
MISC
shenzhen — jisiwei_i3_robot_vacuum_cleaner A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial “JSW” substring followed by a six digit number that depends on the specific device. 2019-07-19 not yet calculated CVE-2019-12821
MISC
slanger — slanger Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3. 2019-07-15 not yet calculated CVE-2019-1010306
MISC
sleuthkit — sleuthkit The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. 2019-07-18 not yet calculated CVE-2019-1010065
MISC
MISC
snapview — mikogo The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges. 2019-07-12 not yet calculated CVE-2019-12731
MISC
sourceforge — timesheet_next_gen Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a “redirect” parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. 2019-07-17 not yet calculated CVE-2019-1010287
MISC
MISC
sox — sox An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. 2019-07-14 not yet calculated CVE-2019-13590
MISC
synetics_gmbh — i-doit Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1. 2019-07-18 not yet calculated CVE-2019-1010248
MISC
tenable — comodo_antivirus Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object “<GUID>_CisSharedMemBuff”. This section object is exposed by CmdAgent and contains a SharedMemoryDictionary object, which allows a low privileged process to modify the object data causing CmdAgent.exe to crash. 2019-07-17 not yet calculated CVE-2019-3972
MISC
tenable — comodo_antivirus Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port “cmdServicePort”. A low privileged process can crash CmdVirth.exe to decrease the port’s connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to “cmdServicePort”. Once this occurs, a specially crafted message can be sent to “cmdServicePort” using “FilterSendMessage” API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash. 2019-07-17 not yet calculated CVE-2019-3973
MISC
tenable — comodo_antivirus Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent’s handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges. 2019-07-17 not yet calculated CVE-2019-3969
MISC
tenable — comodo_antivirus Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port “cmdvrtLPCServerPort”. A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. This results in CmdVirth.exe and its child svchost.exe instances to terminate. 2019-07-17 not yet calculated CVE-2019-3971
MISC
tenable — comodo_antivirus Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo’s Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures. 2019-07-17 not yet calculated CVE-2019-3970
MISC
tinymce — tinymce tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element’s embed tab. 2019-07-17 not yet calculated CVE-2019-1010091
MISC
tp-link — archer_c1200 CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. 2019-07-17 not yet calculated CVE-2019-13614
MISC
tp-link — wireless_router_archer_router CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. 2019-07-17 not yet calculated CVE-2019-13613
MISC
ulaunchelf_project — ulaunchelf uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line. 2019-07-15 not yet calculated CVE-2019-1010039
MISC
univention — univention_corporate_server Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later. 2019-07-17 not yet calculated CVE-2019-1010283
MISC
MISC
videolan — vlc_media_player lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. 2019-07-18 not yet calculated CVE-2019-13962
MISC
MISC
wordpress — wordpress TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request. 2019-07-18 not yet calculated CVE-2019-1010104
MISC
wordpress — wordpress A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. 2019-07-19 not yet calculated CVE-2019-13569
MISC
wordpress — wordpress An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter. 2019-07-19 not yet calculated CVE-2019-12934
MISC
MISC
zeek — zeek In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. 2019-07-17 not yet calculated CVE-2019-12175
CONFIRM
zeroshell — zeroshell Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. 2019-07-19 not yet calculated CVE-2019-12725
MISC
MISC
zipios_project — zipios Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile(). 2019-07-17 not yet calculated CVE-2019-13453
BID
MISC
CONFIRM
zmartzone — iam_auth_openidc ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. 2019-07-19 not yet calculated CVE-2019-1010247
MISC
MISC
MISC
zzcms — zzmcms zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. 2019-07-19 not yet calculated CVE-2019-1010151
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of July 8, 2019

