The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abus -- secvest_wireless_alarm_system_fuaa50000_firmware | Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. | 2019-03-27 | 10.0 | CVE-2019-9863 MISC |
| apache -- mesos | A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host. | 2019-03-25 | 9.3 | CVE-2019-0204 BID MLIST |
| atlassian -- confluence | The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | 2019-03-25 | 7.5 | CVE-2019-3395 MISC |
| atlassian -- confluence | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | 2019-03-25 | 10.0 | CVE-2019-3396 MISC |
| bluecms_project -- bluecms | A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | 2019-03-28 | 7.5 | CVE-2019-10262 MISC |
| dlink -- dir-816_firmware | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | 2019-03-25 | 10.0 | CVE-2019-10040 MISC |
| dlink -- dir-816_firmware | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. | 2019-03-25 | 7.8 | CVE-2019-10042 MISC |
| dovecot -- dovecot | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. | 2019-03-28 | 7.2 | CVE-2019-7524 MLIST MISC MISC MLIST BUGTRAQ DEBIAN |
| flatpak -- flatpak | Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI. | 2019-03-26 | 7.5 | CVE-2019-10063 MISC |
| fortinet -- fortiportal | A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | 2019-03-25 | 7.5 | CVE-2017-7342 CONFIRM |
| ghs -- integrity_rtos | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information). | 2019-03-25 | 7.5 | CVE-2019-7713 MISC MISC |
| ghs -- integrity_rtos | An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow. | 2019-03-25 | 7.5 | CVE-2019-7714 MISC MISC |
| github -- github | The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects. | 2019-03-28 | 7.5 | CVE-2017-18365 MISC MISC |
| hospira -- mednet | Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1. | 2019-03-26 | 10.0 | CVE-2014-5401 MISC |
| hp -- arcsight_logger | Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 7.5 | CVE-2019-3479 MISC |
| hp -- arcsight_logger | Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 7.5 | CVE-2019-3481 MISC |
| hp -- arcsight_logger | Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 7.2 | CVE-2019-3484 MISC |
| linux -- linux_kernel | An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG). | 2019-03-27 | 7.8 | CVE-2019-10124 MISC BID MISC MISC |
| linux -- linux_kernel | An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. | 2019-03-27 | 10.0 | CVE-2019-10125 MISC |
| microfocus -- data_protector | Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | 2019-03-25 | 7.5 | CVE-2019-3476 MISC |
| moodle -- moodle | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | 2019-03-25 | 7.5 | CVE-2019-3809 CONFIRM CONFIRM CONFIRM |
| ovirt -- vdsm | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. | 2019-03-25 | 9.0 | CVE-2019-3831 CONFIRM |
| pfizer -- symbiq_infusion_system_firmware | Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. | 2019-03-23 | 9.0 | CVE-2015-3965 MISC |
| redhat -- ansible | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | 2019-03-27 | 7.5 | CVE-2019-3828 CONFIRM MISC |
| softnas -- cloud | SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. | 2019-03-23 | 10.0 | CVE-2019-9945 MISC |
| teclib-edition -- gestionnaire_libre_de_parc_informatique | Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | 2019-03-27 | 7.5 | CVE-2019-10232 MISC |
| tianocore -- edk_ii | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | 2019-03-27 | 7.5 | CVE-2019-0160 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amazon_affiliate_store_project -- amazon_affiliate_store | PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. | 2019-03-28 | 4.0 | CVE-2019-9864 MISC |
| baigo -- baigo_sso | baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. | 2019-03-24 | 6.5 | CVE-2019-10015 MISC |
| cmsmadesimple -- cms_made_simple | CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | 2019-03-24 | 4.3 | CVE-2019-10017 MISC MISC |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | 2019-03-26 | 6.8 | CVE-2019-9053 MISC CONFIRM |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. | 2019-03-26 | 6.5 | CVE-2019-9055 MISC CONFIRM |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | 2019-03-26 | 6.5 | CVE-2019-9057 MISC CONFIRM |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. | 2019-03-26 | 6.5 | CVE-2019-9058 MISC CONFIRM |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. | 2019-03-26 | 6.5 | CVE-2019-9059 MISC CONFIRM |
| cmsmadesimple -- cms_made_simple | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | 2019-03-26 | 6.5 | CVE-2019-9061 MISC CONFIRM |
| coreftp -- core_ftp | An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | 2019-03-22 | 5.0 | CVE-2019-9648 CONFIRM BID FULLDISC EXPLOIT-DB |
| coreftp -- core_ftp | An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | 2019-03-22 | 5.0 | CVE-2019-9649 CONFIRM BID FULLDISC EXPLOIT-DB |
| dedecms -- dedecms | In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | 2019-03-24 | 4.0 | CVE-2019-10014 MISC |
| dlink -- dir-816_firmware | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | 2019-03-25 | 5.0 | CVE-2019-10039 MISC |
| dlink -- dir-816_firmware | The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. | 2019-03-25 | 5.0 | CVE-2019-10041 MISC |
| dovecot -- dovecot | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | 2019-03-27 | 4.9 | CVE-2019-3814 CONFIRM MISC |
| eclipse -- jetty | In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. | 2019-03-27 | 5.0 | CVE-2018-12545 CONFIRM |
| eclipse -- mosquitto | In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | 2019-03-27 | 5.0 | CVE-2017-7655 CONFIRM |
| eclipse -- mosquitto | In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. | 2019-03-27 | 4.0 | CVE-2018-12546 CONFIRM |
| eclipse -- mosquitto | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | 2019-03-27 | 6.8 | CVE-2018-12550 CONFIRM |
