U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB19-035)

Vulnerability Summary for the Week of January 28, 2019

Original release date: February 04, 2019 | Last revised: February 07, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
libgd -- libgdThe GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.2019-01-287.5CVE-2019-6978
MISC
MISC
MISC
MLIST
libvnc_project -- libvncserverLibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.2019-01-307.5CVE-2018-20750
MISC
MISC
MLIST
UBUNTU
MISC
phpmyadmin -- phpmyadminAn issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.2019-01-267.5CVE-2019-6798
BID
CONFIRM
zoneminder -- zoneminderA classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.2019-01-287.5CVE-2019-6991
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobatAdobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.2019-01-284.3CVE-2018-19721
CONFIRM
adobe -- acrobatAdobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.2019-01-285.0CVE-2018-19723
BID
CONFIRM
adobe -- acrobatAdobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-01-284.3CVE-2018-19728
CONFIRM
adobe -- experience_managerAdobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19724
BID
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19726
BID
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2019-01-284.3CVE-2018-19727
BID
CONFIRM
apache -- open_officeWhen loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.2019-01-314.6CVE-2018-11790
BID
CONFIRM
arm -- trusted_firmware-aARM Trusted Firmware-A allows information disclosure.2019-01-305.0CVE-2018-19440
CONFIRM
CONFIRM
atlassian -- crowdVarious resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.2019-01-284.0CVE-2016-10740
CONFIRM
atutor -- atutorA stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.2019-01-294.3CVE-2019-7172
MISC
axiosys -- bento4An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.2019-01-254.3CVE-2019-6966
MISC
cross_reference_project -- cross_referenceAn issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.2019-01-314.3CVE-2019-7250
MISC
elfutils_project -- elfutilsIn elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.2019-01-284.3CVE-2019-7146
MISC
MISC
elfutils_project -- elfutilsAn attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception.2019-01-284.3CVE-2019-7148
MISC
elfutils_project -- elfutilsA heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.2019-01-284.3CVE-2019-7149
MISC
MISC
elfutils_project -- elfutilsAn issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.2019-01-284.3CVE-2019-7150
MISC
MISC
encodable -- filechuckerAn issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.2019-01-316.8CVE-2019-7216
MISC
MISC
foxitsoftware -- phantompdfAn exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.2019-01-305.8CVE-2018-3956
MISC
freshrss -- freshrssMultiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.2019-01-304.3CVE-2018-19782
MISC
FULLDISC
EXPLOIT-DB
MISC
ibm -- api_connectIBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.2019-01-294.0CVE-2018-1976
BID
XF
CONFIRM
ibm -- iIBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.2019-01-314.3CVE-2019-4040
CONFIRM
BID
XF
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811.2019-01-295.0CVE-2018-1733
BID
XF
CONFIRM
idreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.2019-01-306.4CVE-2019-7235
MISC
idreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.2019-01-305.0CVE-2019-7236
MISC
idreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.2019-01-305.0CVE-2019-7237
MISC
ip_history_logs_project -- ip_history_logsAn issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.2019-01-284.3CVE-2019-6979
MISC
EXPLOIT-DB
libdoc_project -- libdocIn libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.2019-01-295.0CVE-2019-7156
BID
MISC
libdoc_project -- libdocIn libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.2019-01-306.8CVE-2019-7233
MISC
linux -- linux_kernelIn the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.2019-02-014.7CVE-2016-10741
MISC
MISC
MISC
MISC
linux -- linux_kernelIn change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.2019-01-314.9CVE-2017-18360
MISC
BID
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.2019-01-254.9CVE-2019-3819
BID
CONFIRM
mcafee -- epolicy_orchestratorCross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.2019-02-016.8CVE-2019-3604
CONFIRM
media_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19040
EXPLOIT-DB
media_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.2019-01-314.3CVE-2018-19041
EXPLOIT-DB
media_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19042
EXPLOIT-DB
media_file_manager_project -- media_file_managerThe Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.2019-01-315.0CVE-2018-19043
EXPLOIT-DB
mumble -- mumblemurmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.2019-01-255.0CVE-2018-20743
MISC
MISC
MISC
MISC
nasm -- netwide_assemblerA buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.2019-01-284.3CVE-2019-7147
MISC
netscape -- enterprise_serverservlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.2019-01-314.3CVE-2018-18940
MISC
FULLDISC
omron -- cx-oneThree type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-01-306.8CVE-2018-19027
BID
MISC
omron -- cx-supervisorAn attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.2019-01-286.0CVE-2018-19015
BID
MISC
open-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.2019-01-304.0CVE-2018-12609
FULLDISC
CONFIRM
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Information Exposure.2019-01-305.0CVE-2018-12610
FULLDISC
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuiteOX App Suite 7.8.4 and earlier allows Directory Traversal.2019-01-304.3CVE-2018-12611
FULLDISC
CONFIRM
CONFIRM
CONFIRM
openbsd -- opensshAn issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.2019-01-314.0CVE-2019-6109
MISC
MISC
MISC
paloaltonetworks -- pan-osThe PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.2019-01-304.3CVE-2019-1566
BID
CONFIRM
phpmyadmin -- phpmyadminAn issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.2019-01-264.3CVE-2019-6799
BID
CONFIRM
powerdns -- recursorAn issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.2019-01-296.8CVE-2019-3806
CONFIRM
CONFIRM
powerdns -- recursorAn issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.2019-01-296.4CVE-2019-3807
CONFIRM
CONFIRM
pylonsproject -- colanderIn Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.2019-02-015.0CVE-2017-18361
MISC
MISC
redhat -- cephCeph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.2019-01-285.0CVE-2018-16889
BID
CONFIRM
rsyslog -- rsyslogA denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.2019-01-255.0CVE-2018-16881
CONFIRM
static-resource-server_project -- static-resource-serverA path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.2019-02-015.0CVE-2018-16493
MISC
typora -- typoratypora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.2019-01-314.3CVE-2019-7295
MISC
typora -- typoratypora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.2019-01-314.3CVE-2019-7296
MISC
uclouvain -- openjpegAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.2019-01-284.3CVE-2019-6988
BID
MISC
webassembly -- binaryenA NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7151
MISC
webassembly -- binaryenA heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7152
MISC
webassembly -- binaryenA NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.2019-01-284.3CVE-2019-7153
MISC
webassembly -- binaryenThe main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.2019-01-284.3CVE-2019-7154
MISC
zoneminder -- zoneminderA stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.2019-01-284.3CVE-2019-6992
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
croogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.2019-01-293.5CVE-2019-7168
MISC
croogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.2019-01-293.5CVE-2019-7169
MISC
croogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.2019-01-293.5CVE-2019-7170
MISC
croogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.2019-01-293.5CVE-2019-7171
MISC
croogo -- croogoA stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.2019-01-293.5CVE-2019-7173
MISC
emerson -- deltav_distributed_control_systemA specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.2019-01-253.3CVE-2018-19021
BID
MISC
paloaltonetworks -- pan-osThe PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.2019-01-303.5CVE-2019-1565
BID
CONFIRM
tridium -- niagaraTridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.2019-01-293.5CVE-2018-18985
BID
MISC
zoneminder -- zoneminderA stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.2019-01-283.5CVE-2019-6990
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3s-smart_software_solutions -- codesys_control_productsIn 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.2019-01-29not yet calculatedCVE-2018-10612
BID
MISC
abb -- cms-770
 