Original release date: July 15, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit the NIST NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
contao — contao Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. 2019-07-09 7.5 CVE-2019-11512
MISC
dlink — central_wifimanager /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie’s username field allows eval injection, and an empty password bypasses authentication. 2019-07-06 7.5 CVE-2019-13372
MISC
CONFIRM
MISC
dlink — central_wifimanager An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. 2019-07-06 7.5 CVE-2019-13373
MISC
CONFIRM
MISC
dlink — central_wifimanager A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. 2019-07-06 7.5 CVE-2019-13375
MISC
CONFIRM
MISC
dlink — dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. 2019-07-11 10.0 CVE-2019-13561
MISC
MISC
MISC
dlink — dir-818lw_firmware An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings. 2019-07-10 9.0 CVE-2019-13481
BID
MISC
dlink — dir-818lw_firmware An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. 2019-07-10 10.0 CVE-2019-13482
BID
MISC
fortinet — fcm-mb40_firmware Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. 2019-07-07 9.0 CVE-2019-13398
MISC
google — android In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983. 2019-07-08 9.3 CVE-2019-2106
CONFIRM
google — android In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844. 2019-07-08 9.3 CVE-2019-2107
CONFIRM
google — android In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. 2019-07-08 9.3 CVE-2019-2109
CONFIRM
google — android In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181. 2019-07-08 7.5 CVE-2019-2111
CONFIRM
google — android In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117997080. 2019-07-08 7.2 CVE-2019-2112
CONFIRM
hidea — az_admin hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. 2019-07-11 7.5 CVE-2019-13507
MISC
hsycms — hsycms An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page. 2019-07-10 7.5 CVE-2019-10653
MISC
oniguruma_project — oniguruma A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. 2019-07-10 7.5 CVE-2019-13224
CONFIRM
strong_password_project — strong_password The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. 2019-07-08 7.5 CVE-2019-13354
MISC
MISC
MISC
MISC
teclib-edition — fields An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. 2019-07-10 7.5 CVE-2019-12723
MISC
MISC
CONFIRM
trape_project — trape Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. 2019-07-10 7.5 CVE-2019-13489
MISC
typo3 — typo3 TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. 2019-07-09 7.5 CVE-2019-12747
CONFIRM
vivotek — fd8136_firmware Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. 2019-07-10 10.0 CVE-2018-14494
MISC
MISC
vivotek — fd8136_firmware Vivotek FD8136 devices allow Remote Command Injection, aka “another command injection vulnerability in our target device,” a different issue than CVE-2018-14494. 2019-07-10 10.0 CVE-2018-14495
MISC
MISC
vivotek — fd8136_firmware Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. 2019-07-10 7.5 CVE-2018-14496
MISC
MISC
yoast — yoast_seo The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. 2019-07-09 7.5 CVE-2019-13478
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alsa-project — alsa posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a “double file descriptor close” issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor. 2019-07-05 6.8 CVE-2019-13351
MISC
MISC
apachefriends — xampp iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. 2019-07-09 4.3 CVE-2019-8920
BID
MISC
cesanta — mongoose mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. 2019-07-10 5.0 CVE-2019-13503
MISC
MISC
cisco — unified_communications_manager A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. 2019-07-05 5.0 CVE-2019-1887
CISCO
codedoc_project — codedoc Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. 2019-07-06 6.8 CVE-2019-13362
MISC
crudlab — wp_like_button An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. 2019-07-05 5.0 CVE-2019-13344
MISC
MISC
MISC
custom4web — wp_open_graph Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5960
JVN
digisol — dg-hr-3300_firmware Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. 2019-07-05 4.3 CVE-2018-14027
MISC
dlink — central_wifimanager A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. 2019-07-06 4.3 CVE-2019-13374
MISC
CONFIRM
MISC
dlink — dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. 2019-07-11 5.0 CVE-2019-13560
MISC
MISC
MISC
dlink — dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. 2019-07-11 4.3 CVE-2019-13562
MISC
MISC
MISC
dlink — dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. 2019-07-11 6.8 CVE-2019-13563
MISC
MISC
MISC
dropbox — dropbox Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. 2019-07-08 4.3 CVE-2019-12171
MISC
MISC
dwbooster — appointment_hour_booking The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. 2019-07-11 4.3 CVE-2019-13505
MISC
MISC
enhancesoft — osticket Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. 2019-07-09 4.3 CVE-2019-13397
MISC
eventum_project — eventum An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. 2019-07-05 5.8 CVE-2018-12621
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. 2019-07-10 4.3 CVE-2018-12622
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. 2019-07-10 4.3 CVE-2018-12623
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. 2019-07-10 4.3 CVE-2018-12625
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. 2019-07-10 4.3 CVE-2018-12626
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. 2019-07-10 4.3 CVE-2018-12627
MISC
CONFIRM
eventum_project — eventum An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. 2019-07-10 6.8 CVE-2018-12628
MISC
CONFIRM
exiv2 — exiv2 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. 2019-07-10 4.3 CVE-2019-13504
BID
MISC
MISC
ffmpeg — ffmpeg In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. This may be related to two NULL pointers passed as arguments at libavcodec/frame_thread_encoder.c. 2019-07-07 4.3 CVE-2019-13390
BID
MISC
MISC
MISC
MISC
MISC
fla-shop — html5_maps Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5983
MISC
MISC
MISC
flarum — flarum Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. 2019-07-07 6.8 CVE-2019-13183
CONFIRM
MISC
CONFIRM
fortinet — fcm-mb40_firmware Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator’s SSL conversation. 2019-07-07 4.3 CVE-2019-13399
MISC
fortinet — fcm-mb40_firmware Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. 2019-07-07 5.0 CVE-2019-13400
MISC
fortinet — fcm-mb40_firmware Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. 2019-07-07 6.8 CVE-2019-13401
MISC
fortinet — fcm-mb40_firmware /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. 2019-07-07 6.5 CVE-2019-13402
MISC
gitea — gitea Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim’s browser, when the vulnerable repo page is loaded. The component is: repository’s description. The attack vector is: victim must navigate to public and affected repo page. 2019-07-11 4.3 CVE-2019-1010314
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. 2019-07-10 4.3 CVE-2018-19493
BID
CONFIRM
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. 2019-07-10 4.0 CVE-2018-19494
CONFIRM
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. 2019-07-10 4.0 CVE-2018-19495
CONFIRM
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. 2019-07-10 4.0 CVE-2018-19496
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. 2019-07-10 6.5 CVE-2018-19569
BID
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. 2019-07-10 4.0 CVE-2018-19571
MISC
MISC
gitlab — gitlab GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. 2019-07-10 4.3 CVE-2018-19572
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. 2019-07-10 4.0 CVE-2018-19575
BID
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. 2019-07-10 6.4 CVE-2018-19576
MISC
MISC
gitlab — gitlab Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. 2019-07-10 5.0 CVE-2018-19577
CONFIRM
MISC
gitlab — gitlab GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. 2019-07-10 4.0 CVE-2018-19578
CONFIRM
MISC
gitlab — gitlab All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. 2019-07-10 5.0 CVE-2018-19580
CONFIRM
MISC
gitlab — gitlab GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. 2019-07-10 5.0 CVE-2018-19581
CONFIRM
MISC
gitlab — gitlab GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. 2019-07-10 4.0 CVE-2018-19582
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user’s token. 2019-07-10 4.0 CVE-2018-19583
CONFIRM
MISC
gitlab — gitlab GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. 2019-07-10 5.0 CVE-2018-19584
CONFIRM
MISC
google — android In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182. 2019-07-08 6.8 CVE-2019-2105
CONFIRM
google — android In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117105007. 2019-07-08 5.0 CVE-2019-2116
CONFIRM
helpy.io — helpy Helpy before 2.2.0 allows agents to edit admins. 2019-07-10 6.5 CVE-2018-20851
MISC
MISC
ibm — cloud_application_performance_management IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. 2019-07-11 5.0 CVE-2019-4131
XF
CONFIRM
ibm — jazz_for_service_management IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032. 2019-07-11 5.0 CVE-2019-4193
CONFIRM
XF
idoors — idoors_reader iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. 2019-07-05 5.8 CVE-2019-5964
MISC
MISC
ignitedcms_project — ignitedcms index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. 2019-07-06 6.8 CVE-2019-13370
MISC
imagemagick — imagemagick In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. 2019-07-07 6.8 CVE-2019-13391
MISC
MISC
MISC
imagemagick — imagemagick ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. 2019-07-09 4.3 CVE-2019-13454
BID
MISC
MISC
MISC
intersystems — cache Intersystems Cache 2017.2.2.865.0 allows XSS. 2019-07-11 4.3 CVE-2018-17150
MISC
intersystems — cache Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. 2019-07-11 5.5 CVE-2018-17151
MISC
intersystems — cache Intersystems Cache 2017.2.2.865.0 allows XXE. 2019-07-11 5.5 CVE-2018-17152
MISC
invoxia — nvx220_firmware Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. 2019-07-05 5.0 CVE-2018-14529
MISC
joruri — joruri_cms_2017 Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 4.3 CVE-2019-5967
MISC
MISC
joruri — joruri_mail Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-07-05 5.8 CVE-2019-5965
MISC
MISC
joruri — joruri_mail Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors. 2019-07-05 5.8 CVE-2019-5966
MISC
MISC
keynto — team_password_manager KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. 2019-07-09 4.3 CVE-2019-13380
FULLDISC
libpng — libpng An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. 2019-07-10 6.8 CVE-2018-14550
MISC
MISC
mailvelope — mailvelope Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser’s extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. 2019-07-09 4.3 CVE-2019-9147
CONFIRM
mailvelope — mailvelope Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. 2019-07-09 4.3 CVE-2019-9148
CONFIRM
mailvelope — mailvelope Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope. 2019-07-09 6.4 CVE-2019-9149
CONFIRM
mailvelope — mailvelope Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported. 2019-07-09 5.0 CVE-2019-9150
CONFIRM
mastodon-tootdon — tootdon_for_mastodon The Android App ‘Tootdon for Mastodon’ version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2019-07-05 5.8 CVE-2019-5961
MISC
MISC
mediawiki — mediawiki Wikimedia MediaWiki through 1.32.1 allows CSRF. 2019-07-10 6.8 CVE-2019-12466
CONFIRM
MISC
BUGTRAQ
DEBIAN
mediawiki — mediawiki Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 5.0 CVE-2019-12474
CONFIRM
MISC
BUGTRAQ
DEBIAN
odoo — odoo The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances. 2019-07-05 5.0 CVE-2018-14733
CONFIRM
MISC
MISC
MISC
MISC
oniguruma_project — oniguruma A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. 2019-07-10 5.0 CVE-2019-13225
CONFIRM
opencats — opencats lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. 2019-07-05 4.3 CVE-2019-13358
MISC
MISC
MISC
otrs — otrs An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer’s browser in the context of the OTRS customer panel application. 2019-07-08 4.9 CVE-2018-11563
CONFIRM
CONFIRM
MISC
paypal — adaptive_payments_sdk paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution 2019-07-10 4.3 CVE-2017-6217
MISC
phpwind — phpwind PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. 2019-07-09 4.3 CVE-2019-13472
MISC
pingidentity — agentless_integration_kit XSS exists in Ping Identity Agentless Integration Kit before 1.5. 2019-07-11 4.3 CVE-2019-13564
CONFIRM
pyxtrlock_project — pyxtrlock pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4. 2019-07-11 4.6 CVE-2019-1010316
MISC
sap — information_steward SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-07-10 4.3 CVE-2019-0329
BID
MISC
CONFIRM
sony — vaio_update Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. 2019-07-05 6.8 CVE-2019-5981
MISC
MISC
sony — vaio_update Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. 2019-07-05 5.4 CVE-2019-5982
MISC
MISC
squid-cache — squid The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. 2019-07-05 4.3 CVE-2019-13345
MISC
MISC
MLIST
sukimalab — attendance_manager Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 4.3 CVE-2019-5970
MISC
MISC
MISC
MISC
sukimalab — attendance_manager Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5971
MISC
MISC
MISC
MISC
sukimalab — online_lesson_booking Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 4.3 CVE-2019-5972
MISC
MISC
MISC
teclib-edition — fields An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST[‘name’] parameter. 2019-07-10 4.3 CVE-2019-12724
MISC
MISC
CONFIRM
trape_project — trape A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. 2019-07-10 4.3 CVE-2019-13488
MISC
typo3 — typo3 TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. 2019-07-09 4.3 CVE-2019-12748
CONFIRM
waspthemes — custom_css_pro Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5984
MISC
MISC
MISC
weseek — growi Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user’s ‘Basic Info’. 2019-07-05 6.8 CVE-2019-5968
MISC
MISC
weseek — growi Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login. 2019-07-05 5.8 CVE-2019-5969
MISC
MISC
wikindx_project — wikindx A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. 2019-07-08 4.3 CVE-2019-12930
CONFIRM
CONFIRM
CONFIRM
zoho — salesiq Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 4.3 CVE-2019-5962
MISC
MISC
zoho — salesiq Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5963
MISC
MISC
zohocorp — manageengine_assetexplorer An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. 2019-07-11 4.3 CVE-2019-12595
MISC
MISC
zohocorp — manageengine_assetexplorer An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. 2019-07-11 4.3 CVE-2019-12596
MISC
MISC
zohocorp — manageengine_assetexplorer An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. 2019-07-11 4.3 CVE-2019-12597
MISC
MISC
zohocorp — manageengine_servicedesk_plus An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. 2019-07-11 4.3 CVE-2019-12539
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1234n — minicms In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user’s cookie. 2019-07-05 3.5 CVE-2019-13339
MISC
1234n — minicms In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user’s cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186. 2019-07-05 3.5 CVE-2019-13340
MISC
1234n — minicms In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user’s cookie. 2019-07-05 3.5 CVE-2019-13341
MISC
cyberpowersystems — powerpanel A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim. 2019-07-09 3.5 CVE-2019-13070
MISC
MISC
gitlab — gitlab GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. 2019-07-10 3.5 CVE-2018-19570
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. 2019-07-10 3.5 CVE-2018-19573
CONFIRM
MISC
gitlab — gitlab GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. 2019-07-10 3.5 CVE-2018-19574
MISC
MISC
gitlab — gitlab GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. 2019-07-10 3.5 CVE-2018-19579
CONFIRM
MISC
google — android In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131356202 2019-07-08 2.1 CVE-2019-2104
CONFIRM
google — android In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079. 2019-07-08 2.1 CVE-2019-2113
CONFIRM
google — android In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124107808. 2019-07-08 2.1 CVE-2019-2117
CONFIRM
google — android In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842. 2019-07-08 2.1 CVE-2019-2118
CONFIRM
google — android In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568. 2019-07-08 2.1 CVE-2019-2119
CONFIRM
ibm — multicloud_manager IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. 2019-07-11 2.1 CVE-2019-4118
CONFIRM
XF
libosinfo — libosinfo libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. 2019-07-05 2.1 CVE-2019-13313
MLIST
MISC
MISC
MISC
MISC
nagios — nagios_xi Nagios XI before 5.5.4 has XSS in the auto login admin management page. 2019-07-10 3.5 CVE-2018-17147
BID
MISC
redhat — virt-bootstrap virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the –root-password option to virt_bootstrap.py. 2019-07-05 2.1 CVE-2019-13314
MLIST
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alarm.com — adc-v522ir_devices Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. 2019-07-11 not yet calculated CVE-2019-9657
MISC
alarm.com — adc-v522ir_devices Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. 2019-07-11 not yet calculated CVE-2018-19588
MISC
apache — kafka In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed. 2019-07-11 not yet calculated CVE-2018-17196
MISC
apple — macos hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context. 2019-07-08 not yet calculated CVE-2019-12174
MISC
arlo — basestation Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. 2019-07-09 not yet calculated CVE-2019-3950
CONFIRM
arlo — basestation Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device. 2019-07-09 not yet calculated CVE-2019-3949
CONFIRM
avaya — control_manager  A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. 2019-07-11 not yet calculated CVE-2019-7003
BID
CONFIRM
avtech — room_alert_3e On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device’s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. 2019-07-07 not yet calculated CVE-2019-13379
MISC
MISC
bks — bks_ebk_ethernet-buskoppler_pro BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. 2019-07-05 not yet calculated CVE-2019-12971
MISC
blackberry — qnx_software_development_platform An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. 2019-07-12 not yet calculated CVE-2019-8998
MISC
broadlearning — eclass Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. 2019-07-11 not yet calculated CVE-2019-9886
CONFIRM
CONFIRM
CONFIRM
castle_rock_computing — snmpc nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. 2019-07-12 not yet calculated CVE-2019-13494
MISC
MISC

cisco — adaptive_security_applicance_software_and_firepower_threat_defense_software

 

