SB19-035: Vulnerability Summary for the Week of January 28, 2019
Original release date: February 04, 2019
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://bit.ly/2Gnuclq
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| libgd -- libgd | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | 2019-01-28 | 7.5 | CVE-2019-6978 MISC MISC MISC MLIST |
| libvnc_project -- libvncserver | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | 2019-01-30 | 7.5 | CVE-2018-20750 MISC MISC MLIST UBUNTU MISC |
| phpmyadmin -- phpmyadmin | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | 2019-01-26 | 7.5 | CVE-2019-6798 BID CONFIRM |
| zoneminder -- zoneminder | A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. | 2019-01-28 | 7.5 | CVE-2019-6991 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723. | 2019-01-28 | 4.3 | CVE-2018-19721 CONFIRM |
| adobe -- acrobat | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721. | 2019-01-28 | 5.0 | CVE-2018-19723 BID CONFIRM |
| adobe -- acrobat | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2019-01-28 | 4.3 | CVE-2018-19728 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-01-28 | 4.3 | CVE-2018-19724 BID CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-01-28 | 4.3 | CVE-2018-19726 BID CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-01-28 | 4.3 | CVE-2018-19727 BID CONFIRM |
| apache -- open_office | When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. | 2019-01-31 | 4.6 | CVE-2018-11790 BID CONFIRM |
| arm -- trusted_firmware-a | ARM Trusted Firmware-A allows information disclosure. | 2019-01-30 | 5.0 | CVE-2018-19440 CONFIRM CONFIRM |
| atlassian -- crowd | Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources. | 2019-01-28 | 4.0 | CVE-2016-10740 CONFIRM |
| atutor -- atutor | A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | 2019-01-29 | 4.3 | CVE-2019-7172 MISC |
| axiosys -- bento4 | An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array | 2019-01-25 | 4.3 | CVE-2019-6966 MISC |
| cross_reference_project -- cross_reference | An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. | 2019-01-31 | 4.3 | CVE-2019-7250 MISC |
| elfutils_project -- elfutils | In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. | 2019-01-28 | 4.3 | CVE-2019-7146 MISC MISC |
| elfutils_project -- elfutils | An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. | 2019-01-28 | 4.3 | CVE-2019-7148 MISC |
| elfutils_project -- elfutils | A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. | 2019-01-28 | 4.3 | CVE-2019-7149 MISC MISC |
| elfutils_project -- elfutils | An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. | 2019-01-28 | 4.3 | CVE-2019-7150 MISC MISC |
| encodable -- filechucker | An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. | 2019-01-31 | 6.8 | CVE-2019-7216 MISC MISC |
| foxitsoftware -- phantompdf | An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2019-01-30 | 5.8 | CVE-2018-3956 MISC |
| freshrss -- freshrss | Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | 2019-01-30 | 4.3 | CVE-2018-19782 MISC FULLDISC EXPLOIT-DB MISC |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031. | 2019-01-29 | 4.0 | CVE-2018-1976 BID XF CONFIRM |
| ibm -- i | IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. | 2019-01-31 | 4.3 | CVE-2019-4040 CONFIRM BID XF |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811. | 2019-01-29 | 5.0 | CVE-2018-1733 BID XF CONFIRM |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | 2019-01-30 | 6.4 | CVE-2019-7235 MISC |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | 2019-01-30 | 5.0 | CVE-2019-7236 MISC |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | 2019-01-30 | 5.0 | CVE-2019-7237 MISC |
| ip_history_logs_project -- ip_history_logs | An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field. | 2019-01-28 | 4.3 | CVE-2019-6979 MISC EXPLOIT-DB |
| libdoc_project -- libdoc | In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. | 2019-01-29 | 5.0 | CVE-2019-7156 BID MISC |
| libdoc_project -- libdoc | In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. | 2019-01-30 | 6.8 | CVE-2019-7233 MISC |
| linux -- linux_kernel | In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | 2019-02-01 | 4.7 | CVE-2016-10741 MISC MISC MISC MISC |
| linux -- linux_kernel | In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. | 2019-01-31 | 4.9 | CVE-2017-18360 MISC BID MISC MISC MISC |
| linux -- linux_kernel | A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. | 2019-01-25 | 4.9 | CVE-2019-3819 BID CONFIRM |
| mcafee -- epolicy_orchestrator | Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | 2019-02-01 | 6.8 | CVE-2019-3604 CONFIRM |
| media_file_manager_project -- media_file_manager | The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | 2019-01-31 | 5.0 | CVE-2018-19040 EXPLOIT-DB |
| media_file_manager_project -- media_file_manager | The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | 2019-01-31 | 4.3 | CVE-2018-19041 EXPLOIT-DB |
| media_file_manager_project -- media_file_manager | The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. | 2019-01-31 | 5.0 | CVE-2018-19042 EXPLOIT-DB |
| media_file_manager_project -- media_file_manager | The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. | 2019-01-31 | 5.0 | CVE-2018-19043 EXPLOIT-DB |
