SB19-007: Vulnerability Summary for the Week of December 31, 2018
Original release date: January 07, 2019
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://bit.ly/2CTK3WF
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | 2018-12-28 | 5.0 | CVE-2018-20566 MISC |
| f5 -- big-ip_access_policy_manager | A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | 2018-12-28 | 4.3 | CVE-2018-15334 BID CONFIRM |
| freedesktop -- poppler | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | 2018-12-28 | 4.3 | CVE-2018-20551 MISC MISC |
| freedesktop -- poppler | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | 2019-01-01 | 4.3 | CVE-2018-20650 MISC MISC |
| libming -- libming | A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | 2018-12-30 | 4.3 | CVE-2018-20591 MISC |
| tinyexr_project -- tinyexr | An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception. | 2019-01-01 | 4.3 | CVE-2018-20652 MISC |
| ucms_project -- ucms | UCMS 1.4.7 has ?do=user_addpost CSRF. | 2018-12-30 | 6.8 | CVE-2018-20598 MISC |
| ucms_project -- ucms | UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | 2018-12-30 | 6.5 | CVE-2018-20599 MISC |
| ucms_project -- ucms | sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | 2018-12-30 | 4.3 | CVE-2018-20600 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20557 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20558 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | 2018-12-28 | 3.5 | CVE-2018-20559 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20560 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | 2018-12-28 | 3.5 | CVE-2018-20561 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20562 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20563 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20564 MISC |
| douco -- douphp | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | 2018-12-28 | 3.5 | CVE-2018-20565 MISC |
| ucms_project -- ucms | UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | 2018-12-30 | 3.5 | CVE-2018-20597 MISC |
| ucms_project -- ucms | UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | 2018-12-30 | 3.5 | CVE-2018-20601 MISC |
| website_seller_script_project -- website_seller_script | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | 2018-12-28 | 3.5 | CVE-2018-20530 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- gate-e1_and_gate-e2 | Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | 2019-01-03 | not yet calculated | CVE-2018-18995 BID MISC |
| abb -- gate-e1_and_gate-e2 | Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | 2019-01-03 | not yet calculated | CVE-2018-18997 BID MISC |
| ansible -- ansible | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 2019-01-03 | not yet calculated | CVE-2018-16876 BID REDHAT REDHAT REDHAT REDHAT CONFIRM MISC |
| ansible -- tower | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files. | 2019-01-03 | not yet calculated | CVE-2018-16879 BID CONFIRM |
| apache -- netbeans | Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution. | 2018-12-31 | not yet calculated | CVE-2018-17191 BID MISC |
| aria2 -- aria2 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | 2019-01-02 | not yet calculated | CVE-2019-3500 MISC |
| artifex -- ghostscript | In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | 2019-01-02 | not yet calculated | CVE-2018-19478 CONFIRM BID CONFIRM CONFIRM MLIST CONFIRM |
| august -- connect_devices | An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. | 2019-01-02 | not yet calculated | CVE-2018-20100 MISC |
| bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | 2019-01-02 | not yet calculated | CVE-2018-20659 MISC |
| bmc -- remedy | Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 2019-01-03 | not yet calculated | CVE-2018-19505 MISC FULLDISC SECTRACK |
| buck -- buck | Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01. | 2018-12-31 | not yet calculated | CVE-2018-6331 MISC |
| chinamobile_plc -- wireless_router_gpn2.4p21-c-cn_devices | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter. | 2019-01-02 | not yet calculated | CVE-2018-20326 MISC MISC MISC |
| cim -- cim | public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. | 2018-12-30 | not yet calculated | CVE-2018-20614 MISC |
| code42 -- code42_for_enterprise | The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to. | 2019-01-02 | not yet calculated | CVE-2018-20131 MISC |