| eclipse -- mosquitto | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. | 2019-03-27 | 6.8 | CVE-2018-12551 CONFIRM |
| elastic -- elasticsearch | A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. | 2019-03-25 | 6.8 | CVE-2019-7611 MISC MISC |
| faststone -- image_viewer | FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. | 2019-03-26 | 4.3 | CVE-2018-15813 MISC |
| faststone -- image_viewer | FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. | 2019-03-26 | 4.3 | CVE-2018-15814 MISC |
| faststone -- image_viewer | FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. | 2019-03-26 | 4.3 | CVE-2018-15815 MISC |
| faststone -- image_viewer | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | 2019-03-26 | 4.3 | CVE-2018-15816 MISC |
| faststone -- image_viewer | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. | 2019-03-26 | 4.3 | CVE-2018-15817 MISC |
| fedoraproject -- fedora | A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. | 2019-03-27 | 4.3 | CVE-2019-3877 CONFIRM CONFIRM CONFIRM UBUNTU |
| fedoraproject -- fedora | A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. | 2019-03-26 | 6.8 | CVE-2019-3878 CONFIRM CONFIRM UBUNTU |
| fortinet -- fortiportal | A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | 2019-03-25 | 4.3 | CVE-2017-7340 CONFIRM |
| gforge -- advanced_server | GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | 2019-03-24 | 4.3 | CVE-2019-10016 MISC |
| ghs -- integrity_rtos | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses. | 2019-03-25 | 5.0 | CVE-2019-7711 MISC MISC |
| ghs -- integrity_rtos | An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses. | 2019-03-25 | 5.0 | CVE-2019-7712 MISC MISC |
| ghs -- integrity_rtos | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses. | 2019-03-25 | 5.0 | CVE-2019-7715 MISC MISC |
| gitlab -- gitlab | GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | 2019-03-26 | 5.0 | CVE-2018-19856 MISC MISC |
| gitlab -- gitlab | GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. | 2019-03-28 | 5.0 | CVE-2018-20144 MISC MISC MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. | 2019-03-25 | 5.0 | CVE-2019-6240 MISC MISC |
| gnu -- gnutls | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | 2019-03-27 | 5.0 | CVE-2019-3829 CONFIRM CONFIRM FEDORA FEDORA MISC |
| gnu -- tar | pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. | 2019-03-22 | 5.0 | CVE-2019-9923 MISC MISC MISC |
| harmistechnology -- je_messenger | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | 2019-03-29 | 6.4 | CVE-2019-9918 MISC MISC |
| hashicorp -- consul | HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. | 2019-03-26 | 5.8 | CVE-2019-9764 MISC |
| hp -- arcsight_logger | Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 4.3 | CVE-2019-3480 MISC |
| hp -- arcsight_logger | Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 6.8 | CVE-2019-3482 MISC |
| hp -- arcsight_logger | Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. | 2019-03-25 | 6.8 | CVE-2019-3483 MISC |
| hp -- isaac_mizrahi_smartwatch | A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. | 2019-03-27 | 5.0 | CVE-2017-2748 CONFIRM |
| hp -- remote_graphics_software | A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier. | 2019-03-27 | 6.4 | CVE-2018-5926 CONFIRM |
| hp -- support_assistant | HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. | 2019-03-27 | 4.1 | CVE-2018-5927 CONFIRM |
| ibm -- api_connect | IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. | 2019-03-22 | 5.0 | CVE-2019-4052 CONFIRM BID XF |
| ibm -- content_navigator | IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | 2019-03-22 | 6.4 | CVE-2019-4035 CONFIRM BID XF |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. | 2019-03-25 | 5.0 | CVE-2019-4046 BID XF CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. | 2019-03-23 | 6.8 | CVE-2019-9956 BID MISC |
| jenzabar -- internet_campus_solution | Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICS\ICS.NET\ICSFileServer/moxiemanager directory. | 2019-03-25 | 6.0 | CVE-2019-10012 MISC MISC |
| laravel -- framework | Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | 2019-03-28 | 6.5 | CVE-2018-6330 MISC MISC |
| librenms -- librenms | LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | 2019-03-28 | 6.5 | CVE-2018-20678 MISC MISC |
| libreoffice -- libreoffice | It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | 2019-03-25 | 6.8 | CVE-2018-16858 CONFIRM MISC |
| libssh2 -- libssh2 | An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | 2019-03-25 | 6.8 | CVE-2019-3856 SUSE REDHAT CONFIRM MLIST CONFIRM MISC |
| libssh2 -- libssh2 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | 2019-03-25 | 6.8 | CVE-2019-3857 SUSE REDHAT CONFIRM MLIST CONFIRM MISC |
| libssh2 -- libssh2 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | 2019-03-25 | 6.4 | CVE-2019-3860 SUSE CONFIRM MLIST CONFIRM MISC |
| libssh2 -- libssh2 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | 2019-03-25 | 6.4 | CVE-2019-3861 SUSE CONFIRM MLIST CONFIRM MISC |
| libssh2 -- libssh2 | A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. | 2019-03-25 | 6.8 | CVE-2019-3863 SUSE REDHAT CONFIRM MLIST CONFIRM MISC |
| misp -- misp | In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | 2019-03-28 | 4.3 | CVE-2019-10254 MISC MISC |
| moodle -- moodle | A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. | 2019-03-25 | 4.0 | CVE-2019-3808 CONFIRM CONFIRM CONFIRM |
| moodle -- moodle | A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted. | 2019-03-25 | 5.0 | CVE-2019-3810 CONFIRM CONFIRM CONFIRM |
| moodle -- moodle | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. | 2019-03-27 | 6.5 | CVE-2019-3847 CONFIRM MISC |
