U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB19-112)

Vulnerability Summary for the Week of April 15, 2019

Original release date: April 22, 2019 | Last revised: April 23, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- pdfboxApache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.2019-04-177.5CVE-2019-0228
MISC
apache -- tomcatWhen running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).2019-04-159.3CVE-2019-0232
BID
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC.
MISC
cisco -- identity_services_engineA vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1.2019-04-177.8CVE-2019-1718
CISCO
cisco -- prime_network_registrarA vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected.2019-04-177.8CVE-2019-1840
CISCO
cisco -- unified_communications_managerA vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.2019-04-177.8CVE-2019-1837
CISCO
clever -- saml2-jsClever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.2019-04-177.5CVE-2017-11429
MISC
MISC
contao -- contao_cmsContao 4.7 allows Use of a Key Past its Expiration Date.2019-04-177.5CVE-2019-10643
CONFIRM
CONFIRM
gitea -- giteamodels/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.2019-04-157.5CVE-2019-11229
MISC
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.2019-04-177.5CVE-2019-9174
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.2019-04-177.5CVE-2019-9217
CONFIRM
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.2019-04-177.5CVE-2019-9756
CONFIRM
MISC
CONFIRM
ibm -- api_connectIBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.2019-04-1510.0CVE-2019-4202
BID
XF
CONFIRM
ibm -- api_connectIBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.2019-04-159.0CVE-2019-4203
BID
XF
CONFIRM
ibm -- bigfix_webui_profile_managementIBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.2019-04-157.5CVE-2019-4012
CONFIRM
XF
jfrog -- artifactoryJFrog Artifactory Pro 6.5.9 has Incorrect Access Control.2019-04-167.5CVE-2018-19971
MISC
FULLDISC
BID
MISC
MISC
miniblog.core_project -- miniblog.coremadskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.2019-04-167.5CVE-2019-9845
MISC
MISC
motorola -- cx2_firmwareAn issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.2019-04-187.5CVE-2019-11319
MISC
motorola -- cx2_firmwareIn Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.2019-04-187.5CVE-2019-11320
MISC
motorola -- cx2_firmwareAn issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.2019-04-187.5CVE-2019-11322
MISC
ntp -- ntpNetwork Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.2019-04-187.5CVE-2019-11331
BID
MISC
omnitauth-saml_project -- omnitauth-samlOmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.2019-04-177.5CVE-2017-11430
MISC
MISC
onelogin -- pythonsamlOneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.2019-04-177.5CVE-2017-11427
MISC
MISC
onelogin -- ruby-samlOneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.2019-04-177.5CVE-2017-11428
MISC
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.2019-04-177.2CVE-2018-4005
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.2019-04-177.2CVE-2018-4006
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.2019-04-157.2CVE-2018-4008
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.2019-04-157.2CVE-2018-4009
MISC
siemens -- simatic_s7-1500_firmwareA vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-177.8CVE-2018-16558
MISC
siemens -- simatic_s7-1500_firmwareA vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-177.8CVE-2018-16559
MISC
siemens -- simatic_s7-1500_software_controllerA vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Comfort (All versions), SIMATIC WinCC Runtime HSP Comfort (All versions), SIMATIC WinCC Runtime Mobile (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-177.8CVE-2019-6575
MISC
siemens -- simatic_s7-300_firmwareA vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.2019-04-177.8CVE-2018-16561
MISC
siemens -- spectrum_power_4A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-177.5CVE-2019-6579
MISC
supportcandy -- supportcandyAn Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.2019-04-187.5CVE-2019-11223
CONFIRM
MISC
tribulant -- slideshow_gallerySQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.2019-04-157.5CVE-2018-18018
MISC
MISC
xinruidz -- sundray_wan_controller_firmwareWAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).2019-04-1810.0CVE-2019-9160
MISC
xinruidz -- sundray_wan_controller_firmwareWAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)2019-04-1810.0CVE-2019-9161
MISC
zephyrproject -- zephyrA buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.2019-04-127.5CVE-2017-14199
CONFIRM
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- pm554-tp-eth_firmwareABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.2019-04-175.0CVE-2019-10953
MISC
bijiadao -- waimai_super_cmsIn waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.2019-04-154.3CVE-2018-18261
MISC
blackberry -- unified_endpoint_managementAn XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.2019-04-185.0CVE-2019-8999
MISC
cisco -- duo_network_gatewayDuo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.2019-04-175.0CVE-2018-7340
MISC
MISC
cisco -- email_security_applianceA vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.2019-04-175.0CVE-2019-1831
CISCO
cisco -- expressway_seriesA vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.2019-04-174.3CVE-2019-1722
BID
CISCO
cisco -- ios_xrA vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.2019-04-175.0CVE-2019-1686
CISCO
cisco -- ios_xrA vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.2019-04-175.0CVE-2019-1711
CISCO
cisco -- ios_xrA vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected.2019-04-175.0CVE-2019-1712
CISCO