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. 2019-07-10 not yet calculated CVE-2019-1873
BID
CISCO
cisco — advanced_malware_protection_for_endpoints_for_windows A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. 2019-07-05 not yet calculated CVE-2019-1932
CISCO
cisco — email_security_appliance A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attachment with a specific pattern. A successful exploit could allow the attacker to bypass configured content filters that would normally block the attachment. 2019-07-05 not yet calculated CVE-2019-1921
CISCO
cisco — email_security_appliance A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient’s email client is configured to execute scripts contained in emails. 2019-07-05 not yet calculated CVE-2019-1933
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS. 2019-07-05 not yet calculated CVE-2019-1894
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. 2019-07-05 not yet calculated CVE-2019-1893
CISCO
cisco — firepower_management_center Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-07-05 not yet calculated CVE-2019-1931
CISCO
cisco — firepower_management_center Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-07-05 not yet calculated CVE-2019-1930
CISCO
cisco — ios_xr_software A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. 2019-07-05 not yet calculated CVE-2019-1909
CISCO
cisco — ip_phone_7800_series_and_8800_series A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. 2019-07-05 not yet calculated CVE-2019-1922
CISCO
cisco — small_business_200_and_300_and_500_series_managed_switches A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. 2019-07-05 not yet calculated CVE-2019-1892
CISCO
cisco — small_business_200_and_300_and_500_series_managed_switches A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2019-07-05 not yet calculated CVE-2019-1891
CISCO
cisco — unified_communications_domain_manager A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges. 2019-07-05 not yet calculated CVE-2019-1911
CISCO
citrix — xenserver The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. 2019-07-11 not yet calculated CVE-2014-3798
SECUNIA
CONFIRM
BID
SECTRACK
cloud_foundry — uaa Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. 2019-07-11 not yet calculated CVE-2019-11268
CONFIRM
cloudera — cloudera_manager Cloudera Manager through 5.15 has Incorrect Access Control. 2019-07-11 not yet calculated CVE-2018-11744
CONFIRM
MISC
cohesity — dataplatform A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. 2019-07-12 not yet calculated CVE-2019-11242
CONFIRM
container_build_system — osbs-client A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files. 2019-07-11 not yet calculated CVE-2019-10135
CONFIRM
CONFIRM
cyberpower — powerpanel_business CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page. 2019-07-10 not yet calculated CVE-2019-13071
MISC
FULLDISC
damicms — damicms An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. 2019-07-10 not yet calculated CVE-2018-14831
MISC
ddrt — dashcom_live Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. 2019-07-09 not yet calculated CVE-2019-11020
MISC
MISC
ddrt — dashcom_live Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. 2019-07-09 not yet calculated CVE-2019-11019
MISC
MISC
debian — mediawiki An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12472
CONFIRM
MISC
debian — mediawiki An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. 2019-07-10 not yet calculated CVE-2019-12468
MISC
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — mediawiki MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12467
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — mediawiki Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12471
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — mediawiki Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12473
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — mediawiki Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12470
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — mediawiki MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. 2019-07-10 not yet calculated CVE-2019-12469
CONFIRM
MISC
BUGTRAQ
DEBIAN
debian — redis A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. 2019-07-11 not yet calculated CVE-2019-10193
CONFIRM
MISC
MISC
MISC
BUGTRAQ
DEBIAN
debian — redis A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. 2019-07-11 not yet calculated CVE-2019-10192
CONFIRM
MISC
MISC
MISC
BUGTRAQ
DEBIAN
digium — asterisk Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. 2019-07-12 not yet calculated CVE-2019-12827
CONFIRM
CONFIRM
digium — asterisk An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). 2019-07-12 not yet calculated CVE-2019-13161
CONFIRM
CONFIRM
e107 — e107 In e107 v2.1.7, output without filtering results in XSS. 2019-07-10 not yet calculated CVE-2018-11734
MISC
eq-3 — homematic_ccu2_devices eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution. 2019-07-10 not yet calculated CVE-2019-10122
MISC
MISC
eq-3 — homematic_ccu2_devices eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin. 2019-07-10 not yet calculated CVE-2019-10119
MISC
MISC
eq-3 — homematic_ccu2_devices On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. 2019-07-10 not yet calculated CVE-2019-10120
MISC
MISC
eq-3 — homematic_ccu2_devices eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin. 2019-07-10 not yet calculated CVE-2019-10121
MISC
MISC
MISC
fasterxml — jackson-databind An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. 2019-07-09 not yet calculated CVE-2018-11307
CONFIRM
MISC
MISC
MISC
field_test_gem_for_ruby_on_rails — field_test_gem_for_ruby_on_rails The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS). 2019-07-09 not yet calculated CVE-2019-13146
BID
MISC
MISC
flightpath — flightpath FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module. 2019-07-10 not yet calculated CVE-2019-13396
CONFIRM
ge_healthcare — aestiva_and_aespire In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. 2019-07-10 not yet calculated CVE-2019-10966
BID
MISC
glpi_project — glpi GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1. 2019-07-12 not yet calculated CVE-2019-1010310
MISC
MISC
glpi_project — glpi An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user’s password again during the next 24 hours without any information except the associated email address. 2019-07-10 not yet calculated CVE-2019-13240
MISC
MISC
MISC
MISC
MISC
hewlett_packard_enterprise — 3par_service_processor HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays. 2019-07-09 not yet calculated CVE-2019-11991
CONFIRM
huawei — mate_20_and_mate_20_X_honor_magic_2 There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2). 2019-07-10 not yet calculated CVE-2019-5220
CONFIRM
huawei — mate_20_x There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). 2019-07-10 not yet calculated CVE-2019-5221
CONFIRM
hunesion — i-onenet In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn’t verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command. 2019-07-10 not yet calculated CVE-2019-12803
CONFIRM
hunesion — i-onenet In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update. 2019-07-10 not yet calculated CVE-2019-12804
CONFIRM
ibm — content_navigator IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. 2019-07-11 not yet calculated CVE-2019-4263
XF
CONFIRM
ibm — security_identity_manager IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. 2019-07-11 not yet calculated CVE-2018-1968
CONFIRM
XF
intel — processor_diagnostic_tool Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. 2019-07-11 not yet calculated CVE-2019-11133
BID
CONFIRM
intel — ssd_dc_s4500_and_s4600_devices Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access. 2019-07-11 not yet calculated CVE-2018-18095
BID
CONFIRM
intuit — lacerte Intuit Lacerte 2017 has Incorrect Access Control. 2019-07-09 not yet calculated CVE-2018-14833
MISC
MISC
invoxia — nvx220_devices Invoxia NVX220 devices allow TELNET access as admin with a default password. 2019-07-05 not yet calculated CVE-2018-14528
MISC
ivanti — endpoint_manager An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update. 2019-07-11 not yet calculated CVE-2019-10651
CONFIRM
jenkins — jenkins Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-07-11 not yet calculated CVE-2019-10350
MLIST
MISC
jenkins — jenkins A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. 2019-07-11 not yet calculated CVE-2019-10349
MISC
MLIST
MISC
jenkins — jenkins Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-07-11 not yet calculated CVE-2019-10348
MLIST
MISC
jenkins — jenkins Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. 2019-07-11 not yet calculated CVE-2019-10347
MLIST
MISC
jenkins — jenkins A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. 2019-07-11 not yet calculated CVE-2019-10346
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2019-07-11 not yet calculated CVE-2019-10342
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-07-11 not yet calculated CVE-2019-10341
MLIST
MISC
jenkins — jenkins A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-07-11 not yet calculated CVE-2019-10340
MLIST
MISC
jenkins — jenkins Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-07-11 not yet calculated CVE-2019-10351
MLIST
MISC
juniper — junos_os A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device. Affected releases are Juniper Networks Junos OS: 16.1 versions above and including 16.1R1 prior to 16.1R7-S5; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. 2019-07-11 not yet calculated CVE-2019-0046
CONFIRM
juniper — junos_os On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command ‘show firewall filter’ can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series. 2019-07-11 not yet calculated CVE-2019-0048
CONFIRM
juniper — junos_os On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S3; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.2X75 versions prior to 17.2X75-D105; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30; 18.3 versions prior to 18.3R1-S4, 18.3R2. Junos OS releases prior to 16.1R1 are not affected. 2019-07-11 not yet calculated CVE-2019-0049
CONFIRM
juniper — junos_os The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series. 2019-07-11 not yet calculated CVE-2019-0052
CONFIRM
juniper — junos_os Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client ? accessible from the CLI or shell ? in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. 2019-07-11 not yet calculated CVE-2019-0053
CONFIRM
MISC
leanote — leanote Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). 2019-07-11 not yet calculated CVE-2019-1010003
MISC
libpng — libpng libpng before 1.6.32 does not properly check the length of chunks against the user limit. 2019-07-10 not yet calculated CVE-2017-12652
CONFIRM
linux — linux_kernel In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. 2019-07-05 not yet calculated CVE-2019-10638
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker’s web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. 2019-07-05 not yet calculated CVE-2019-10639
MISC
MISC
MISC
MISC
london_trust_media — private_internet_access_vpn_client_for_linux A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the parameters provided from the command line. Care was taken to programmatically disable potentially dangerous openvpn parameters; however, the –route-pre-down parameter can be used. This parameter accepts an arbitrary path to a script/program to be executed when OpenVPN exits. The –script-security parameter also needs to be passed to allow for this action to be taken, and –script-security is not currently in the disabled parameter list. A local unprivileged user can pass a malicious script/binary to the –route-pre-down option, which will be executed as root when openvpn is stopped. 2019-07-11 not yet calculated CVE-2019-12578
MISC
london_trust_media — private_internet_access_vpn_client_for_linux A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The root_runner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts to load several libraries under /tmp/ruby-deploy.old/lib. A local unprivileged user can create a malicious library under this path to execute arbitrary code as the root user. 2019-07-11 not yet calculated CVE-2019-12575
MISC
london_trust_media — private_internet_access_vpn_client_for_linux_and_macos A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpn_launcher.64 binary is setuid root. This binary accepts several parameters to update the system configuration. These parameters are passed to operating system commands using a “here” document. The parameters are not sanitized, which allow for arbitrary commands to be injected using shell metacharacters. A local unprivileged user can pass special crafted parameters that will be interpolated by the operating system calls. 2019-07-11 not yet calculated CVE-2019-12579
MISC
london_trust_media — private_internet_access_vpn_client_for_linux_and_macos A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the –log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user. 2019-07-11 not yet calculated CVE-2019-12573
MISC
london_trust_media — private_internet_access_vpn_client_for_macos A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher binary is setuid root. This program is called during the connection process and executes several operating system utilities to configure the system. The networksetup utility is called using relative paths. A local unprivileged user can execute arbitrary commands as root by creating a networksetup trojan which will be executed during the connection process. This is possible because the PATH environment variable is not reset prior to executing the OS utility. 2019-07-11 not yet calculated CVE-2019-12576
MISC
london_trust_media — private_internet_access_vpn_client_for_macos A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists, it will be truncated and the contents completely overwritten. This file is removed on disconnect. An unprivileged user can create a hard or soft link to arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user. 2019-07-11 not yet calculated CVE-2019-12571
MISC
london_trust_media — private_internet_access_vpn_client_for_macos A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpn_launcher.64 is setuid root. This binary creates /tmp/pia_upscript.sh when executed. Because the file creation mask (umask) is not reset, the umask value is inherited from the calling process. This value can be manipulated to cause the privileged binary to create files with world writable permissions. A local unprivileged user can modify /tmp/pia_upscript.sh during the connect process to execute arbitrary code as the root user. 2019-07-11 not yet calculated CVE-2019-12577
MISC
london_trust_media — private_internet_access_vpn_client_for_windows A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM. 2019-07-11 not yet calculated CVE-2019-12574
MISC
mailenable — mailenable_enterprise_premium MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users’ credentials including those of SYSADMIN accounts, reading other users’ emails, or adding emails or files to other users’ accounts. 2019-07-08 not yet calculated CVE-2019-12925
CONFIRM
MISC
mailenable — mailenable_enterprise_premium MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access. 2019-07-08 not yet calculated CVE-2019-12926
CONFIRM
MISC
mailenable — mailenable_enterprise_premium MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. 2019-07-08 not yet calculated CVE-2019-12927
CONFIRM
MISC
mailenable — mailenable_enterprise_premium MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users’ credentials (including the highest privileged users). 2019-07-08 not yet calculated CVE-2019-12924
CONFIRM
MISC
mailenable — mailenable_enterprise_premium In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker. 2019-07-08 not yet calculated CVE-2019-12923
CONFIRM
MISC
matrixssl — matrixssl MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. 2019-07-09 not yet calculated CVE-2019-13470
MISC
minimagick — minmagick In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a ‘|’ character followed by a command. 2019-07-11 not yet calculated CVE-2019-13574
MISC
MISC
MISC
MISC
DEBIAN
mobatech — mobaxterm In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible. 2019-07-09 not yet calculated CVE-2019-13475
MISC
mybb — mybb An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. 2019-07-11 not yet calculated CVE-2019-12363
MISC
MISC
netfilter — iptables A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. 2019-07-12 not yet calculated CVE-2019-11360
MISC
CONFIRM
netiq — advanced_authentication_framework A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. 2019-07-10 not yet calculated CVE-2019-11650
CONFIRM
npmjs — serve-here.js Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. 2019-07-10 not yet calculated CVE-2019-5444
MISC
nuxt — nuxt.js @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. 2019-07-11 not yet calculated CVE-2019-13506
MISC
MISC
MISC
MISC
MISC
MISC
ovirt — ovirt_metrics Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts. 2019-07-11 not yet calculated CVE-2019-10194
CONFIRM
patchwork — patchwork A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. 2019-07-10 not yet calculated CVE-2019-13122
MISC
MLIST
MISC
MISC
MISC
MISC
MISC
php — php main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen(‘127.0.0.1:80’, 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. 2019-07-10 not yet calculated CVE-2017-7189
MISC
MISC
prestashop — prestashop In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. 2019-07-09 not yet calculated CVE-2019-13461
MISC
MISC
project_redcap — redcap Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user’s web browser. 2019-07-11 not yet calculated CVE-2019-13029
MISC
python — python http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. 2019-07-13 not yet calculated CVE-2018-20852
MISC
MISC
quest — kace Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. 2019-07-08 not yet calculated CVE-2019-10973
BID
MISC
rapid7 — insight_agent Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at “C:\DLLs\python3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4. 2019-07-12 not yet calculated CVE-2019-5629
MISC
FULLDISC
MISC
CONFIRM
BUGTRAQ
razor — surround The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege. 2019-07-09 not yet calculated CVE-2019-13142
MISC
realization — concerto_critical_chain_planner Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter. 2019-07-12 not yet calculated CVE-2019-13027
MISC
red_hat — openshift_container_platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. 2019-07-11 not yet calculated CVE-2019-3889
CONFIRM
rockwell_automation — panelview_5510 In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device?s file system. 2019-07-11 not yet calculated CVE-2019-10970
BID
MISC
sap — abap_server_and_abap_platform ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-07-10 not yet calculated CVE-2019-0321
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-07-10 not yet calculated CVE-2019-0326
BID
MISC
CONFIRM
sap — commerce_cloud SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2019-07-10 not yet calculated CVE-2019-0322
BID
MISC
CONFIRM
sap — diagnostic_agent The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. 2019-07-10 not yet calculated CVE-2019-0330
BID
MISC
CONFIRM
sap — erp_hcm SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data. 2019-07-10 not yet calculated CVE-2019-0325
BID
MISC
CONFIRM
sap — netweaver_application_server Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. 2019-07-10 not yet calculated CVE-2019-0318
BID
MISC
CONFIRM
sap — netweaver_for_java_application_server SAP NetWeaver for Java Application Server – Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. 2019-07-10 not yet calculated CVE-2019-0327
BID
MISC
CONFIRM
sap — netweaver_process_integration ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. 2019-07-10 not yet calculated CVE-2019-0328
BID
MISC
CONFIRM
sap — sap_gateway The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it’s not. 2019-07-10 not yet calculated CVE-2019-0319
BID
MISC
MISC
CONFIRM
sap — sapui5_and_openui5 SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-07-10 not yet calculated CVE-2019-0281
BID
MISC
CONFIRM
schedmd — slurm SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. 2019-07-11 not yet calculated CVE-2019-12838
MISC
CONFIRM
MISC
CONFIRM
siemens — simatic_pcs_7_and_simatic_wincc_products A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. 2019-07-11 not yet calculated CVE-2019-10935
BID
MISC
siemens — siprotec_5_devices A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions < V7.90). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition. 2019-07-11 not yet calculated CVE-2019-10931
MISC
siemens — siprotec_5_devices A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions < V7.90). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. 2019-07-11 not yet calculated CVE-2019-10930
MISC
siemens — spectrum_power_products A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions <= v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. 2019-07-11 not yet calculated CVE-2019-10933
MISC
siemens — tia_administrator A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-07-11 not yet calculated CVE-2019-10915
BID
MISC
snapview — mikogo The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges. 2019-07-12 not yet calculated CVE-2019-12731
MISC
sonatype — nexus_repository_manager Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. 2019-07-08 not yet calculated CVE-2019-9630
MISC
sonatype — nexus_repository_manager Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). 2019-07-08 not yet calculated CVE-2019-9629
MISC
sony — bravia_smart_tv_devices Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. 2019-07-09 not yet calculated CVE-2019-11889
MISC
FULLDISC
MISC
MISC
sony — bravia_smart_tv_devices Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. 2019-07-09 not yet calculated CVE-2019-11890
MISC
FULLDISC
MISC
MISC
spiderlabs — owasp_modsecurity_core_rule_set An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. 2019-07-09 not yet calculated CVE-2019-13464
MISC
MISC
squid-cache — squid An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn’t greater than the buffer, leading to a heap-based buffer overflow with user controlled data. 2019-07-11 not yet calculated CVE-2019-12527
CONFIRM
CONFIRM
CONFIRM
squid-cache — squid An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token’s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1. 2019-07-11 not yet calculated CVE-2019-12525
CONFIRM
CONFIRM
CONFIRM
squid-cache — squid An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn’t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. 2019-07-11 not yet calculated CVE-2019-12529
CONFIRM
CONFIRM
CONFIRM
stopzilla — stopzilla_antimalware An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F. 2019-07-09 not yet calculated CVE-2018-15738
MISC
MISC
sunnet — wmpro The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via “/teach/course/doajaxfileupload.php”. The target server can be exploited without authentication. 2019-07-11 not yet calculated CVE-2019-11062
CONFIRM
CONFIRM
CONFIRM
swift — alliance_web_platform An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages. 2019-07-05 not yet calculated CVE-2018-16386
MISC
symantec — messaging_gateway Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-07-11 not yet calculated CVE-2019-12751
BID
MISC
thoughtspot — thoughtspot An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them. 2019-07-09 not yet calculated CVE-2019-12782
MISC
CONFIRM
CONFIRM
trendnet — tew-827dru TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. 2019-07-10 not yet calculated CVE-2019-13279
MISC
trendnet — tew-827dru TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled. 2019-07-09 not yet calculated CVE-2019-13277
MISC
trendnet — tew-827dru TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. 2019-07-10 not yet calculated CVE-2019-13278
MISC
trendnet — tew-827dru TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. 2019-07-10 not yet calculated CVE-2019-13276
MISC
trendnet — tew-827dru TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled. 2019-07-09 not yet calculated CVE-2019-13280
MISC
u.s._army — america’s_army_proving_grounds An issue was discovered in the America’s Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks. 2019-07-10 not yet calculated CVE-2018-10531
MISC
MISC
umbiquiti_networks — edgemax_edgeswitch Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. 2019-07-10 not yet calculated CVE-2019-5446
MISC
umbiquiti_networks — edgemax_edgeswitch DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. 2019-07-10 not yet calculated CVE-2019-5445
MISC
vmware — esxi VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. 2019-07-11 not yet calculated CVE-2019-5528
BID
CONFIRM
wavpack — wavpack WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://ift.tt/2LV3umS. 2019-07-11 not yet calculated CVE-2019-1010319
MISC
MISC
wavpack — wavpack WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://ift.tt/2LPEo94. 2019-07-11 not yet calculated CVE-2019-1010317
MISC
MISC
wavpack — wavpack WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://ift.tt/2XHdqYv. 2019-07-11 not yet calculated CVE-2019-1010315
MISC
MISC
weseek — growi In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is required. 2019-07-09 not yet calculated CVE-2019-13337
MISC
weseek — growi In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field. 2019-07-09 not yet calculated CVE-2019-13338
MISC
wolfvision — cynap WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the ‘forgot password’ feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access. 2019-07-05 not yet calculated CVE-2019-13352
MISC
FULLDISC
MISC
wordpress — wordpress The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. 2019-07-08 not yet calculated CVE-2019-13413
MISC
MISC
wordpress — wordpress The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. 2019-07-08 not yet calculated CVE-2019-13414
MISC
MISC
zeromq — libzmq In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. 2019-07-10 not yet calculated CVE-2019-13132
MLIST
CONFIRM
CONFIRM
MLIST
BUGTRAQ
UBUNTU
DEBIAN
zoho_manageengine — assetexplorer An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. 2019-07-11 not yet calculated CVE-2019-12537
MISC
MISC
zoho_manageengine — servicedesk_plus An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. 2019-07-11 not yet calculated CVE-2019-12540
MISC
MISC
zoom_video_communications — zoom_client In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. 2019-07-09 not yet calculated CVE-2019-13449
MISC
MISC
MISC
MISC
MISC
zoom_video_communications — zoom_client The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can’t be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData. 2019-07-12 not yet calculated CVE-2019-13567
MISC
MISC
MISC
MISC
MISC
zoom_video_communications — zoom_client_and_ringcentral In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. 2019-07-09 not yet calculated CVE-2019-13450
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zte — mw_nr8000 ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. 2019-07-11 not yet calculated CVE-2019-3415
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