| core_ftp_server -- core_ftp_server | The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | 2019-01-02 | not yet calculated | CVE-2018-20658 MISC EXPLOIT-DB |
| couchdb -- couchdb | Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities. | 2019-01-02 | not yet calculated | CVE-2018-17188 MISC |
| cuba_platform -- cuba_platform | The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. | 2019-01-03 | not yet calculated | CVE-2018-20663 MISC |
| cuppacms -- cuppacms | CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | 2018-12-31 | not yet calculated | CVE-2018-19918 CONFIRM MISC |
| d-link -- dir-818lw_and_dir-860l | On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | 2019-01-02 | not yet calculated | CVE-2018-20114 MISC |
| dolibarr -- dolibarr | A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | 2019-01-03 | not yet calculated | CVE-2018-19992 MISC |
| dolibarr -- dolibarr | A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | 2019-01-03 | not yet calculated | CVE-2018-19993 MISC |
| dolibarr -- dolibarr | An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | 2019-01-03 | not yet calculated | CVE-2018-19994 MISC |
| dolibarr -- dolibarr | A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | 2019-01-03 | not yet calculated | CVE-2018-19995 MISC MISC |
| dolibarr -- dolibarr | SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | 2019-01-03 | not yet calculated | CVE-2018-19998 MISC MISC |
| driveragent -- driveragent | DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool. | 2019-01-03 | not yet calculated | CVE-2018-19523 MISC |
| emc -- rsa_archer | RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information. | 2019-01-03 | not yet calculated | CVE-2018-15780 BID FULLDISC |
| epon -- cpe-wifi_devices | EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | 2019-01-03 | not yet calculated | CVE-2018-20512 MISC |
| exiftool -- exiftool | ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). | 2019-01-02 | not yet calculated | CVE-2018-20211 MISC FULLDISC |
| expressvpn -- expressvpn | An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service. | 2019-01-02 | not yet calculated | CVE-2018-15490 MISC |
| f5 -- big-ip | When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response | 2018-12-28 | not yet calculated | CVE-2018-15335 BID CONFIRM |
| f5 -- big-ip | On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | 2018-12-28 | not yet calculated | CVE-2018-15333 BID CONFIRM |
| f5 -- ip_infusion_zebos_and_ocnos | The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. | 2018-12-28 | not yet calculated | CVE-2018-17539 BID CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-14718 CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-19360 CONFIRM CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-19361 CONFIRM CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-14720 CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-14721 CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-14719 CONFIRM CONFIRM CONFIRM |
| fasterxml -- jackson | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | 2019-01-02 | not yet calculated | CVE-2018-19362 CONFIRM CONFIRM CONFIRM CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. | 2019-01-03 | not yet calculated | CVE-2019-5007 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing. | 2019-01-03 | not yet calculated | CVE-2019-5006 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. | 2019-01-03 | not yet calculated | CVE-2019-5005 CONFIRM |
| freebsd -- freebsd | In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution. | 2019-01-03 | not yet calculated | CVE-2018-17161 BID FREEBSD |
| frog -- frog_cms | FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | 2018-12-31 | not yet calculated | CVE-2018-19844 MISC |
| getsimple -- getsimple_cms | There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | 2018-12-31 | not yet calculated | CVE-2018-19845 MISC |
| gnu -- binutils | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. | 2019-01-04 | not yet calculated | CVE-2018-20673 MISC |
| gnu -- binutils | load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. | 2019-01-04 | not yet calculated | CVE-2018-20671 MISC MISC |
| gnu -- binutils | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | 2019-01-02 | not yet calculated | CVE-2018-20657 BID MISC |
| gnu -- binutils | In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. | 2018-12-31 | not yet calculated | CVE-2018-20623 BID MISC |
| gnu -- binutils | A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. | 2019-01-01 | not yet calculated | CVE-2018-20651 BID MISC MISC |