| moodle -- moodle | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. | 2019-03-26 | 5.8 | CVE-2019-3850 CONFIRM MISC |
| moodle -- moodle | A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | 2019-03-26 | 4.0 | CVE-2019-3851 CONFIRM MISC |
| moodle -- moodle | A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | 2019-03-26 | 4.0 | CVE-2019-3852 CONFIRM MISC |
| myadrenalin -- adrenalin | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | 2019-03-25 | 4.3 | CVE-2018-12652 MISC |
| myadrenalin -- adrenalin | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter. | 2019-03-25 | 4.3 | CVE-2018-12653 MISC |
| nagios -- nagios_xi | Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 2019-03-28 | 6.5 | CVE-2019-9164 CONFIRM CONFIRM |
| omron -- poweract_pro_master_agent | PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. | 2019-03-27 | 4.0 | CVE-2018-16207 MISC MISC MISC |
| opentext -- opentext_portal | Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | 2019-03-22 | 4.3 | CVE-2018-20165 MISC |
| ovirt -- ovirt | In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. | 2019-03-25 | 4.0 | CVE-2017-7510 CONFIRM |
| ovirt -- ovirt | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests. | 2019-03-25 | 5.5 | CVE-2019-3879 BID CONFIRM |
| portainer -- portainer | A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | 2019-03-27 | 5.0 | CVE-2018-19466 MISC MISC MISC |
| python -- python | An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740. | 2019-03-23 | 4.3 | CVE-2019-9947 MISC |
| python -- python | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 2019-03-23 | 6.4 | CVE-2019-9948 BID MISC MISC |
| redhat -- ansible_tower | When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges. | 2019-03-28 | 4.0 | CVE-2019-3869 CONFIRM MISC |
| s-cms -- s-cms | S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | 2019-03-27 | 6.8 | CVE-2019-10237 MISC |
| select2 -- select2 | In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data. | 2019-03-27 | 4.3 | CVE-2016-10744 MISC MISC MISC |
| sitemagic -- sitemagic | Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. | 2019-03-27 | 4.3 | CVE-2019-10238 MISC |
| sqlite -- sqlite | In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. | 2019-03-22 | 5.0 | CVE-2019-9936 BID MISC MISC MISC |
| sqlite -- sqlite | In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. | 2019-03-22 | 5.0 | CVE-2019-9937 BID MISC MISC MISC |
| symfony -- twig | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | 2019-03-23 | 4.3 | CVE-2019-9942 MISC BUGTRAQ MISC DEBIAN |
| tianocore -- edk_ii | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. | 2019-03-27 | 6.4 | CVE-2018-12178 SUSE CONFIRM |
| tianocore -- edk_ii | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 2019-03-27 | 4.6 | CVE-2018-12183 CONFIRM |
| tianocore -- edk_ii | Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 2019-03-27 | 4.6 | CVE-2018-3613 CONFIRM |
| totaljs -- total.js_cms | Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format). | 2019-03-28 | 4.3 | CVE-2019-10260 MISC MISC |
| shareit -- shareit | The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. | 2019-03-22 | 5.8 | CVE-2019-9939 MISC |
| verifone -- verix_multi-app_conductor | The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability. | 2019-03-25 | 6.8 | CVE-2019-10060 MISC |
| w1.fi -- hostapd | hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | 2019-03-23 | 5.0 | CVE-2016-10743 MLIST MISC |
| weban -- an | Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2019-03-27 | 5.0 | CVE-2019-5927 MISC MISC |
| xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. | 2019-03-23 | 6.8 | CVE-2019-9966 MISC |
| xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. | 2019-03-23 | 6.8 | CVE-2019-9967 MISC |
| xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. | 2019-03-23 | 6.8 | CVE-2019-9968 MISC |
| xnview -- xnview_classic | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. | 2019-03-23 | 6.8 | CVE-2019-9969 MISC |
| xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | 2019-03-23 | 6.8 | CVE-2019-9962 MISC |
| xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | 2019-03-23 | 6.8 | CVE-2019-9963 MISC |
| xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | 2019-03-23 | 6.8 | CVE-2019-9964 MISC |
| xnview -- xnview_mp | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | 2019-03-23 | 6.8 | CVE-2019-9965 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | 2019-03-24 | 4.3 | CVE-2019-10018 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. | 2019-03-24 | 4.3 | CVE-2019-10019 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. | 2019-03-24 | 4.3 | CVE-2019-10020 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. | 2019-03-24 | 4.3 | CVE-2019-10021 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | 2019-03-24 | 4.3 | CVE-2019-10022 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. | 2019-03-24 | 4.3 | CVE-2019-10023 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. | 2019-03-24 | 4.3 | CVE-2019-10024 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. | 2019-03-24 | 4.3 | CVE-2019-10025 MISC |
| xpdfreader -- xpdf | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. | 2019-03-24 | 4.3 | CVE-2019-10026 MISC |
| znc -- znc | ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | 2019-03-27 | 4.0 | CVE-2019-9917 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abus -- secvest_wireless_alarm_system_fuaa50000_firmware | An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). | 2019-03-27 | 3.3 | CVE-2019-9862 MISC |
| centos-webpanel -- centos_web_panel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | 2019-03-26 | 3.5 | CVE-2019-7646 MISC MISC EXPLOIT-DB |
| cmsmadesimple -- cms_made_simple | CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | 2019-03-26 | 3.5 | CVE-2019-10105 MISC |