National Cybersecurity Drill

The Computer Emergency Response Team of Mauritius (CERT-MU) organised a National Cybersecurity Drill for the Financial Sector and the Department of Civil Aviation from 25th – 28th June 2019 at Palms Hotel, Quatre-Bornes. The main objective of the 4 days’ event was to assess the preparedness of these sectors to resist cyber threats and enable timely detection, response, and mitigation and recovery actions in the event of cyber-attacks. A workshop was held on the 25th June 2019 to familiarize the participants with the way cybersecurity drills are conducted and what is expected from them. The participants were also informed on the team composition for the drill exercise. From 26th – 28th June 2019, various scenarios were simulated during the drill exercise where participants had to come up with their response plans and present same in front of the other teams. The scenarios were conducted by staffs of CERT-MU during these 3 days. We also had a team of 3 Estonian experts from the Cyber4D programme who acted as observers for the cybersecurity drill. The workshop was attended by some 70 people on the 25th June 2019 and some 40 participants took part in the cybersecurity drill exercise which consisted of the Department of Civil Aviation, Financial Intelligence Unit, Financial Services Commission, Bank of Mauritius, and 9 commercial banks of the country.

National Cybersecurity Drill for the Financial Sector

The Computer Emergency Response Team of Mauritius (CERT-MU) organised a National Cybersecurity Drill for the Financial Sector and the Department of Civil Aviation from 25th – 28th June 2019 at Palms Hotel, Quatre-Bornes. The main objective of the 4 days’ event was to assess the preparedness of these sectors to resist cyber threats and enable timely detection, response, and mitigation and recovery actions in the event of cyber-attacks. A workshop was held on the 25th June 2019 to familiarize the participants with the way cybersecurity drills are conducted and what is expected from them. The participants were also informed on the team composition for the drill exercise. From 26th – 28th June 2019, various scenarios were simulated during the drill exercise where participants had to come up with their response plans and present same in front of the other teams. The scenarios were conducted by staffs of CERT-MU during these 3 days. We also had a team of 3 Estonian experts from the Cyber4D programme who acted as observers for the cybersecurity drill. The workshop was attended by some 70 people on the 25th June 2019 and some 40 participants took part in the cybersecurity drill exercise which consisted of the Department of Civil Aviation, Financial Intelligence Unit, Financial Services Commission, Bank of Mauritius, and 9 commercial banks of the country. 
 