| mumble -- mumble | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | 2019-01-25 | 5.0 | CVE-2018-20743 MISC MISC MISC MISC |
| nasm -- netwide_assembler | A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. | 2019-01-28 | 4.3 | CVE-2019-7147 MISC |
| netscape -- enterprise_server | servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | 2019-01-31 | 4.3 | CVE-2018-18940 MISC FULLDISC |
| omron -- cx-one | Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | 2019-01-30 | 6.8 | CVE-2018-19027 BID MISC |
| omron -- cx-supervisor | An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | 2019-01-28 | 6.0 | CVE-2018-19015 BID MISC |
| open-xchange -- open-xchange_appsuite | OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | 2019-01-30 | 4.0 | CVE-2018-12609 FULLDISC CONFIRM CONFIRM CONFIRM |
| open-xchange -- open-xchange_appsuite | OX App Suite 7.8.4 and earlier allows Information Exposure. | 2019-01-30 | 5.0 | CVE-2018-12610 FULLDISC CONFIRM CONFIRM |
| open-xchange -- open-xchange_appsuite | OX App Suite 7.8.4 and earlier allows Directory Traversal. | 2019-01-30 | 4.3 | CVE-2018-12611 FULLDISC CONFIRM CONFIRM CONFIRM |
| openbsd -- openssh | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | 2019-01-31 | 4.0 | CVE-2019-6109 MISC MISC MISC |
| paloaltonetworks -- pan-os | The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 2019-01-30 | 4.3 | CVE-2019-1566 BID CONFIRM |
| phpmyadmin -- phpmyadmin | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. | 2019-01-26 | 4.3 | CVE-2019-6799 BID CONFIRM |
| powerdns -- recursor | An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. | 2019-01-29 | 6.8 | CVE-2019-3806 CONFIRM CONFIRM |
| powerdns -- recursor | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. | 2019-01-29 | 6.4 | CVE-2019-3807 CONFIRM CONFIRM |
| pylonsproject -- colander | In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. | 2019-02-01 | 5.0 | CVE-2017-18361 MISC MISC |
| redhat -- ceph | Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | 2019-01-28 | 5.0 | CVE-2018-16889 BID CONFIRM |
| rsyslog -- rsyslog | A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. | 2019-01-25 | 5.0 | CVE-2018-16881 CONFIRM |
| static-resource-server_project -- static-resource-server | A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. | 2019-02-01 | 5.0 | CVE-2018-16493 MISC |
| typora -- typora | typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | 2019-01-31 | 4.3 | CVE-2019-7295 MISC |
| typora -- typora | typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | 2019-01-31 | 4.3 | CVE-2019-7296 MISC |
| uclouvain -- openjpeg | An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. | 2019-01-28 | 4.3 | CVE-2019-6988 BID MISC |
| webassembly -- binaryen | A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | 2019-01-28 | 4.3 | CVE-2019-7151 MISC |
| webassembly -- binaryen | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | 2019-01-28 | 4.3 | CVE-2019-7152 MISC |
| webassembly -- binaryen | A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | 2019-01-28 | 4.3 | CVE-2019-7153 MISC |
| webassembly -- binaryen | The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | 2019-01-28 | 4.3 | CVE-2019-7154 MISC |
| zoneminder -- zoneminder | A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | 2019-01-28 | 4.3 | CVE-2019-6992 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| croogo -- croogo | A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | 2019-01-29 | 3.5 | CVE-2019-7168 MISC |
| croogo -- croogo | A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | 2019-01-29 | 3.5 | CVE-2019-7169 MISC |
| croogo -- croogo | A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | 2019-01-29 | 3.5 | CVE-2019-7170 MISC |
| croogo -- croogo | A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | 2019-01-29 | 3.5 | CVE-2019-7171 MISC |
| croogo -- croogo | A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | 2019-01-29 | 3.5 | CVE-2019-7173 MISC |
| emerson -- deltav_distributed_control_system | A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | 2019-01-25 | 3.3 | CVE-2018-19021 BID MISC |
| paloaltonetworks -- pan-os | The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | 2019-01-30 | 3.5 | CVE-2019-1565 BID CONFIRM |
| tridium -- niagara | Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | 2019-01-29 | 3.5 | CVE-2018-18985 BID MISC |
| zoneminder -- zoneminder | A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | 2019-01-28 | 3.5 | CVE-2019-6990 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_control_products | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | 2019-01-29 | not yet calculated | CVE-2018-10612 BID MISC |
| abb -- cms-770 | The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | 2019-01-31 | not yet calculated | CVE-2018-17928 BID MISC |
| abb -- m2m_ethernet | The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | 2019-01-31 | not yet calculated | CVE-2018-17926 BID MISC |
| apache -- http_server | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. | 2019-01-30 | not yet calculated | CVE-2018-17199 BID CONFIRM MLIST CONFIRM |
| apache -- http_server | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. | 2019-01-30 | not yet calculated | CVE-2019-0190 BID CONFIRM CONFIRM |