| cmsmadesimple -- cms_made_simple | CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | 2019-03-26 | 3.5 | CVE-2019-10106 MISC |
| cmsmadesimple -- cms_made_simple | CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | 2019-03-26 | 3.5 | CVE-2019-10107 MISC |
| drupal -- drupal | In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. | 2019-03-26 | 3.5 | CVE-2019-6341 CONFIRM |
| gnome -- gvfs | An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. | 2019-03-25 | 3.3 | CVE-2019-3827 CONFIRM CONFIRM |
| online_lottery_php_readymade_script_project -- online_lottery_php_readymade_script | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | 2019-03-29 | 3.5 | CVE-2019-9605 MISC |
| paloaltonetworks -- expedition | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | 2019-03-26 | 3.5 | CVE-2019-1569 BID MISC MISC |
| paloaltonetworks -- expedition | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | 2019-03-26 | 3.5 | CVE-2019-1570 BID CONFIRM MISC |
| paloaltonetworks -- expedition | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | 2019-03-26 | 3.5 | CVE-2019-1571 BID CONFIRM MISC |
| phpcms -- phpcms | PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | 2019-03-24 | 3.5 | CVE-2019-10027 MISC MISC |
| redhat -- libvirt | A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. | 2019-03-27 | 3.5 | CVE-2019-3840 CONFIRM CONFIRM CONFIRM |
| tianocore -- edk_ii | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | 2019-03-27 | 2.1 | CVE-2019-0161 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abine_blur -- abine_blur |
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. | 2019-03-29 | not yet calculated | CVE-2019-6481 MISC FULLDISC MISC MISC |
| abus -- secvest_remote_control | Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. | 2019-03-27 | not yet calculated | CVE-2019-9860 MISC |
| adtran -- netconf_pmaa_access_management | An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. | 2019-03-27 | not yet calculated | CVE-2018-19648 CONFIRM |
| apache -- activemq | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | 2019-03-28 | not yet calculated | CVE-2019-0222 CONFIRM MLIST BID MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| apache -- hbase_rest_server | In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. | 2019-03-28 | not yet calculated | CVE-2019-0212 MLIST BID CONFIRM |
| apache -- jspwiki | A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details. | 2019-03-28 | not yet calculated | CVE-2019-0225 MLIST BID CONFIRM MLIST MLIST MLIST MLIST |
| apache -- jspwiki | In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser. | 2019-03-28 | not yet calculated | CVE-2019-0224 BID CONFIRM MLIST MLIST |
| apache -- kibana | Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2019-03-25 | not yet calculated | CVE-2019-7608 MISC MISC |
| apache -- kibana | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | 2019-03-25 | not yet calculated | CVE-2019-7609 MISC MISC |
| apache -- kibana | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | 2019-03-25 | not yet calculated | CVE-2019-7610 MISC MISC |
| atlassian -- crowd | The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection. | 2019-03-29 | not yet calculated | CVE-2017-18108 MISC |
| atlassian -- crowd | The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability. | 2019-03-29 | not yet calculated | CVE-2017-18105 MISC |
| atlassian -- crowd | The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability. | 2019-03-29 | not yet calculated | CVE-2017-18110 MISC |
| atlassian -- crowd | The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 2019-03-29 | not yet calculated | CVE-2017-18109 MISC |
| atlassian -- crowd | The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash. | 2019-03-29 | not yet calculated | CVE-2017-18106 MISC |
| atlassian_application_links | The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. | 2019-03-29 | not yet calculated | CVE-2017-18111 MISC |
| axtls -- axtls |
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. | 2019-03-25 | not yet calculated | CVE-2019-8981 MISC MISC MISC |
| bash -- bash |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | 2019-03-22 | not yet calculated | CVE-2019-9924 MISC MISC MLIST |
| baxter -- sigma_spectrum_infusion_system | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | 2019-03-26 | not yet calculated | CVE-2014-5434 MISC |
| baxter -- sigma_spectrum_infusion_system | An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | 2019-03-26 | not yet calculated | CVE-2014-5433 MISC |
| baxter -- sigma_spectrum_infusion_system | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | 2019-03-26 | not yet calculated | CVE-2014-5432 MISC |
| baxter -- sigma_spectrum_infusion_system | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. | 2019-03-26 | not yet calculated | CVE-2014-5431 MISC |
| burrows-wheeler_aligner -- burrows-wheeler_aligner |
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | 2019-03-29 | not yet calculated | CVE-2019-10269 MISC |
| cisco -- aggregation_services_router_900_route_switch_processor_3 | A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition. | 2019-03-27 | not yet calculated | CVE-2019-1749 BID CISCO |
| cisco -- catalyst_4500_series_switches | A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2019-03-27 | not yet calculated | CVE-2019-1750 BID CISCO |