Prime Minister launches Victoria Urban Terminal project

GIS – 28 June, 2019: The Victoria Urban Terminal project, a first-of-its-kind multimodal complex to the tune of some Rs 1.9 billion, was officially launched, yesterday, by the Prime Minister, Minister of Home Affairs, External Communications and National Development Unit, Minister of Finance and Economic Development, Mr Pravind Jugnauth, at the Caudan Arts Centre in Port Louis. The Minister of Public Infrastructure and Land Transport, Minister of Foreign Affairs, Regional Integration and International Trade, Mr Nandcoomar Bodha, other Ministers, Members of Parliament, and other personalities were also present at the launching ceremony.

The Terminal project, expected to be completed in some two years, revolves around a redefined architecture including the restoration of the ex-NTA building, provision of space for leisure activities, food courts, shops and lucrative commercial activities as well as historical monuments. The contract for the Victoria Urban Terminal project has been awarded to the consortium Transinvest-General Construction-IBL-Innodis-Promotion and Development-RHT Bus Services.
In his address, the Prime Minister reiterated Government’s commitment to modernise the country, for the benefit of all citizens, through public-private partnerships such as the Victoria Urban Terminal, a project which will undoubtedly be profitable and generate wealth. He announced that similar projects, totalling investments of more than Rs 10 billion will also be developed along the route of the Metro Express.
 
Prime Minister Jugnauth stated that eligible hawkers willing to buy their own stalls in the new urban terminals at Victoria and Immigration Square stations will be given concessional financing assistance through the Development Bank of Mauritius. He further made an appeal for public understanding during the proceedings.
 
For his part, Minister Bodha stated that the renovation works for the old Victoria bus terminal are expected to cost some Rs 350 million. He added that some 600 buses, 50 taxis and 1 000 hawkers will have to be relocated during the construction of the Victoria Urban Terminal.
 
Some 100 000 passengers are expected to pass through the Victoria Urban Terminal daily. This project spreading over an area of ​​5.25 acres, will house a terminal comprising 22 stands, offices on area of 2 992 m2, a parking area of ​​400 spaces over 2 200 m2, the Victoria Market on 7 200 m2, the Victoria Shopping Centre on 8 480 m2, a supermarket on 2 448 m2, and a food court of 1 049 m2. Some 1 000 hawkers will also be accommodated in the complex.
 
 

Government Information Service, Prime Minister’s Office, Level 6, New Government Centre, Port Louis, Mauritius. Email: gis@govmu.org  Website: http://gis.govmu.org  Mobile App: Search Gov

Maurice annonce la tenue d’un sommet mondial sur la sécurité maritime et renforce son leadership régional dans ce domaine

Deuxième conférence ministérielle sur la sécurité maritime et 22ième plénière du GCPCS
Maurice annonce la tenue d’un sommet mondial sur la sécurité maritime et renforce son leadership régional dans ce domaine
 
Maurice assoit son rôle de leadership dans la sécurité maritime régionale et annonce la tenue d’un sommet mondial sur la sureté des mers contre les crime. Avec le concours de la Commission de l’océan Indien (COI), elle continue à mobiliser l’effort de la communauté internationale pour sécuriser les routes maritimes et dans l’océan Indien occidental.
Durant toute une semaine, la sécurité maritime a été au cœur de l’agenda régional. Plus de 200 délégués de haut niveau venant d’une quarantaine de pays et organisations internationales se ont donnés rendez-vous à Maurice pour la Conférence ministérielle sur la sécurité maritime dans l’océan Indien occidental des 18 et 19 juin 2019 et pour la 22e session plénière du Groupe de contact sur la piraterie au large des côtes somaliennes le 20 juin.
La sécurité maritime, a indiqué le ministre des Affaires étrangères de Maurice, M. Nandcoomar Bodha, est devenu un enjeu de développement majeur pour les pays de la région qui sont en train de développer l’économie bleue pour générer de nouvelles sources de richesse nationale pour leurs populations.
Le chef de la diplomatie mauricienne a rappelé que la deuxième édition de la conférence ministérielle a pour objectif de prolonger et de raffermir les grandes avancées réalisées lors de la dernière édition notamment en terme de la mise en œuvre d’une feuille de route pour renforcer l’architecture de surveillance des mers.
L’entrée en opération du Centre de Coordination aux Seychelles et du Centre de Fusion à Madagascar, mise en place dans le cadre des Accords MASE (Maritime Security Programme), répond à une exigence de sécurité des océans dans la région.
Le ministre a fait un appel aux pays de la région qui n’ont pas encore signé ces accords de le faire en vue de renforcer la coopération régionale face aux risques sécuritaires en
Le ministre Mentor et ministre de la Défense, Sir Anerood Jugnauth, a, lui, annoncé la tenue d’un sommet mondial sur la sécurité de océans, réaffirmant ainsi le rôle de leadership que compte jouer Maurice dans ce domaine vital de l’économie et de la sécurité mondiale. Maurice qui revendique dorénavant avec détermination son statut d’Etat océan avec une immense zone économique exclusive de plus de 2,3 millions de kilomètres carrés veut faire entendre sa voix dans la région et sur la scène internationale.
Le bassin occidental de l’océan indien revêt une importance au niveau mondial. En effet, ce vaste espace bordé par une quinzaine d’Etats est traversé par des grandes routes maritimes reliant l’Asie, le Moyen Orient, l’Afrique orientale et australe et l’Europe.
Au-delà de la piraterie qui a longtemps été un risque sécuritaire majeur dans la région, d’autres menaces ont émergé et se développent dans l’océan indien occidental dont la criminalité transnationale et organisée, notamment le trafic d’êtres humains, l’immigration clandestine organisée, le trafic d’armes et le terrorisme. Le trafic de drogue est particulièrement important dans la zone, mettant en danger Maurice et ses voisins.
 
La conférence ministérielle et la plénière du GCPCS ont permis de faire le point sur les enjeux de sécurité maritime et les initiatives en cours pour y répondre. Au total, une trentaine d’initiatives luttant contre les différents aspects de l’insécurité maritime (piraterie, trafic de drogue, traite d’êtres humains, attaques à mains armées, pêche illégale, blanchiment d’argent, risque terroriste, pollution…) ont cours dans l’océan Indien occidental. Les participants à la Conférence ministérielle ont ainsi appelé à une coordination effective de l’ensemble de ces initiatives pour éviter les chevauchements et assurer une sécurisation de long terme de l’océan Indien occidental traversé par des routes maritimes d’importance mondiale.
Parmi ces initiatives, les mécanismes d’échange d’information et de coordination des actions en mer, mis en place à travers le programme MASE financé par l’Union européenne, et les activités du Code de conduite de Djibouti et ses amendements de Djeddah ont particulièrement retenu l’attention puisqu’ils fondent une architecture régionale de sécurité maritime adaptée aux besoins de la région. Les Centres régionaux mis en place à travers ces initiatives permettent en effet de mieux coordonner les actions en mer et de fluidifier la circulation de l’information entre les administrations nationales chargées de la sécurité. Les outils déployés dans le cadre du programme MASE auprès du Centre régional de fusion de l’information maritime à Madagascar et du Centre régional de coordination opérationnelle aux Seychelles permettront notamment de suivre la situation maritime en temps réel et d’identifier rapidement les comportements suspects ou les cas de détresse en mer pour une intervention coordonnée. Les participants ont également indiqué leur appréciation positive de la participation des partenaires internationaux aux opérations sur le terrain, notamment des forces navales (EUNAVFOR Atalanta, Combined Maritime Forces, les pourvoyeurs extérieurs de sécurité et l’OTAN)
A l’issue des travaux, les délégués ont adopté la Déclaration de la Conférence ministérielle sur la sécurité maritime dans l’océan Indien occidental et le Communiqué final de la 22e session plénière du CGPCS, deux documents qui fixent le cap des actions à venir pour la sécurité maritime régionale. Les organisations régionales de l’Afrique orientale (COMESA, IGAD, EAC et COI) sont appelées à rester en première ligne de la mobilisation et de l’action pour la sécurité maritime en appui à leurs Etats membres et avec le soutien des partenaires au développement, notamment l’Union européenne.
Déterminées à approfondir l’engagement pour la sécurité maritime, « condition essentielle pour développer l’économie bleue et assurer la stabilité, le progrès social et la sécurité humaine », les autorités mauriciennes, par la voix du ministre mauricien des Affaires étrangères, de l’Intégration régionale et du Commerce international, Nandcoomar Bodha, également président en exercice du CGPCS au nom de la COI, ont annoncé l’organisation d’une nouvelle édition de la Conférence ministérielle en 2020 visant à évaluer la mise en œuvre de la Déclaration adoptée le 19 juin. Nandcoomar Bodha a également symboliquement remis le fanion du CGPCS à Raychelle Omamo, ministre de la Défense du Kenya  qui prendra la présidence de ce Groupe de contact à compter de janvier 2020 pour deux ans. Ce passage de témoin exprime la volonté des Etats de la région de jouer un rôle croissant et prépondérant pour la sécurité maritime régionale avec le concours renouvelé de la communauté internationale.
Cette semaine de la sécurité maritime, organisée par la République de Maurice en partenariat avec la COI et le soutien de l’Union européenne, a été marquée par la présence des ministres des Comores, de Djibouti, du Kenya, de Madagascar, du Secrétaire d’Etat des Seychelles représentant la présidence du Conseil des ministres de la COI, de la sous-secrétaire générale pour l’Afrique du Département des Affaires politiques et de Consolidation de la paix des Nations unies, des ambassadeurs de l’Union européenne, de France, du Royaume-Uni, de Chine, d’Inde et du Japon, entre autres, et de hauts-représentants des Etats-Unis, de plusieurs pays africains, arabes, asiatiques et européens, des forces navales, du COMESA, de l’IGAD, de la COI ou encore des agences onusiennes (Organisation maritime internationale, Organisation internationale pour les migrations, Office des Nations unies contre la drogue et le crime, FAO…).
Click on links to view/Cliquez sur les liens pour lire:
 

Cabinet Decisions taken on 21 JUNE 2019

CABINET DECISIONS    21 JUNE 2019
 
 
1.         Cabinet has agreed to an early introduction into the National Assembly of the Declaration of Assets (Amendment) Bill.  The object of the Bill is to amend the Declaration of Assets Act 2018 –
 
(a)       by widening the definition of “assets”, so that assets to be declared under the Act shall include any money deposited in a non-bank deposit taking institution by the Bank of Mauritius;
 
(b)       so as to give a definition to the term “State-owned enterprise”, so that a State-owned enterprise which falls under the purview of the Act shall be such enterprise, in which the State is a shareholder or exercises a degree of control, as may be prescribed; and
 
            (c)        so as to clarify some provisions of the Act.
 