The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.2019-01-31not yet calculatedCVE-2018-17928
BID
MISC
abb -- m2m_ethernetThe product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.2019-01-31not yet calculatedCVE-2018-17926
BID
MISC
apache -- http_serverIn Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.2019-01-30not yet calculatedCVE-2018-17199
BID
CONFIRM
MLIST
CONFIRM
apache -- http_serverA bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.2019-01-30not yet calculatedCVE-2019-0190
BID
CONFIRM
CONFIRM
apache -- http_serverIn Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.2019-01-30not yet calculatedCVE-2018-17189
BID
CONFIRM
CONFIRM
artica -- proxyArtica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.2019-02-01not yet calculatedCVE-2019-7300
MISC
MISC
avaya -- aura_communication_managerA vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.2019-02-01not yet calculatedCVE-2018-15617
CONFIRM
bluez -- bluezA bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.2019-01-28not yet calculatedCVE-2018-10910
CONFIRM
UBUNTU
cisco -- webex_meetings_serverA version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks.2019-01-30not yet calculatedCVE-2018-18895
MISC
FULLDISC
SECTRACK
BUGTRAQ
netapp -- clustered_data_ontapClustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.2019-02-01not yet calculatedCVE-2018-5498
CONFIRM
comodo -- utm_firewallWeb Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.2019-01-30not yet calculatedCVE-2018-17431
MISC
d-link -- central_wifimanager_cwm-100_devicesThe FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.2019-01-31not yet calculatedCVE-2018-15516
MISC
FULLDISC
MISC
d-link -- central_wifimanager_cwm-100_devicesThe MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.2019-01-31not yet calculatedCVE-2018-15517
MISC
FULLDISC
d-link -- central_wifimanager_cwm-100_devicesThe CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.2019-01-31not yet calculatedCVE-2018-15515
MISC
FULLDISC
d-link -- dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.2019-01-31not yet calculatedCVE-2019-7297
BID
MISC
d-link -- dir-823g_devicesAn issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.2019-02-01not yet calculatedCVE-2019-7298
BID
MISC
debian -- apt
 