| cisco -- catalyst_6500_series_switches | A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network. | 2019-03-27 | not yet calculated | CVE-2019-1758 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. | 2019-03-27 | not yet calculated | CVE-2019-1757 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically. | 2019-03-27 | not yet calculated | CVE-2019-1746 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2019-03-27 | not yet calculated | CVE-2019-1739 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2019-03-27 | not yet calculated | CVE-2019-1738 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1745 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. | 2019-03-27 | not yet calculated | CVE-2019-1752 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions. | 2019-03-27 | not yet calculated | CVE-2019-1747 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software. | 2019-03-27 | not yet calculated | CVE-2019-1748 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1737 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. | 2019-03-27 | not yet calculated | CVE-2019-1762 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. | 2019-03-27 | not yet calculated | CVE-2019-1761 BID CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2019-03-27 | not yet calculated | CVE-2019-1740 BID CISCO |
| cisco -- ios_software | A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition. | 2019-03-27 | not yet calculated | CVE-2019-1751 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. | 2019-03-27 | not yet calculated | CVE-2019-1741 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1754 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. | 2019-03-27 | not yet calculated | CVE-2019-1760 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface. | 2019-03-27 | not yet calculated | CVE-2019-1759 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. | 2019-03-27 | not yet calculated | CVE-2019-1742 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1755 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. | 2019-03-27 | not yet calculated | CVE-2019-1756 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1743 BID CISCO |
| cisco -- ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. | 2019-03-27 | not yet calculated | CVE-2019-1753 BID CISCO |
| civetweb -- civetweb |
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. | 2019-03-27 | not yet calculated | CVE-2019-3821 CONFIRM MISC |
| cockpit-project -- cockpit | It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. | 2019-03-26 | not yet calculated | CVE-2019-3804 CONFIRM CONFIRM CONFIRM |
| commonmark -- commonmark |
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. | 2019-03-24 | not yet calculated | CVE-2019-10010 MISC MISC |
| d-link -- routers |
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). | 2019-03-25 | not yet calculated | CVE-2019-7642 MISC |
| dell -- networking_os10 | Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system. | 2019-03-28 | not yet calculated | CVE-2019-3710 MISC |
| digium -- asterisk | An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. | 2019-03-28 | not yet calculated | CVE-2019-7251 CONFIRM CONFIRM |
| elastic -- logstach | A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | 2019-03-25 | not yet calculated | CVE-2019-7612 MISC MISC |
| elastic -- winlogbeat |
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event. | 2019-03-25 | not yet calculated | CVE-2019-7613 MISC MISC |
| electric_coin_company -- zcash | Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. | 2019-03-26 | not yet calculated | CVE-2019-7167 MISC MISC |
| enttec -- datagate_mk2_and_storm_24_and_pixelator | ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. | 2019-03-28 | not yet calculated | CVE-2019-6542 MISC |
| extensible_firmware_interface -- development_kit | Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 2019-03-27 | not yet calculated | CVE-2018-12182 CONFIRM |
| extensible_firmware_interface -- development_kit | Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. | 2019-03-27 | not yet calculated | CVE-2018-12181 CONFIRM |
| extensible_firmware_interface -- development_kit | Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. | 2019-03-27 | not yet calculated | CVE-2018-12180 SUSE CONFIRM |
| extensible_firmware_interface -- development_kit |
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 2019-03-27 | not yet calculated | CVE-2018-12179 CONFIRM |
| f5 -- multiple_big-ip_products | In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. | 2019-03-28 | not yet calculated | CVE-2019-6602 BID MISC |
| f5 -- multiple_big-ip_products | On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service. | 2019-03-28 | not yet calculated | CVE-2019-6605 BID MISC |
| f5 -- multiple_big-ip_products | On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory. | 2019-03-28 | not yet calculated | CVE-2019-6606 BID MISC |
| f5 -- multiple_big-ip_products | On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. | 2019-03-28 | not yet calculated | CVE-2019-6607 BID MISC |
| f5 -- multiple_products | On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests. | 2019-03-28 | not yet calculated | CVE-2019-6608 MISC |
| f5 -- multiple_products | In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | 2019-03-28 | not yet calculated | CVE-2019-6603 BID MISC |
| f5 -- multiple_products | On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge. | 2019-03-28 | not yet calculated | CVE-2019-6604 MISC |
| flatcore -- flatcore-cms |
An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature. | 2019-03-30 | not yet calculated | CVE-2019-10652 MISC |
| forcepoint -- email_security | A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. | 2019-03-28 | not yet calculated | CVE-2018-16529 MISC CONFIRM |
| gnuboard5 -- gnuboard5 | Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | 2019-03-25 | not yet calculated | CVE-2018-15583 CONFIRM CONFIRM |
| gnuboard5 -- gnuboard5 | Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | 2019-03-27 | not yet calculated | CVE-2018-15585 MISC MISC MISC |
| grandstream -- gwn7000_and_gwn7610_devices | Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | 2019-03-30 | not yet calculated | CVE-2019-10657 MISC |
| grandstream -- gwn7000_devices | Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. | 2019-03-30 | not yet calculated | CVE-2019-10656 MISC |