 
****
 
 
2.         Cabinet has agreed to the creation of a ‘Village des Artistes’ at Batterie de l’Harmonie, Black River, on the Build Operate Transfer (BOT) model.  The project aims at conserving, restoring and upgrading structures on the site in line with the provisions of the National Heritage Fund Act in order to provide a conducive environment for artists to create works of art, showcase their creations, hold working sessions and conduct workshops.
 
 
****
 
 
3.         Cabinet has agreed to the renaming of the classified Baie du Cap, Chamarel and Case Noyale Road (B104), commonly known as ‘Chemin 52 Contours’, in view of the fact that Chamarel is already a strong tourism brand in itself and famous for its tourist attractions, namely, seven coloured earth, mirador, waterfall and “Rhumerie de Chamarel”.
 
 
****
 
 
4.         Cabinet has taken note of the status of implementation of projects in the Health Sector namely, the construction of the new ENT Hospital at Vacoas, the Flacq Teaching Hospital, the New Eye Care Hospital at Réduit and four Mediclinics at Bel Air, Coromandel, Stanley and Quartier Militaire.
 
 
****


 
5.         Cabinet has taken note that the 7th Session of the Mauritius-EU Political Dialogue was held on 13 June 2019. The Mauritius delegation comprised the Minister of Public Infrastructure and Land Transport, Minister of Foreign Affairs, Regional Integration and International Trade, the Minister of Agro-Industry and Food Security, the Attorney General, Minister of Justice, Human Rights and Institutional Reforms, the Minister of Financial Services and Good Governance, as well as senior officials from different Ministries.  The EU side was headed by HE Ms Marjana Sall, EU Ambassador to Mauritius, and included diplomatic representatives of eight EU Member States, including France and UK.
 
            The meeting discussed various issues related to the current state of play and the future of Mauritius-EU relations bilaterally and within the Cotonou Partnership Agreement (CPA) and post-CPA.
 
****
 
6.         Cabinet has taken note of the activities being organised by the Ministry of Health and Quality of Life on 27 June 2019 to commemorate the International Day Against Drug Abuse and Illicit Trafficking, namely –
 
(a)       a march from Champ de Mars to Jardin de la Compagnie involving the participation of around 1,200 persons, including students from secondary schools in the region of Port Louis, representatives of different Ministries, NGOs as well as other stakeholders;
 
(b)       a national mass media campaign against drug, targeting the whole population and sensitisation of students on the harmful effects of drugs; and
 
(c)        sensitisation on problems of drug at workplace as well as the community through talks and dissemination of brochures.
 
****
 
7.         Cabinet has taken note that the Mauritius Family Planning and Welfare Association Act 2018 which was passed by the National Assembly on 4 December 2018, would be proclaimed shortly and would come into operation on 15 July 2019. 
 
****
 
8.         Cabinet has taken note of the outcome of the recent visit of the Attorney General, Minister of Justice, Human Rights and Institutional Reforms to Rodrigues. The main objective of his visit was to follow up on issues pertaining to Human Rights and to have consultations with various stakeholders to raise their awareness on the subject matter. During the visit, he had, inter alia, working sessions with the Chief Commissioner, Members of the National Assembly and Commissioners of the Rodrigues Regional Assembly. He also had an awareness raising and brainstorming session with the Departmental Heads of the various Commissions of the Rodrigues Regional Assembly, representatives from the Police Force, the Prison Service and relevant NGOs.
 
 
*******

Prime Minister: Budget 2019-2020 focuses on all social categories

 

GIS – 13 June, 2019: Budget 2019-2020, with a series of measures announced to consolidate the productive sectors, to reach a higher social development path and that are based on continuity while expressing Government’s vision, continues to take into consideration and targets all social categories so that we can embrace a brighter future together as a nation.

The Prime Minister, Minister of Home Affairs, External Communications and National Development Unit, Minister of Finance and Economic Development, Mr Pravind Kumar Jugnauth, made this statement, yesterday, during a television interview organised by the Ministry of Finance and Economic Development in collaboration with the Economic Development Board and the Mauritius Broadcasting Corporation in Ebène. His intervention focussed on measures announced in Budget 2019-2020 and aimed at shedding light on some of these measures.
 
Prime Minister Jugnauth recalled that, in line with Government’s innovative development strategy and its aim of transforming the country into a digital economy, Budget 2019-2020 puts emphasis on the need to equip youths with the required skills, and to that end a range of courses will be offered in areas including Artificial Intelligence, Robotics and Fintech. Furthermore, the Budget makes provision for another Governmental measure to boost productivity by maximising the skills and talents of youths through the provision of training that is relevant to the job market. To this end, a National Skills Matching Platform, to assess the training requirement of job applicants and direct them towards the relevant employability scheme with the guarantee of a job at the end, will be created.
 
This Budget, he added, also focusses on several other areas such as: expanding and modernising our infrastructure; dealing with the challenges facing the sugar and manufacturing sectors, including textiles; investing in new pillars of growth; and further opening up and integrating our economy with the rest of the world. It also takes into account the investment in the education, training and other skills needed by the youth, so that they are better prepared for the future. Measures have also been proposed to address the impact of demographic change, promote a more inclusive and equitable society and further address the problem of poverty as well as building greater resilience to the impact of climate change.
 
Speaking about the repayment of public debt, the Prime Minister stated that the statutory requirement was to bring it down to 60 percent as a ratio of Gross Domestic Product by end of June 2021, but that Government plans to reach this target much earlier. This will be done by generating revenue from ongoing projects as well as using part of the accumulated undistributed surplus held at the Bank of Mauritius, as the country’s reserves increased by Rs 117 billion during the last four years to reach Rs 241 billion, that is, by 94 percent, and now representing 11.2 months of import cover. It is recalled that the Bank of Mauritius indicated, in a communique, that it is an acceptable international practice by central banks to hold official foreign exchange reserves in support of a range of objectives including, inter alia, to assist governments in meeting their external debt obligations.
 
With regard to global situations such as Brexit or the increasing price of petroleum products which will have an impact on Mauritius, Prime Minister Jugnauth said that the measures enunciated in Budget 2019-2020 will help to bring more economic growth for the country in forthcoming years. Government will do its uttermost to be as far-sighted as possible so as to cater for the needs of the population, he added.
 

Government Information Service, Prime Minister’s Office, Level 6, New Government Centre, Port Louis, Mauritius. Email: gis@govmu.org  Website: http://gis.govmu.org  Mobile App: Search Gov