| apache -- http_server | In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. | 2019-01-30 | not yet calculated | CVE-2018-17189 BID CONFIRM CONFIRM |
| artica -- proxy | Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | 2019-02-01 | not yet calculated | CVE-2019-7300 MISC MISC |
| avaya -- aura_communication_manager | A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. | 2019-02-01 | not yet calculated | CVE-2018-15617 CONFIRM |
| bluez -- bluez | A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. | 2019-01-28 | not yet calculated | CVE-2018-10910 CONFIRM UBUNTU |
| cisco -- webex_meetings_server | A version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks. | 2019-01-30 | not yet calculated | CVE-2018-18895 MISC FULLDISC SECTRACK BUGTRAQ |
| clustered_data -- ontap | Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | 2019-02-01 | not yet calculated | CVE-2018-5498 CONFIRM |
| comodo -- utm_firewall | Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | 2019-01-30 | not yet calculated | CVE-2018-17431 MISC |
| d-link -- central_wifimanager_cwm-100_devices | The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | 2019-01-31 | not yet calculated | CVE-2018-15516 MISC FULLDISC MISC |
| d-link -- central_wifimanager_cwm-100_devices | The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | 2019-01-31 | not yet calculated | CVE-2018-15517 MISC FULLDISC |
| d-link -- central_wifimanager_cwm-100_devices | The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | 2019-01-31 | not yet calculated | CVE-2018-15515 MISC FULLDISC |
| d-link -- dir-823g_devices | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | 2019-01-31 | not yet calculated | CVE-2019-7297 BID MISC |
| d-link -- dir-823g_devices | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. | 2019-02-01 | not yet calculated | CVE-2019-7298 BID MISC |
| debian -- apt | Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. | 2019-01-28 | not yet calculated | CVE-2019-3462 BID MLIST MLIST CONFIRM UBUNTU DEBIAN |
| defaults-deep -- defaults-deep | A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | 2019-02-01 | not yet calculated | CVE-2018-16486 MISC |
| dräger -- infinity_delta | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. | 2019-01-28 | not yet calculated | CVE-2018-19014 BID MISC |
| dräger -- infinity_delta | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system. | 2019-01-28 | not yet calculated | CVE-2018-19012 BID MISC |
| dräger -- infinity_delta | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. | 2019-01-28 | not yet calculated | CVE-2018-19010 BID MISC |
| express-cart -- express-cart | A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | 2019-02-01 | not yet calculated | CVE-2018-16483 MISC |
| extend -- extend | A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | 2019-02-01 | not yet calculated | CVE-2018-16492 MISC |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation. | 2019-01-28 | not yet calculated | CVE-2019-6985 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function. | 2019-01-28 | not yet calculated | CVE-2019-6982 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory. | 2019-01-28 | not yet calculated | CVE-2019-6983 CONFIRM |
| foxit_software -- foxit_reader_and_phantompdf | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer. | 2019-01-28 | not yet calculated | CVE-2019-6984 CONFIRM |
| gnu -- c_library | In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. | 2019-02-02 | not yet calculated | CVE-2019-7309 MISC MISC |
| google -- android | NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A. | 2019-01-31 | not yet calculated | CVE-2018-6241 BID CONFIRM |
| hetronic -- nova-m | Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | 2019-01-25 | not yet calculated | CVE-2018-19023 BID MISC |
| html-pages -- html-pages | A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. | 2019-02-01 | not yet calculated | CVE-2018-16481 MISC |
| http-live-simulator -- http-live-simulator | Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. | 2019-02-01 | not yet calculated | CVE-2018-16479 MISC |
| ibm -- datapower_gateway | IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. | 2019-01-29 | not yet calculated | CVE-2018-1668 XF CONFIRM |
| idreamsoft -- icms | idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | 2019-01-29 | not yet calculated | CVE-2019-7160 MISC |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. | 2019-01-30 | not yet calculated | CVE-2019-7234 MISC |
| just-extend -- just-extend | A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | 2019-02-01 | not yet calculated | CVE-2018-16489 MISC |
| keybase -- keybase | In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs. | 2019-01-31 | not yet calculated | CVE-2019-7249 MISC MISC |
| labkey -- server_community_edition | An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. | 2019-01-30 | not yet calculated | CVE-2019-3912 MISC |
| labkey -- server_community_edition | Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | 2019-01-30 | not yet calculated | CVE-2019-3911 MISC |
| labkey -- server_community_edition | Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. | 2019-01-30 | not yet calculated | CVE-2019-3913 MISC |