| grandstream -- gwn7610_devices | Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | 2019-03-30 | not yet calculated | CVE-2019-10658 MISC |
| grandstream -- gxv3370_and_wp80_devices | Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | 2019-03-30 | not yet calculated | CVE-2019-10659 MISC |
| grandstream -- gxv3611ir_hd_devices | Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | 2019-03-30 | not yet calculated | CVE-2019-10660 MISC |
| grandstream -- gxv3611ir_hd_devices | On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 2019-03-30 | not yet calculated | CVE-2019-10661 MISC |
| grandstream -- multiple_devices |
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. | 2019-03-30 | not yet calculated | CVE-2019-10655 MISC MISC |
| grandstream -- ucm6204_devices | Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 2019-03-30 | not yet calculated | CVE-2019-10662 MISC |
| grandstream -- ucm6204_devices | Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | 2019-03-30 | not yet calculated | CVE-2019-10663 MISC |
| honeywell -- experion_pks | Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | 2019-03-25 | not yet calculated | CVE-2014-9187 MISC |
| honeywell -- experion_pks | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | 2019-03-25 | not yet calculated | CVE-2014-9189 MISC |
| hospira -- lifecare_pca_infusion_system | Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. | 2019-03-25 | not yet calculated | CVE-2015-1012 MISC |
| hospira -- plum_and_symbiq_infusion_systems | Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | 2019-03-25 | not yet calculated | CVE-2015-3952 MISC |
| hospira -- plum_and_symbiq_infusion_systems | Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | 2019-03-25 | not yet calculated | CVE-2015-3953 MISC |
| hospira -- plum_and_symbiq_infusion_systems | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | 2019-03-25 | not yet calculated | CVE-2015-3954 MISC |
| hospira -- plum_and_symbiq_infusion_systems | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | 2019-03-25 | not yet calculated | CVE-2015-3956 MISC |
| hp_development_company -- multiple_printers |
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. | 2019-03-27 | not yet calculated | CVE-2018-5923 CONFIRM |
| hp_development_company -- tommy_hilfiger_th24/7_android_app | A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. | 2019-03-27 | not yet calculated | CVE-2017-2752 CONFIRM |
| hybbs -- hybbs |
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account. | 2019-03-29 | not yet calculated | CVE-2019-10644 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. | 2019-03-30 | not yet calculated | CVE-2019-10650 BID MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. | 2019-03-30 | not yet calculated | CVE-2019-10649 BID MISC |
| jboss -- management_console | A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. | 2019-03-27 | not yet calculated | CVE-2018-10934 CONFIRM |
| jenkins -- jenkins | A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. | 2019-03-28 | not yet calculated | CVE-2019-1003048 MLIST BID MISC |
| jenkins -- jenkins | A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 2019-03-28 | not yet calculated | CVE-2019-1003047 MLIST BID MISC |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | 2019-03-28 | not yet calculated | CVE-2019-1003046 MLIST BID MISC |
| jenkins -- jenkins | A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | 2019-03-28 | not yet calculated | CVE-2019-1003045 MLIST BID MISC |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-03-28 | not yet calculated | CVE-2019-1003044 MLIST BID MISC |
| jenkins -- jenkins | A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-03-28 | not yet calculated | CVE-2019-1003043 MLIST BID MISC |
| jenkins -- jenkins | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | 2019-03-28 | not yet calculated | CVE-2019-1003042 MLIST BID MISC |
| jenkins -- jenkins | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 2019-03-28 | not yet calculated | CVE-2019-1003041 MLIST BID MISC |
| jenkins -- jenkins |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 2019-03-28 | not yet calculated | CVE-2019-1003040 MLIST BID MISC |
| jenzabar -- internet_campus_solution | ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | 2019-03-25 | not yet calculated | CVE-2019-10011 MISC |
| joomla! -- joomla! | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | 2019-03-29 | not yet calculated | CVE-2019-9921 MISC MISC |
| joomla! -- joomla! | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | 2019-03-29 | not yet calculated | CVE-2019-9922 MISC MISC |
| joomla! -- joomla! | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | 2019-03-29 | not yet calculated | CVE-2019-9920 MISC MISC |
| joomla! -- joomla! |
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | 2019-03-29 | not yet calculated | CVE-2019-9919 MISC MISC |
| kentico -- kentico |
An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted. | 2019-03-26 | not yet calculated | CVE-2019-10068 MISC |
| kinagacms -- kinagacms |
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-03-27 | not yet calculated | CVE-2019-5926 MISC MISC MISC |
| kubevirt -- virt-cdi-importer | Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content. | 2019-03-25 | not yet calculated | CVE-2019-3841 CONFIRM MISC |
| lcds -- laquis_scada | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | 2019-03-27 | not yet calculated | CVE-2019-6536 MISC |
| lcds -- laquis_scada |
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. | 2019-03-27 | not yet calculated | CVE-2018-18994 MISC |
| linux -- linux_kernel | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | 2019-03-25 | not yet calculated | CVE-2019-3874 CONFIRM |
| lrzip -- lrzip |
The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845. | 2019-03-30 | not yet calculated | CVE-2019-10654 MISC |