SB19-154: Vulnerability Summary for the Week of May 27, 2019

Original release date: June 03, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7018
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7019
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7020
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7025
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7026
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7029
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7031
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7037
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7039
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7040
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7042
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7043
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7044
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7046
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7048
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7050
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7051
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7052
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7054
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7060
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7062
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7066
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7068
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7069
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7070
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7072
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 7.1 CVE-2019-7075
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7076
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7077
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7078
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 9.3 CVE-2019-7079
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7080
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7082
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7083
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7084
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7085
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7086
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7087
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 7.8 CVE-2019-7089
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 7.8 CVE-2019-7815
CONFIRM
adobe — coldfusion ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-24 10.0 CVE-2019-7091
CONFIRM
adobe — coldfusion ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-24 10.0 CVE-2019-7816
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-24 10.0 CVE-2019-7095
CONFIRM
adobe — photoshop_cc Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-24 10.0 CVE-2019-7094
CONFIRM
apache — hadoop In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. 2019-05-30 9.0 CVE-2018-8029
BID
CONFIRM
MLIST
auerswald — comfortel_1200_ip_firmware A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) — in the same network as the device — to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. 2019-05-29 7.7 CVE-2018-19977
MISC
MISC
auerswald — comfortel_1200_ip_firmware A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. 2019-05-29 7.7 CVE-2018-19978
MISC
MISC
bosch — bosch_video_management_system A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface. 2019-05-29 7.5 CVE-2019-6957
CONFIRM
deltek — maconomy Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd URI. 2019-05-24 7.5 CVE-2019-12314
MISC
MISC
exponentcms — exponent_cms Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. 2019-05-24 7.5 CVE-2016-8898
MISC
MISC
exponentcms — exponent_cms Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. 2019-05-24 7.5 CVE-2016-8900
MISC
MISC
firejail_project — firejail Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the –shutdown control command). This is similar to CVE-2019-5736. 2019-05-31 9.3 CVE-2019-12499
MISC
fortinet — forticlient An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. 2019-05-28 9.3 CVE-2019-5589
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption (issue 2 of 2). 2019-05-29 7.8 CVE-2019-9177
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). 2019-05-29 7.5 CVE-2019-9218
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. 2019-05-29 7.5 CVE-2019-9485
MISC
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. 2019-05-29 7.5 CVE-2019-9732
MISC
MISC
gnome — glib file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. 2019-05-29 7.5 CVE-2019-12450
MISC
gnome — gvfs An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. 2019-05-29 7.5 CVE-2019-12447
MISC
gnome — gvfs An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file’s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. 2019-05-29 10.0 CVE-2019-12449
MISC
gog — galaxy An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. 2019-05-30 7.2 CVE-2018-4048
MISC
karamasoft — ultimateeditor Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI. 2019-05-24 7.5 CVE-2019-12150
MISC
MISC
linux — linux_kernel An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. 2019-05-30 7.2 CVE-2019-12454
MISC
MISC
linux — linux_kernel An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a “double fetch” vulnerability. 2019-05-30 7.2 CVE-2019-12456
MISC
MISC
mlmsoftwarez — add_clicking_mlm_software SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter. 2019-05-24 7.5 CVE-2018-17843
MISC
MISC
mobotix — s14_firmware There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. 2019-05-31 9.3 CVE-2019-12502
MISC
precurio — precurio The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. 2019-05-24 7.5 CVE-2016-10759
MISC
MISC
qualcomm — ipq4019_firmware Data length received from firmware is not validated against the max allowed size which can result in buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-05-24 7.2 CVE-2018-11925
CONFIRM
qualcomm — ipq4019_firmware Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 2019-05-24 7.2 CVE-2018-11968
CONFIRM
qualcomm — ipq8074_firmware Lack of check on length parameter may cause buffer overflow while processing WMI commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, SXR1130 2019-05-24 7.2 CVE-2018-11928
CONFIRM
qualcomm — mdm9150_firmware Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find event from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 625, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24, SM7150 2019-05-24 7.2 CVE-2018-11927
CONFIRM
qualcomm — mdm9150_firmware Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 2019-05-24 10.0 CVE-2018-11930
CONFIRM
qualcomm — mdm9150_firmware Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150 2019-05-24 10.0 CVE-2018-11937
CONFIRM
qualcomm — mdm9150_firmware Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130 2019-05-24 10.0 CVE-2018-11940
CONFIRM
qualcomm — mdm9150_firmware Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-05-24 10.0 CVE-2018-11949
CONFIRM
qualcomm — mdm9150_firmware While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, SDX20 2019-05-24 10.0 CVE-2018-11953
CONFIRM
qualcomm — mdm9150_firmware Signature verification of the skel library could potentially be disabled as the memory region on the remote subsystem in which the library is loaded is allocated from userspace currently in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-05-24 7.2 CVE-2018-11967
CONFIRM
qualcomm — mdm9150_firmware Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 2019-05-24 10.0 CVE-2018-13886
CONFIRM
qualcomm — mdm9150_firmware Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130 2019-05-24 10.0 CVE-2018-13887
CONFIRM
qualcomm — mdm9150_firmware Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-05-24 7.2 CVE-2018-13895
CONFIRM
qualcomm — mdm9150_firmware Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 2019-05-24 7.2 CVE-2018-13899
CONFIRM
qualcomm — mdm9206_firmware Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130 2019-05-24 7.5 CVE-2018-11271
CONFIRM
qualcomm — mdm9206_firmware Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820, SD 820A, SD 835, SDX20, SDX24, Snapdragon_High_Med_2016 2019-05-24 10.0 CVE-2018-11936
CONFIRM
qualcomm — mdm9206_firmware While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SXR1130 2019-05-24 7.2 CVE-2018-12012
CONFIRM
qualcomm — mdm9206_firmware Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 2019-05-24 7.2 CVE-2018-12013
CONFIRM
qualcomm — mdm9206_firmware Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24 2019-05-24 7.2 CVE-2018-13920
CONFIRM
qualcomm — mdm9206_firmware Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-05-24 10.0 CVE-2018-13925
CONFIRM
qualcomm — mdm9206_firmware Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016 2019-05-24 10.0 CVE-2019-2244
CONFIRM
qualcomm — mdm9206_firmware Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016 2019-05-24 10.0 CVE-2019-2245
CONFIRM
qualcomm — qcs605_firmware Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130 2019-05-24 7.2 CVE-2019-2250
CONFIRM
s9y — serendipity serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by “php” as a filename. 2019-05-24 7.5 CVE-2016-10752
MISC
MISC
sqlite — sqlite SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. 2019-05-30 7.5 CVE-2019-8457
MISC
MISC
synacor — zimbra_collaboration_suite ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. 2019-05-29 7.5 CVE-2018-20160
MISC
MISC
MISC
synacor — zimbra_collaboration_suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. 2019-05-29 7.5 CVE-2019-6980
MISC
MISC
synacor — zimbra_collaboration_suite mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability. 2019-05-29 7.5 CVE-2019-9670
MISC
MISC
MISC
MISC
EXPLOIT-DB
yealink — ultra-elegant_ip_phone_sip-t41p_firmware The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. 2019-05-29 9.0 CVE-2018-16217
MISC
MISC
yealink — ultra-elegant_ip_phone_sip-t41p_firmware The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). 2019-05-29 7.7 CVE-2018-16221
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abantecart — abantecart AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php. 2019-05-24 4.0 CVE-2016-10755
MISC
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7021
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7022
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7023
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7024
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7028
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7030
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7032
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7033
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7034
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7035
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7036
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7038
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. 2019-05-24 6.8 CVE-2019-7041
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7045
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7047
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7049
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7053
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7055
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7056
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7057
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7058
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7059
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7063
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7064
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7065
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7067
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7071
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7073
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7074
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 5.0 CVE-2019-7081
CONFIRM
adobe — coldfusion ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . 2019-05-24 4.3 CVE-2019-7092
CONFIRM
adobe — creative_cloud Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. 2019-05-24 6.8 CVE-2019-7093
CONFIRM
adobe — experience_manager_forms Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-05-29 4.3 CVE-2019-7129
CONFIRM
adobe — flash_player Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-05-24 4.3 CVE-2019-7090
CONFIRM
afian — filerun FileRun 2019.05.21 allows images/extjs Directory Listing. 2019-05-30 5.0 CVE-2019-12457
MISC
MISC
MISC
afian — filerun FileRun 2019.05.21 allows css/ext-ux Directory Listing. 2019-05-30 5.0 CVE-2019-12458
MISC
MISC
MISC
afian — filerun FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. 2019-05-30 5.0 CVE-2019-12459
MISC
MISC
MISC
ampache — ampache Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. 2019-05-24 6.5 CVE-2017-18375
MISC
apache — camel Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. 2019-05-28 5.0 CVE-2019-0188
JVN
MLIST
BID
CONFIRM
MLIST
apache — tomcat The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. 2019-05-28 4.3 CVE-2019-0221
FULLDISC
CONFIRM
MLIST
bacnet_protocol_stack_project — bacnet_protocol_stack BACnet Protocol Stack through 0.8.6 could allow an unauthenticated, remote attacker to cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers. 2019-05-30 5.0 CVE-2019-12480
MISC
blueprism — robotic_process_automation In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user’s permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords. 2019-05-24 6.5 CVE-2019-11875
MISC
MISC
bosch — bosch_video_management_system A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as “CWE-284: Improper Access Control.” This vulnerability, for example, allows a potential attacker to delete video or read video data. 2019-05-29 6.4 CVE-2019-6958
CONFIRM
ca — risk_authentication A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. 2019-05-28 4.0 CVE-2019-7393
MISC
FULLDISC
BID
BUGTRAQ
CONFIRM
ca — risk_authentication A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. 2019-05-28 6.5 CVE-2019-7394
MISC
FULLDISC
BID
BUGTRAQ
CONFIRM
cloudera — cloudera_manager An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. 2019-05-24 4.0 CVE-2018-10815
MISC
CONFIRM
computrols — computrols_building_automation_software Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. 2019-05-24 6.8 CVE-2019-10847
MISC
MISC
computrols — computrols_building_automation_software Computrols CBAS 18.0.0 allows Username Enumeration. 2019-05-24 5.0 CVE-2019-10848
MISC
MISC
dollarshaveclub — shave XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element. 2019-05-24 4.3 CVE-2019-12313
MISC
MISC
MISC
doxygen — doxygen Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. 2019-05-24 4.3 CVE-2016-10245
SUSE
BID
MISC
MISC
MISC
MLIST
drupal — drupal In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. 2019-05-24 4.3 CVE-2019-11876
MISC
MISC
dynmap_project — dynmap In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login despite an enabled login-required setting. 2019-05-28 5.0 CVE-2019-12395
MISC
MISC
MISC
e107 — e107 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. 2019-05-24 6.5 CVE-2016-10753
MISC
MISC
eficode — influxdb Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-05-31 4.0 CVE-2019-10329
MLIST
MISC
emerson — ovation_ocr400_firmware In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. 2019-05-28 6.5 CVE-2019-10965
BID
MISC
emerson — ovation_ocr400_firmware In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. 2019-05-28 6.5 CVE-2019-10967
BID
MISC
eventum_project — eventum An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter. 2019-05-24 4.3 CVE-2018-12624
MISC
CONFIRM
fedoraproject — fedora Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://intel.ly/2w0UaVx 2019-05-30 4.7 CVE-2018-12126
FEDORA
CONFIRM
fedoraproject — fedora Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://intel.ly/2w0UaVx 2019-05-30 4.7 CVE-2018-12127
FEDORA
CONFIRM
fedoraproject — fedora Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://intel.ly/2w0UaVx 2019-05-30 4.7 CVE-2018-12130
FEDORA
CONFIRM
fedoraproject — fedora Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://intel.ly/2w0UaVx 2019-05-30 4.7 CVE-2019-11091
FEDORA
CONFIRM
fortinet — fortianalyzer An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). 2019-05-28 4.3 CVE-2018-13375
CONFIRM
fortinet — forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. 2019-05-30 4.6 CVE-2018-13368
CONFIRM
fortinet — forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. 2019-05-30 4.6 CVE-2018-9191
CONFIRM
fortinet — forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. 2019-05-30 4.6 CVE-2018-9193
CONFIRM
fortinet — fortios An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. 2019-05-29 5.0 CVE-2018-13365
CONFIRM
fortinet — fortios A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. 2019-05-29 4.3 CVE-2018-13383
CONFIRM
freeradius — freeradius It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. 2019-05-24 6.9 CVE-2019-10143
CONFIRM
CONFIRM
gitea — gitea Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. 2019-05-31 5.0 CVE-2019-10330
MLIST
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control, 2019-05-29 4.0 CVE-2019-7549
MISC
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. 2019-05-29 4.0 CVE-2019-9866
MISC
glyphandcog — xpdfreader A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. 2019-05-27 5.8 CVE-2019-12360
MISC
glyphandcog — xpdfreader A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. 2019-05-30 5.8 CVE-2019-12493
MISC
gnome — gvfs An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn’t implement query_info_on_read/write. 2019-05-29 6.8 CVE-2019-12448
MISC
gpac — gpac An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. 2019-05-30 4.3 CVE-2019-12481
MISC
gpac — gpac An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. 2019-05-30 5.0 CVE-2019-12482
MISC
gpac — gpac An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. 2019-05-30 6.8 CVE-2019-12483
MISC
haxx — curl An integer overflow in curl’s URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. 2019-05-28 4.3 CVE-2019-5435
CONFIRM
haxx — libcurl A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. 2019-05-28 4.6 CVE-2019-5436
CONFIRM
heidelberg — prinect_archiver A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0. 2019-05-24 4.3 CVE-2019-10685
MISC
MISC
horde — groupware Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it’s never submitted by the forms, which default to securely using a random path.) 2019-05-29 6.5 CVE-2019-9858
MISC
MISC
hybridgroup — gobot An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. 2019-05-31 5.0 CVE-2019-12496
MISC
MISC
ibm — api_connect IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. 2019-05-29 5.0 CVE-2019-4256
BID
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072. 2019-05-29 4.3 CVE-2019-4264
BID
XF
CONFIRM
incsub — hustle The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator’s computer through Excel functions as the plugin does not sanitize the user’s input and allows insertion of any text. 2019-05-29 6.8 CVE-2019-11872
MISC
MISC
MISC
jenkins — pipeline_maven_integration An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory’s content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. 2019-05-31 5.5 CVE-2019-10327
MLIST
MISC
jenkins — pipeline_remote_loader Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. 2019-05-31 6.5 CVE-2019-10328
MLIST
MISC
jenkins — warnings_next_generation A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. 2019-05-31 4.3 CVE-2019-10326
MLIST
MISC
jfrog — artifactory A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-05-31 4.3 CVE-2019-10321
MLIST
MISC
jfrog — artifactory A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-05-31 4.0 CVE-2019-10322
MLIST
MISC
jfrog — artifactory A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2019-05-31 4.0 CVE-2019-10323
MLIST
MISC
jfrog — artifactory A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively. 2019-05-31 4.3 CVE-2019-10324
MLIST
MISC
kibokolabs — hostel XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. 2019-05-27 4.3 CVE-2019-12345
MISC
kliqqi — kliqqi_cms Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. 2019-05-24 6.8 CVE-2016-10756
MISC
MISC
libreswan — libreswan In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS). 2019-05-24 5.0 CVE-2019-12312
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). 2019-05-27 4.9 CVE-2019-12378
BID
MISC
MISC
linux — linux_kernel An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. 2019-05-27 4.9 CVE-2019-12379
BID
MISC
linux — linux_kernel An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). 2019-05-27 4.9 CVE-2019-12381
BID
MISC
MISC
linux — linux_kernel An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). 2019-05-27 4.9 CVE-2019-12382
BID
MISC
MISC
linux — linux_kernel An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). 2019-05-30 4.9 CVE-2019-12455
MISC
MISC
netgate — pfsense In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors. 2019-05-29 4.3 CVE-2019-12347
MISC
MISC
CONFIRM
MISC
MISC
oracle — enterprise_manager_ops_center Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. While the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H). 2019-05-24 6.3 CVE-2019-2726
MISC
osclass — osclass osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. 2019-05-24 6.5 CVE-2016-10751
MISC
MISC
phome — empirecms EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. 2019-05-27 4.3 CVE-2019-12361
MISC
phome — empirecms EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. 2019-05-27 4.3 CVE-2019-12362
MISC
phpkit — phpkit PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. 2019-05-24 6.5 CVE-2016-10758
MISC
MISC
phprelativepath_project — phprelativepath An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. 2019-05-31 4.3 CVE-2019-12507
MISC
MISC
qemu — qemu interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. 2019-05-24 5.0 CVE-2019-12155
CONFIRM
MISC
BUGTRAQ
DEBIAN
qualcomm — 215_firmware Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 820, SD 820A, SD 845 / SD 850, SDM439, SDM660, SDX20 2019-05-24 4.6 CVE-2019-2248
CONFIRM
qualcomm — ipq8074_firmware ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-05-24 4.9 CVE-2018-11976
CONFIRM
qualcomm — mdm9150_firmware Improper buffer length check before copying can lead to integer overflow and then a buffer overflow in WMA event handler in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-05-24 4.6 CVE-2018-11923
CONFIRM
qualcomm — mdm9150_firmware Improper buffer length validation in WLAN function can lead to a potential integer oveflow issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150 2019-05-24 4.6 CVE-2018-11924
CONFIRM
qualcomm — mdm9150_firmware An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 2019-05-24 4.9 CVE-2018-12005
CONFIRM
qualcomm — mdm9150_firmware Possible memory overread may be lead to access of sensitive data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130 2019-05-24 4.9 CVE-2018-13885
CONFIRM
qualcomm — mdm9150_firmware Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-05-24 4.6 CVE-2019-2247
CONFIRM
qualcomm — mdm9206_firmware Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 2019-05-24 4.9 CVE-2018-12004
CONFIRM
readaxo — readaxo In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. 2019-05-24 6.8 CVE-2016-10757
MISC
MISC
revive-adserver — revive_adserver Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header. 2019-05-28 6.8 CVE-2019-5440
MISC
samsung — scx-824_firmware Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the “print from file” feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. 2019-05-24 4.3 CVE-2019-12315
MISC
synacor — zimbra_collaboration_suite Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra. 2019-05-30 4.3 CVE-2015-7609
MISC
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration_suite Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. 2019-05-29 4.3 CVE-2018-14013
MISC
MISC
MISC
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration_suite There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. 2019-05-30 4.3 CVE-2018-14425
MISC
MISC
synacor — zimbra_collaboration_suite An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. 2019-05-30 5.0 CVE-2018-15131
MISC
MISC
synacor — zimbra_collaboration_suite mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. 2019-05-29 4.3 CVE-2018-18631
MISC
MISC
synacor — zimbra_collaboration_suite Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. 2019-05-29 4.0 CVE-2019-6981
MISC
MISC
tinycc — tinycc An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. 2019-05-31 4.3 CVE-2019-12495
MISC
MISC
torproject — tor_browser Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser’s UI locale by measuring a button width, even if the user has a “Don’t send my language” setting. 2019-05-27 4.3 CVE-2019-12383
BID
MISC
MISC
MISC
vtiger — vtiger_crm modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. 2019-05-24 6.5 CVE-2016-10754
MISC
MISC
webport — web_port Web Port 1.19.1 allows XSS via the /access/setup type parameter. 2019-05-30 4.3 CVE-2019-12460
MISC
MISC
webport — web_port Web Port 1.19.1 allows XSS via the /log type parameter. 2019-05-30 4.3 CVE-2019-12461
MISC
MISC
westermo — dr-250_firmware The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. 2019-05-24 6.5 CVE-2018-19612
MISC
MISC
westermo — dr-250_firmware Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. 2019-05-24 4.3 CVE-2018-19613
MISC
MISC
windriver — vxworks When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. 2019-05-29 6.8 CVE-2019-9865
MISC
CONFIRM
yealink — ultra-elegant_ip_phone_sip-t41p_firmware A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. 2019-05-29 6.8 CVE-2018-16218
MISC
MISC
zohocorp — manageengine_adselfservice_plus In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user’s AD self-service password reset and MFA token. 2019-05-24 4.3 CVE-2019-8346
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). 2019-05-29 2.1 CVE-2019-9221
MISC
MISC
iball — 300m_2-port_wireless-n_broadband_router_firmware iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. 2019-05-28 2.1 CVE-2018-20008
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. 2019-05-29 3.5 CVE-2019-4139
CONFIRM
BID
XF
ibm — jazz_reporting_service IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974. 2019-05-29 3.5 CVE-2019-4184
BID
XF
CONFIRM
jenkins — warnings_next_generation A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. 2019-05-31 3.5 CVE-2019-10325
MLIST
MISC
linux — linux_kernel An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. 2019-05-27 2.1 CVE-2019-12380
BID
MISC
synacor — zimbra_collaboration_suite Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs. 2019-05-30 3.5 CVE-2018-10948
MISC
tp-link — tl-wr840n_firmware TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. 2019-05-24 3.5 CVE-2019-12195
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advanced_infodata_systems — esel-server SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the ‘sa’ user. 2019-05-31 not yet calculated CVE-2019-10123
MISC
MISC
apache — roller Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!– <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> –> 2019-05-28 not yet calculated CVE-2018-17198
BID
MISC
aveva — vijeo_citect_and_citectscada In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. 2019-05-31 not yet calculated CVE-2019-10981
MISC
CONFIRM
bitdefender — bitdefender_engines An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2019-05-24 not yet calculated CVE-2018-18059
MISC
MISC
bitdefender — bitdefender_engines An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2019-05-24 not yet calculated CVE-2018-18060
MISC
MISC
bitdefender — bitdefender_engines
 