cisco -- telepresence_video_communication_serverA vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.2019-04-176.8CVE-2019-1720
BID
CISCO
cisco -- telepresence_video_communication_serverA vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.2019-04-176.8CVE-2019-1721
CISCO
cisco -- umbrellaA vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.2019-04-174.3CVE-2019-1792
CISCO
cisco -- wireless_lan_controllerA vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.2019-04-176.1CVE-2019-1796
BID
CISCO
cisco -- wireless_lan_controllerA vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an interface user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the user. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.2019-04-176.8CVE-2019-1797
BID
CISCO
cisco -- wireless_lan_controllerA vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.2019-04-176.1CVE-2019-1799
BID
CISCO
cisco -- wireless_lan_controllerA vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.2019-04-176.1CVE-2019-1800
BID
CISCO
cisco -- wireless_lan_controller_softwareA vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.2019-04-176.8CVE-2018-0248
BID
CISCO
cisco -- wireless_lan_controller_softwareA vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected.2019-04-175.0CVE-2018-0382
BID
CISCO
cisco -- wireless_lan_controller_softwareA vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.2019-04-176.8CVE-2019-1830
CISCO
cloudfoundry -- capi-releaseCloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.2019-04-176.0CVE-2019-3798
CONFIRM
clusterlabs -- pacemakerA use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.2019-04-185.0CVE-2019-3885
CONFIRM
CONFIRM
contao -- contao_cmsContao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.2019-04-175.0CVE-2019-10641
CONFIRM
CONFIRM
contao -- contao_cmsContao 4.7 allows CSRF.2019-04-176.8CVE-2019-10642
CONFIRM
CONFIRM
dell -- emc_isilonsd_management_serverIsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.2019-04-174.3CVE-2019-3708
MISC
dell -- emc_isilonsd_management_serverIsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.2019-04-174.3CVE-2019-3709
MISC
deltaww -- cncsoft_screeneditorDelta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.2019-04-176.8CVE-2019-10947
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
deltaww -- cncsoft_screeneditorDelta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.2019-04-174.3CVE-2019-10949
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
deltaww -- cncsoft_screeneditorDelta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.2019-04-176.8CVE-2019-10951
BID
MISC
MISC
MISC
f5 -- big-ip_access_policy_managerPlatform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP APM versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.2019-04-155.0CVE-2019-6609
CONFIRM
fedoraproject -- 389_directory_serverIn 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.2019-04-175.0CVE-2019-3883
CONFIRM
CONFIRM
CONFIRM
ffmpeg -- ffmpeglibavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.2019-04-186.8CVE-2019-11338
MISC
ffmpeg -- ffmpegThe studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.2019-04-186.8CVE-2019-11339
MISC
MISC
file_manager_project -- file_managerThere is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.2019-04-156.8CVE-2018-16966
MISC
MISC
file_manager_project -- file_managerThere is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.2019-04-154.3CVE-2018-16967
MISC
MISC
fortinet -- fortisiemAn information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.2019-04-174.0CVE-2018-13378
MISC
gbraad -- gauthGAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies.2019-04-184.3CVE-2019-11084
CONFIRM
gitea -- gitearepo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.2019-04-155.0CVE-2019-11228
MISC
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control.2019-04-164.0CVE-2019-7155
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.2019-04-175.0CVE-2019-9170
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).2019-04-174.3CVE-2019-9171
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).2019-04-174.3CVE-2019-9172
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).2019-04-175.0CVE-2019-9175
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.2019-04-175.8CVE-2019-9176
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).2019-04-175.0CVE-2019-9178
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).2019-04-174.3CVE-2019-9179
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).2019-04-174.3CVE-2019-9219
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.2019-04-175.0CVE-2019-9220
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.2019-04-175.5CVE-2019-9222
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.2019-04-175.0CVE-2019-9223
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).2019-04-175.0CVE-2019-9224
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).2019-04-175.0CVE-2019-9225
CONFIRM
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.2019-04-176.4CVE-2019-9890
CONFIRM
MISC
gpac -- gpacGPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.2019-04-156.8CVE-2019-11221
MISC
gpac -- gpacgf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.2019-04-156.8CVE-2019-11222
MISC
MISC
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.2019-04-156.4CVE-2019-4178
CONFIRM
XF
ibm -- websphere_mqIBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.2019-04-154.3CVE-2018-1925
XF
CONFIRM
intel -- graphics_performance_analyzerInsufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.2019-04-174.6CVE-2019-0158
BID
CONFIRM
intel -- media_sdkImproper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2019-04-174.6CVE-2018-18094
BID
CONFIRM
intelliants -- subrion_cmsSubrion CMS 4.1.5 has CSRF in blog/delete/.2019-04-156.8CVE-2017-18366
MISC
jenkins -- azure_publishersettings_credentialsJenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-184.0CVE-2019-10303