| marel -- food_processing_systems | Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. | 2019-03-27 | not yet calculated | CVE-2017-9626 MISC |
| mcafee -- network_security_manager | Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | 2019-03-26 | not yet calculated | CVE-2019-3597 BID CONFIRM |
| mcafee -- network_security_manager | Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | 2019-03-26 | not yet calculated | CVE-2019-3606 BID CONFIRM |
| medtronic -- multiple_devices | The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product?s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. | 2019-03-25 | not yet calculated | CVE-2019-6538 BID CONFIRM |
| medtronic -- multiple_devices | The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. | 2019-03-26 | not yet calculated | CVE-2019-6540 BID MISC |
| micro_focus -- solutions_business_manager | Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 2019-03-27 | not yet calculated | CVE-2018-19644 CONFIRM |
| micro_focus -- solutions_business_manager | Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 2019-03-27 | not yet calculated | CVE-2018-19641 CONFIRM |
| micro_focus -- solutions_business_manager | Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 2019-03-27 | not yet calculated | CVE-2018-19643 CONFIRM |
| micro_focus -- solutions_business_manager | Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 2019-03-27 | not yet calculated | CVE-2018-19642 CONFIRM |
| moodle -- moodle | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | 2019-03-26 | not yet calculated | CVE-2019-3849 CONFIRM MISC |
| moodle -- moodle | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.) | 2019-03-26 | not yet calculated | CVE-2019-3848 CONFIRM MISC |
| mybb -- mybb | A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 2019-03-29 | not yet calculated | CVE-2018-19201 MISC |
| node-opencv -- node-opencv |
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. | 2019-03-25 | not yet calculated | CVE-2019-10061 MISC MISC MISC |
| node.js -- node.js | Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default. | 2019-03-28 | not yet calculated | CVE-2019-5739 SUSE MISC |
| node.js -- node.js |
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11. | 2019-03-28 | not yet calculated | CVE-2019-5737 SUSE MISC |
| nvidia -- geforce_experience | NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. | 2019-03-28 | not yet calculated | CVE-2019-5674 BID CONFIRM |
| opensynergy -- blue_sdk | The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. | 2019-03-29 | not yet calculated | CVE-2018-20378 MISC CONFIRM |
| opto_22 -- multiple_products | A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible. | 2019-03-25 | not yet calculated | CVE-2015-1007 MISC |
| phoenix_contact -- multiple_products | An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. | 2019-03-26 | not yet calculated | CVE-2019-9743 BID MISC |
| phoenix_contact -- multiple_products | An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. | 2019-03-26 | not yet calculated | CVE-2019-9744 MISC |
| phpfk -- phpfk |
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. | 2019-03-27 | not yet calculated | CVE-2017-18364 MISC |
| phpscriptsmall.com -- online_lottery_php_readymade_script | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | 2019-03-29 | not yet calculated | CVE-2019-9604 MISC |
| project_jupyter -- jupyter_notebook_and_jupyterhub |
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | 2019-03-28 | not yet calculated | CVE-2019-10255 MISC MISC MISC MISC MISC |
| prometheus -- prometheus |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. | 2019-03-26 | not yet calculated | CVE-2019-3826 CONFIRM CONFIRM CONFIRM |
| provisio -- sitekiosk | An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. | 2019-03-29 | not yet calculated | CVE-2018-18766 CONFIRM |
| red_hat -- ansible_tower | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | 2019-03-25 | not yet calculated | CVE-2019-3838 REDHAT MISC CONFIRM FEDORA FEDORA |
| red_hat -- ansible_tower | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | 2019-03-25 | not yet calculated | CVE-2019-3835 REDHAT MISC CONFIRM FEDORA FEDORA |
| red_hat -- openstack_platform_director | In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. | 2019-03-26 | not yet calculated | CVE-2018-16856 CONFIRM |
| robocode -- robocode |
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | 2019-03-30 | not yet calculated | CVE-2019-10648 MISC MISC |
| rockwell_automation -- ethernet/ip_web_server_modules | Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. | 2019-03-27 | not yet calculated | CVE-2018-19016 MISC |
| rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://ift.tt/2WrT4xo | 2019-03-26 | not yet calculated | CVE-2013-2807 MISC |
| rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://ift.tt/2WrT4xo | 2019-03-26 | not yet calculated | CVE-2013-2806 MISC |
| rockwell_automation -- factorytalk_services_platform_and_rslinx_enterprise_products | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://ift.tt/2WrT4xo | 2019-03-26 | not yet calculated | CVE-2013-2805 MISC |
| rockwell_automation -- plc-5_and_slc_5/0x_controllers | The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. | 2019-03-26 | not yet calculated | CVE-2010-5305 MISC |
| rpm-software-management -- libcomps |
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. | 2019-03-27 | not yet calculated | CVE-2019-3817 CONFIRM CONFIRM CONFIRM |
| rubyonrails -- rails | A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | 2019-03-27 | not yet calculated | CVE-2019-5420 CONFIRM CONFIRM |
| rubyonrails -- rails | There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | 2019-03-27 | not yet calculated | CVE-2019-5419 MLIST CONFIRM MLIST CONFIRM |
| rubyonrails -- rails |