| guardzilla -- gz180_devices | The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | 2018-12-31 | not yet calculated | CVE-2018-18600 |
| hhvm -- hhvm | The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | 2018-12-31 | not yet calculated | CVE-2018-6340 MISC MISC |
| hhvm -- hhvm | A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. | 2018-12-31 | not yet calculated | CVE-2018-6335 MISC MISC |
| hhvm -- hhvm | folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | 2018-12-31 | not yet calculated | CVE-2018-6337 MISC MISC MISC |
| hhvm -- hhvm | Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). | 2018-12-31 | not yet calculated | CVE-2018-6334 MISC MISC |
| hsweb -- hsweb | A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | 2018-12-30 | not yet calculated | CVE-2018-20595 MISC MISC |
| hsweb -- hsweb | An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | 2018-12-30 | not yet calculated | CVE-2018-20594 MISC MISC |
| huawei -- hg_products | There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability. | 2019-01-02 | not yet calculated | CVE-2018-7900 CONFIRM MISC |
| imcat -- imcat | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | 2018-12-30 | not yet calculated | CVE-2018-20606 MISC |
| imcat -- imcat | imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | 2018-12-30 | not yet calculated | CVE-2018-20605 MISC |
| imcat -- imcat | imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | 2018-12-30 | not yet calculated | CVE-2018-20607 MISC |
| imcat -- imcat | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | 2018-12-30 | not yet calculated | CVE-2018-20608 MISC |
| imcat -- imcat | imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | 2018-12-30 | not yet calculated | CVE-2018-20609 MISC |
| imcat -- imcat | imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | 2018-12-30 | not yet calculated | CVE-2018-20610 MISC |
| imcat -- imcat | imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | 2018-12-30 | not yet calculated | CVE-2018-20611 MISC |
| inxedu -- inxedu | inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java), where courseFavoritesService.deleteCourseFavoritesById is mishandled during use of MyBatis. NOTE: UserController.java has a spelling variation in an annotation: a @RequestMapping("/deleteFaveorite/{ids}") line followed by a "public ModelAndView deleteFavorite" line. | 2019-01-02 | not yet calculated | CVE-2019-3576 MISC |
| ivan_cordoba -- ivan_cordoba_generic_cms | Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | 2018-12-30 | not yet calculated | CVE-2018-20589 MISC |
| ivan_cordoba -- ivan_cordoba_generic_cms | Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | 2018-12-30 | not yet calculated | CVE-2018-20590 MISC |
| jasper -- jasper | JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | 2018-12-31 | not yet calculated | CVE-2018-20622 BID MISC MLIST |
| jspxcms -- jspxcms | Jspxcms v9.0.0 allows SSRF. | 2018-12-30 | not yet calculated | CVE-2018-20596 MISC |
| lei_feng_tv -- lei_feng_tv_cms | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | 2018-12-30 | not yet calculated | CVE-2018-20602 MISC |
| lei_feng_tv -- lei_feng_tv_cms | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | 2018-12-30 | not yet calculated | CVE-2018-20603 MISC |
| lei_feng_tv -- lei_feng_tv_cms | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | 2018-12-30 | not yet calculated | CVE-2018-20604 MISC |
| libming -- libming | An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts. | 2019-01-02 | not yet calculated | CVE-2019-3572 MISC |
| libsixel -- libsixel | In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. | 2019-01-02 | not yet calculated | CVE-2019-3574 MISC MISC |
| libsixel -- libsixel | In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. | 2019-01-02 | not yet calculated | CVE-2019-3573 MISC MISC |
| linux -- linux_kernel | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault). | 2019-01-03 | not yet calculated | CVE-2019-3701 BID MISC MISC |
| mcafee -- application_control_and_change_control | A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. | 2018-12-31 | not yet calculated | CVE-2018-6668 CONFIRM |
| mini-xml -- mini-xml | In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | 2018-12-30 | not yet calculated | CVE-2018-20593 MISC MISC MISC |
| mini-xml -- mini-xml | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | 2018-12-30 | not yet calculated | CVE-2018-20592 MISC MISC MISC |