| lcds -- laquis_scada | LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. | 2019-02-01 | not yet calculated | CVE-2018-19004 BID MISC |
| lcds -- laquis_scada | LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. | 2019-02-01 | not yet calculated | CVE-2018-18988 BID MISC |
| libvips -- libvips | libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. | 2019-01-26 | not yet calculated | CVE-2019-6976 MISC MISC |
| libvnc -- libvnc | LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | 2019-01-30 | not yet calculated | CVE-2018-20749 MISC MISC MLIST UBUNTU MISC |
| libvnc -- libvnc | LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. | 2019-01-30 | not yet calculated | CVE-2018-20748 MISC MISC MISC MISC MISC MLIST UBUNTU MISC |
| linux -- linux_kernel | A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. | 2019-01-29 | not yet calculated | CVE-2018-16880 BID CONFIRM |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. | 2019-02-01 | not yet calculated | CVE-2019-7308 MISC MISC MISC MISC MISC MISC |
| lodash -- lodash | A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | 2019-02-01 | not yet calculated | CVE-2018-16487 MISC |
| m-server -- m-server | Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. | 2019-02-01 | not yet calculated | CVE-2018-16485 MISC |
| m-server -- m-server | A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. | 2019-02-01 | not yet calculated | CVE-2018-16484 MISC |
| mcafee -- total_protection | Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware. | 2019-01-28 | not yet calculated | CVE-2019-3593 CONFIRM |
| mcstatic -- mcstatic | A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. | 2019-02-01 | not yet calculated | CVE-2018-16482 MISC |
| mpath -- mpath | A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | 2019-02-01 | not yet calculated | CVE-2018-16490 MISC |
| netkit -- netkit | An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. | 2019-01-31 | not yet calculated | CVE-2019-7283 MISC MISC |
| netkit -- netkit | In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | 2019-01-31 | not yet calculated | CVE-2019-7282 MISC MISC |
| node.extend -- node.extend | A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | 2019-02-01 | not yet calculated | CVE-2018-16491 MISC |
| olivier_poitrey -- go_cors_handler | The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | 2019-01-28 | not yet calculated | CVE-2018-20744 MISC MISC |
| openjdk_and_eclipse -- openj9 | In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code. | 2019-01-31 | not yet calculated | CVE-2018-12548 CONFIRM |
| openssh -- openssh | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | 2019-01-31 | not yet calculated | CVE-2019-6111 BID MISC MISC EXPLOIT-DB |
| openssh -- openssh | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | 2019-01-31 | not yet calculated | CVE-2019-6110 MISC MISC MISC EXPLOIT-DB |
| php -- php | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. | 2019-01-26 | not yet calculated | CVE-2019-6977 MISC MISC BID MISC MLIST |
| pilz -- pnozmulti_configurator | Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. | 2019-01-25 | not yet calculated | CVE-2018-19009 BID MISC |
| poppler -- poppler | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | 2019-02-02 | not yet calculated | CVE-2019-7310 MISC MISC |
| postgresql -- postgresql | PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | 2019-01-25 | not yet calculated | CVE-2017-18359 MLIST MISC MISC MISC |
| practecol -- guardzilla_all-in-one_video_security_system | A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. | 2019-01-31 | not yet calculated | CVE-2018-5560 MISC MISC |
| princexml -- princexml | PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF. | 2019-01-30 | not yet calculated | CVE-2018-19858 MISC MISC MISC |
| public -- public | A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. | 2019-02-01 | not yet calculated | CVE-2018-16480 MISC MISC |
| qnap -- photo_station | Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | 2019-02-01 | not yet calculated | CVE-2018-0722 CONFIRM |
| red_hat -- enterprise_linux | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | 2019-01-28 | not yet calculated | CVE-2019-3815 BID REDHAT CONFIRM |
| rundeck -- rundeck_community_edition | An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. | 2019-01-25 | not yet calculated | CVE-2019-6804 MISC MISC EXPLOIT-DB |
| schedmd -- slurm | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | 2019-01-31 | not yet calculated | CVE-2019-6438 CONFIRM CONFIRM |
| sofintel_it_engineering -- zen_load_balancer | Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. | 2019-02-01 | not yet calculated | CVE-2019-7301 BID MISC |
| titanhq -- spamtitan | TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application. | 2019-01-30 | not yet calculated | CVE-2018-15136 MISC |
| vignette -- content_management | In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. | 2019-01-31 | not yet calculated | CVE-2018-18941 MISC FULLDISC |
| vivo -- vivo_vitro | SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | 2019-01-28 | not yet calculated | CVE-2019-6986 MISC MISC |
| yii -- yii | Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | 2019-01-28 | not yet calculated | CVE-2018-20745 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2Gnuclq