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.2019-01-28not yet calculatedCVE-2019-3462
BID
MLIST
MLIST
CONFIRM
UBUNTU
DEBIAN
defaults-deep -- defaults-deep
 
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16486
MISC
dräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.2019-01-28not yet calculatedCVE-2018-19014
BID
MISC
dräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.2019-01-28not yet calculatedCVE-2018-19012
BID
MISC
dräger -- infinity_deltaDrager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.2019-01-28not yet calculatedCVE-2018-19010
BID
MISC
express-cart -- express-cart
 
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.2019-02-01not yet calculatedCVE-2018-16483
MISC
extend -- extend
 
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16492
MISC
foxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation.2019-01-28not yet calculatedCVE-2019-6985
CONFIRM
foxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.2019-01-28not yet calculatedCVE-2019-6982
CONFIRM
foxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory.2019-01-28not yet calculatedCVE-2019-6983
CONFIRM
foxit_software -- foxit_reader_and_phantompdfAn issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer.2019-01-28not yet calculatedCVE-2019-6984
CONFIRM
gnu -- c_libraryIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.2019-02-02not yet calculatedCVE-2019-7309
MISC
MISC
google -- android
 
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.2019-01-31not yet calculatedCVE-2018-6241
BID
CONFIRM
hetronic -- nova-mHetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.2019-01-25not yet calculatedCVE-2018-19023
BID
MISC
html-pages -- html-pages
 
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.2019-02-01not yet calculatedCVE-2018-16481
MISC
http-live-simulator -- http-live-simulator
 
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.2019-02-01not yet calculatedCVE-2018-16479
MISC
ibm -- datapower_gatewayIBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.2019-01-29not yet calculatedCVE-2018-1668
XF
CONFIRM
idreamsoft -- icmsidreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.2019-01-29not yet calculatedCVE-2019-7160
MISC
idreamsoft -- icmsAn issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.2019-01-30not yet calculatedCVE-2019-7234
MISC
just-extend -- just-extend
 
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.2019-02-01not yet calculatedCVE-2018-16489
MISC
keybase -- keybase
 
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.2019-01-31not yet calculatedCVE-2019-7249
MISC
MISC
labkey -- server_community_editionAn open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.2019-01-30not yet calculatedCVE-2019-3912
MISC
labkey -- server_community_editionReflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.2019-01-30not yet calculatedCVE-2019-3911
MISC
labkey -- server_community_editionCommand manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.2019-01-30not yet calculatedCVE-2019-3913
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.2019-02-01not yet calculatedCVE-2018-19004
BID
MISC
lcds -- laquis_scadaLCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.2019-02-01not yet calculatedCVE-2018-18988
BID
MISC
libvips -- libvips
 
libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory.2019-01-26not yet calculatedCVE-2019-6976
MISC
MISC
libvnc -- libvncLibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.2019-01-30not yet calculatedCVE-2018-20749
MISC
MISC
MLIST
UBUNTU
MISC
libvnc -- libvnc
 