| multiple_vendors -- multiple_products | An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 | 2018-12-31 | not yet calculated | CVE-2018-6336 MISC |
| mybb -- mybb | The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | 2019-01-02 | not yet calculated | CVE-2019-3501 MISC MISC |
| nuclide -- nuclide | The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0. | 2018-12-31 | not yet calculated | CVE-2018-6333 MISC |
| ok-file-formats -- ok-file-formats | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. | 2018-12-31 | not yet calculated | CVE-2018-20617 MISC |
| ok-file-formats -- ok-file-formats | ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. | 2018-12-31 | not yet calculated | CVE-2018-20618 MISC |
| ok-file-formats -- ok-file-formats | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. | 2018-12-31 | not yet calculated | CVE-2018-20616 MISC |
| openrefine -- openrefine | OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. | 2019-01-02 | not yet calculated | CVE-2019-3580 MISC |
| otfcc -- otfcc | lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. | 2018-12-30 | not yet calculated | CVE-2018-20588 MISC |
| poppler -- poppler | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | 2019-01-03 | not yet calculated | CVE-2018-20662 MISC MISC |
| proxygen -- proxygen | Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00. | 2018-12-31 | not yet calculated | CVE-2018-6343 MISC |
| proxygen -- proxygen | A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00. | 2018-12-31 | not yet calculated | CVE-2018-6346 MISC |
| proxygen -- proxygen | An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00. | 2018-12-31 | not yet calculated | CVE-2018-6347 MISC |
| react -- react_applications | React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | 2018-12-31 | not yet calculated | CVE-2018-6341 MISC MISC |
| react-dev-utils -- react-dev-utils | react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. | 2018-12-31 | not yet calculated | CVE-2018-6342 MISC MISC |
| simply-blog -- simply-blog | Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter. | 2019-01-01 | not yet calculated | CVE-2019-3494 MISC |
| sqla_yaml_fixtures -- sqla_yaml_fixtures | Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. | 2019-01-03 | not yet calculated | CVE-2019-3575 MISC |
| technicolor -- mediaaccess_tg789vac_hp_devices | The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | 2019-01-03 | not yet calculated | CVE-2018-8827 MISC |
| telegram -- telegram_messaging_application_for_android | An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | 2019-01-03 | not yet calculated | CVE-2018-3986 BID MISC |
| temmoku -- temmoku | TEMMOKU T1.09 Beta allows admin/user/add CSRF. | 2018-12-30 | not yet calculated | CVE-2018-20613 MISC |
| tobesoft -- xplatform | A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute. | 2019-01-02 | not yet calculated | CVE-2018-5197 MISC MISC |
| uwa -- uwa | UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | 2018-12-30 | not yet calculated | CVE-2018-20612 MISC |
| vtiger -- vtiger_crm | Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. | 2019-01-04 | not yet calculated | CVE-2019-5009 MISC MISC MISC EXPLOIT-DB |
| waimai -- waimai_super_cms | An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI. | 2019-01-02 | not yet calculated | CVE-2019-3577 MISC |
| webroot -- brightcloud_sdk | An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability. | 2019-01-03 | not yet calculated | CVE-2018-4012 MISC |
| weixin-java-tools -- weixin-java-tools | An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | 2019-01-04 | not yet calculated | CVE-2019-5312 MISC |
| whatsapp -- whatsapp | A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172. | 2018-12-31 | not yet calculated | CVE-2018-6344 BID MISC |
| yunucms -- yunucms | An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | 2019-01-04 | not yet calculated | CVE-2019-5311 MISC |
| yunucms -- yunucms | YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | 2019-01-04 | not yet calculated | CVE-2019-5310 MISC |
| zoho_manageengine -- adselfservice | Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | 2019-01-03 | not yet calculated | CVE-2019-3905 CONFIRM |
| zoho_manageengine -- adselfservice | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | 2019-01-03 | not yet calculated | CVE-2018-20664 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2CTK3WF