There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. | 2019-03-27 | not yet calculated | CVE-2019-5418 MISC MLIST CONFIRM MLIST CONFIRM EXPLOIT-DB |
| schneider_electric -- opc_factory_server | A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. | 2019-03-25 | not yet calculated | CVE-2015-1014 MISC |
| shareit -- shareit | The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | 2019-03-22 | not yet calculated | CVE-2019-9938 MISC |
| siemens -- scalance | A vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions <V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availablity of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-03-26 | not yet calculated | CVE-2019-6569 BID MISC |
| signal -- private_messenger_and_desktop | Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. | 2019-03-23 | not yet calculated | CVE-2019-9970 BID MISC |
| snipe-it -- snipe-it |
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | 2019-03-27 | not yet calculated | CVE-2019-10118 MISC |
| symantec_norton -- core | Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device. | 2019-03-29 | not yet calculated | CVE-2019-9695 BID CONFIRM |
| system_security_services_daemon -- system_security_services_daemon |
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | 2019-03-25 | not yet calculated | CVE-2018-16838 CONFIRM |
| teclib_group -- glpi | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | 2019-03-27 | not yet calculated | CVE-2019-10233 MISC MISC |
| teclib_group -- glpi | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). | 2019-03-27 | not yet calculated | CVE-2019-10231 MISC MISC |
| teclib_group -- glpi | The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | 2019-03-29 | not yet calculated | CVE-2019-10477 MISC MISC MISC MISC MISC |
| telegram -- telegram | Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. | 2019-03-25 | not yet calculated | CVE-2019-10044 BID MISC |
| telemetry -- ceilometer | A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | 2019-03-26 | not yet calculated | CVE-2019-3830 CONFIRM |
| teltonika -- rtu9xx_devices | An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | 2019-03-28 | not yet calculated | CVE-2018-19879 MISC MISC |
| tenable -- nagios_xi | SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | 2019-03-28 | not yet calculated | CVE-2019-9204 CONFIRM |
| tenable -- nagios_xi | Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. | 2019-03-28 | not yet calculated | CVE-2019-9203 CONFIRM |
| tenable -- nagios_xi | Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. | 2019-03-28 | not yet calculated | CVE-2019-9202 CONFIRM |
| tenable -- nagios_xi | Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 2019-03-28 | not yet calculated | CVE-2019-9166 CONFIRM CONFIRM |
| tenable -- nagios_xi | Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 2019-03-28 | not yet calculated | CVE-2019-9167 CONFIRM CONFIRM |
| tenable -- nagios_xi | SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 2019-03-28 | not yet calculated | CVE-2019-9165 CONFIRM CONFIRM |
| tesla -- model_3_vehicles | The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants. | 2019-03-24 | not yet calculated | CVE-2019-9977 BID MISC MISC |
| tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science | The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | 2019-03-26 | not yet calculated | CVE-2019-8989 BID MISC MISC |
| tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science | The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | 2019-03-26 | not yet calculated | CVE-2019-8988 BID MISC MISC |
| tibco_software -- tibco_data_science_for_aws_and_tibco_spotfire_data_science | The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | 2019-03-26 | not yet calculated | CVE-2019-8987 BID MISC MISC |
| tp-link -- tl-wr840n_devices | TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | 2019-03-29 | not yet calculated | CVE-2018-15840 MISC |
| ucweb -- uc_browser | UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. | 2019-03-28 | not yet calculated | CVE-2019-10250 MISC |
| ucweb -- uc_browser | The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. | 2019-03-28 | not yet calculated | CVE-2019-10251 MISC MISC |
| wecon_technology -- pi_studio | WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. | 2019-03-27 | not yet calculated | CVE-2018-14814 MISC |
| western_bridge_cobub_razor -- western_bridge_cobub_razor |
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. | 2019-03-29 | not yet calculated | CVE-2019-10276 MISC MISC |
| wikindx -- wikindx |
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2019-03-26 | not yet calculated | CVE-2019-9961 MISC CONFIRM |
| wolf -- cms |
Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded. | 2019-03-29 | not yet calculated | CVE-2019-10646 MISC |
| wordpress -- wordpress |
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in. | 2019-03-27 | not yet calculated | CVE-2019-1000031 MISC BUGTRAQ |
| wordpress -- wordpress |
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. | 2019-03-27 | not yet calculated | CVE-2019-1010257 MISC BUGTRAQ MISC |
| wordpress -- wordpress |
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. | 2019-03-24 | not yet calculated | CVE-2019-9978 MISC MISC MISC MISC MISC MISC MISC |
| zoho -- manageengine_servicedesk_plus | ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | 2019-03-25 | not yet calculated | CVE-2017-9376 BID MISC |
| zoho -- manageengine_servicedesk_plus | ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | 2019-03-25 | not yet calculated | CVE-2017-9362 MISC |
| zzzcms -- zzzphp | ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file). | 2019-03-30 | not yet calculated | CVE-2019-10647 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2U8NWkV
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.