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2019-05-24 not yet calculated CVE-2018-18058
MISC
MISC
bosch — smart_home_controller A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC’s configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. 2019-05-29 not yet calculated CVE-2019-11892
CONFIRM
bosch — smart_home_controller A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary’s choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack. 2019-05-29 not yet calculated CVE-2019-11891
CONFIRM
bosch — smart_home_controller A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction. 2019-05-29 not yet calculated CVE-2019-11893
CONFIRM
bosch — smart_home_controller A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed. 2019-05-29 not yet calculated CVE-2019-11894
CONFIRM
bosch — smart_home_controller A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. 2019-05-29 not yet calculated CVE-2019-11895
CONFIRM
bosch — smart_home_controller A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction. 2019-05-29 not yet calculated CVE-2019-11896
CONFIRM
containous — traefik types/types.go in Containous Traefik 1.7.x through 1.7.11, when the –api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request. 2019-05-29 not yet calculated CVE-2019-12452
MISC
MISC
MISC
evernote — evernote Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. 2019-05-31 not yet calculated CVE-2019-10038
MISC
MISC
MISC
godot_engine — godot In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. 2019-05-31 not yet calculated CVE-2019-10069
MISC
MISC
google — sign-in An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server. 2019-05-30 not yet calculated CVE-2018-20840
MISC
MISC
hp — workstation_bios HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default. 2019-05-29 not yet calculated CVE-2019-6322
HP
hp — workstation_bios HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default. 2019-05-29 not yet calculated CVE-2019-6321
HP
ibm — spectrum_control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. 2019-05-29 not yet calculated CVE-2019-4138
CONFIRM
BID
XF
ibm — spectrum_control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. 2019-05-29 not yet calculated CVE-2019-4137
CONFIRM
BID
XF
jector — smart_tv_fm-k75_devices Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. 2019-05-31 not yet calculated CVE-2019-9871
MISC
MISC
logicaldoc — logicaldoc_community_edition LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. 2019-05-30 not yet calculated CVE-2019-9723
MISC
mitel — micollab_and_micollab_awv MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. 2019-05-29 not yet calculated CVE-2019-12165
MISC
nuuo — network_video_recorder_firmware NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. 2019-05-31 not yet calculated CVE-2019-9653
MISC
MISC
MISC
nvidia — geforce_experience NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure. 2019-05-31 not yet calculated CVE-2019-5678
CONFIRM
petraware — ptransformer_adc Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. 2019-05-27 not yet calculated CVE-2019-12372
MISC
MISC
project_atomic — bubblewrap bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. 2019-05-29 not yet calculated CVE-2019-12439
MISC
MISC
MISC
MISC
pydio — pydio An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. 2019-05-31 not yet calculated CVE-2019-10046
MISC
pydio — pydio The “action” get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active). 2019-05-31 not yet calculated CVE-2019-10045
MISC
pydio — pydio
 
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her). 2019-05-31 not yet calculated CVE-2019-10049
MISC
pydio — pydio
 
A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session. 2019-05-31 not yet calculated CVE-2019-10047
MISC
pydio — pydio
 
The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin’s configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration. 2019-05-31 not yet calculated CVE-2019-10048
MISC
qemu — qemu In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. 2019-05-31 not yet calculated CVE-2018-20815
MISC
quest — kace_systems_management_appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page. 2019-05-24 not yet calculated CVE-2019-11604
MISC
FULLDISC
MISC
saet — impianti_speciali_tebe_small_devices The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. 2019-05-31 not yet calculated CVE-2019-9106
MISC
MISC
saet — impianti_speciali_tebe_small_devices The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. 2019-05-31 not yet calculated CVE-2019-9105
MISC
MISC
sitecore — sitecore Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. 2019-05-31 not yet calculated CVE-2019-9875
MISC
MISC
MISC
sitecore — sitecore_cms_and_sitecore_xp Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. 2019-05-31 not yet calculated CVE-2019-9874
MISC
MISC
MISC
sitecore — sitecore_rocks The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. 2019-05-29 not yet calculated CVE-2019-12440
MISC
MISC
MISC
synacor — zimbra_collaboration_server Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console. 2019-05-30 not yet calculated CVE-2015-2230
MISC
MISC
the_linux_documentation_project — advanced_bash_scripting_guide The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo. 2019-05-31 not yet calculated CVE-2019-9891
MISC
xiaomi — m365_scooter The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of “suddenly accelerate” commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. 2019-05-31 not yet calculated CVE-2019-12500
MISC
xpdf — xpdf There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. 2019-06-01 not yet calculated CVE-2019-12515
MISC
zyxel — p-660hn_t1_devices The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user’s password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin. 2019-05-31 not yet calculated CVE-2019-6725
BUGTRAQ

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB19-147: Vulnerability Summary for the Week of May 20, 2019

Original release date: May 27, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-24 10.0 CVE-2019-7027
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7088
BID
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 9.3 CVE-2019-7111
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7112
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7113
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7117
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7118
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7119
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7120
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7124
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 9.3 CVE-2019-7125
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-05-23 10.0 CVE-2019-7128
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-22 9.3 CVE-2019-7759
BID
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-22 9.3 CVE-2019-7760
BID
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-22 9.3 CVE-2019-7761
BID
CONFIRM
MISC
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-22 10.0 CVE-2019-7762
BID
CONFIRM
adobe — acrobat Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-05-22 10.0 CVE-2019-7763
BID
CONFIRM