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.2019-01-30not yet calculatedCVE-2018-20748
MISC
MISC
MISC
MISC
MISC
MLIST
UBUNTU
MISC
linux -- linux_kernelA flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.2019-01-29not yet calculatedCVE-2018-16880
BID
CONFIRM
linux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.2019-02-01not yet calculatedCVE-2019-7308
MISC
MISC
MISC
MISC
MISC
MISC
lodash -- lodash
 
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.2019-02-01not yet calculatedCVE-2018-16487
MISC
m-server -- m-serverPath Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.2019-02-01not yet calculatedCVE-2018-16485
MISC
m-server -- m-server
 
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.2019-02-01not yet calculatedCVE-2018-16484
MISC
mcafee -- total_protectionExploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.2019-01-28not yet calculatedCVE-2019-3593
CONFIRM
mcstatic -- mcstatic
 
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.2019-02-01not yet calculatedCVE-2018-16482
MISC
mpath -- mpath
 
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16490
MISC
netkit -- netkitAn issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.2019-01-31not yet calculatedCVE-2019-7283
MISC
MISC
netkit -- netkit
 
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.2019-01-31not yet calculatedCVE-2019-7282
MISC
MISC
node.extend -- node.extend
 
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.2019-02-01not yet calculatedCVE-2018-16491
MISC
olivier_poitrey -- go_cors_handler
 
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.2019-01-28not yet calculatedCVE-2018-20744
MISC
MISC
openjdk_and_eclipse -- openj9In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.2019-01-31not yet calculatedCVE-2018-12548
CONFIRM
openssh -- opensshAn issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).2019-01-31not yet calculatedCVE-2019-6111
BID
MISC
MISC
EXPLOIT-DB
openssh -- openssh
 
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.2019-01-31not yet calculatedCVE-2019-6110
MISC
MISC
MISC
EXPLOIT-DB
php -- php
 
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.2019-01-26not yet calculatedCVE-2019-6977
MISC
MISC
BID
MISC
MLIST
pilz -- pnozmulti_configuratorPilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.2019-01-25not yet calculatedCVE-2018-19009
BID
MISC
poppler -- poppler
 
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.2019-02-02not yet calculatedCVE-2019-7310
MISC
MISC
postgresql -- postgresqlPostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.2019-01-25not yet calculatedCVE-2017-18359
MLIST
MISC
MISC
MISC
practecol -- guardzilla_all-in-one_video_security_systemA reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.2019-01-31not yet calculatedCVE-2018-5560
MISC
MISC
princexml -- princexml
 
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.2019-01-30not yet calculatedCVE-2018-19858
MISC
MISC
MISC
public -- public
 
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.2019-02-01not yet calculatedCVE-2018-16480
MISC
MISC
qnap -- photo_stationPath Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.2019-02-01not yet calculatedCVE-2018-0722
CONFIRM
red_hat -- enterprise_linuxA memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.2019-01-28not yet calculatedCVE-2019-3815
BID
REDHAT
CONFIRM
rundeck -- rundeck_community_editionAn XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.2019-01-25not yet calculatedCVE-2019-6804
MISC
MISC
EXPLOIT-DB
schedmd -- slurmSchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.2019-01-31not yet calculatedCVE-2019-6438
CONFIRM
CONFIRM
sofintel_it_engineering -- zen_load_balancerZen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.2019-02-01not yet calculatedCVE-2019-7301
BID
MISC
titanhq -- spamtitanTitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.2019-01-30not yet calculatedCVE-2018-15136
MISC
vignette -- content_managementIn Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued.2019-01-31not yet calculatedCVE-2018-18941
MISC
FULLDISC
vivo -- vivo_vitro
 
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.2019-01-28not yet calculatedCVE-2019-6986
MISC
MISC
yii -- yiiYii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.2019-01-28not yet calculatedCVE-2018-20745
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top