MISC
jenkins -- gitlabA missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-04-184.0CVE-2019-10301
MISC
jenkins -- jira-extJenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-184.0CVE-2019-10302
MISC
jenkins -- ontrackA sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.2019-04-186.5CVE-2019-10306
MISC
jenkins -- xebialabs_xl_deployA cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-184.3CVE-2019-10304
MISC
jenkins -- xebialabs_xl_deployA missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-184.0CVE-2019-10305
MISC
kofax -- front_office_serverAn XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.2019-04-184.0CVE-2018-17289
MISC
motorola -- cx2_firmwareAn issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.2019-04-185.0CVE-2019-11321
MISC
moxa -- eds-405a_firmwareMoxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.2019-04-155.0CVE-2019-6526
MISC
mozilla -- firefoxOut-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.2019-04-155.8CVE-2017-7771
MISC
CONFIRM
mozilla -- firefoxHeap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.2019-04-126.8CVE-2017-7772
CONFIRM
mozilla -- firefoxHeap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.2019-04-156.8CVE-2017-7773
CONFIRM
mozilla -- firefoxOut-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.2019-04-156.4CVE-2017-7774
CONFIRM
mozilla -- firefoxHeap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.2019-04-155.8CVE-2017-7776
CONFIRM
mozilla -- firefoxUse of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.2019-04-156.8CVE-2017-7777
CONFIRM
php -- phpWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.2019-04-186.4CVE-2019-11034
MISC
php -- phpWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.2019-04-186.4CVE-2019-11035
MISC
printeron -- printeronPrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).2019-04-184.3CVE-2018-17168
MISC
pulsesecure -- pulse_connect_secureIn Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.2019-04-126.8CVE-2019-11213
CONFIRM
MISC
CERT-VN
python -- urllib3In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.2019-04-154.3CVE-2019-11236
MISC
redhat -- libvirtlibvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.2019-04-185.0CVE-2016-10746
MISC
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit.2019-04-174.9CVE-2018-4004
MISC
shimovpn -- shimo_vpnAn exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.2019-04-176.6CVE-2018-4007
MISC
siemens -- cp_1604_firmwareA vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.2019-04-176.4CVE-2018-13808
MISC
siemens -- cp_1604_firmwareA vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.2019-04-174.3CVE-2018-13809
MISC
siemens -- cp_1604_firmwareA vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.2019-04-174.3CVE-2018-13810
MISC
siemens -- simatic_cp443-1_opc_uaA vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF186C (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (All versions), SINAMICS G130 V4.7 (All versions), SINAMICS G130 V4.7 SP1 (All versions), SINAMICS G130 V4.8 (All versions < V4.8 HF6), SINAMICS G130 V5.1 (All versions), SINAMICS G130 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (All versions), SINAMICS G150 V4.7 (All versions), SINAMICS G150 V4.7 SP1 (All versions), SINAMICS G150 V4.8 (All versions < V4.8 HF6), SINAMICS G150 V5.1 (All versions), SINAMICS G150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (All versions), SINAMICS S120 V4.7 (All versions), SINAMICS S120 V4.7 SP1 (All versions), SINAMICS S120 V4.8 (All versions < V4.8 HF6), SINAMICS S120 V5.1 (All versions), SINAMICS S120 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (All versions), SINAMICS S150 V4.7 (All versions), SINAMICS S150 V4.7 SP1 (All versions), SINAMICS S150 V4.8 (All versions < V4.8 HF6), SINAMICS S150 V5.1 (All versions), SINAMICS S150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (All versions), SINAMICS S210 V5.1 SP1 (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-175.0CVE-2019-6568
MISC
soflyy -- wp_all_importThere is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options.2019-04-124.3CVE-2018-16254
MISC
MISC
soflyy -- wp_all_importThere is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate.2019-04-124.3CVE-2018-16255
MISC
MISC
soflyy -- wp_all_importThere is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule).2019-04-124.3CVE-2018-16256
MISC
MISC
soflyy -- wp_all_importThere are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.2019-04-124.3CVE-2018-16257
MISC
MISC
soflyy -- wp_all_importThere is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type.2019-04-124.3CVE-2018-16258
MISC
MISC
soflyy -- wp_all_importThere is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit.2019-04-124.3CVE-2018-16259
MISC
MISC
tp-link -- wr840n_firmwareThe ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.2019-04-166.8CVE-2018-18489
MISC
tribulant -- slideshow_galleryXSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.2019-04-154.3CVE-2018-18017
MISC
MISC
tribulant -- slideshow_galleryXSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.2019-04-154.3CVE-2018-18019
MISC
MISC
urllib3_project -- urllib3The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.2019-04-185.0CVE-2019-11324
MLIST
MISC
vmware -- esxiVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.2019-04-155.8CVE-2019-5516
MISC
CONFIRM
vmware -- esxiVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.2019-04-155.8CVE-2019-5517
CONFIRM
vmware -- esxiVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.2019-04-154.3CVE-2019-5520
CONFIRM
MISC
w1.fi -- hostapdThe implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.2019-04-174.3CVE-2019-9494
CONFIRM
w1.fi -- hostapdThe implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.2019-04-174.3CVE-2019-9495
CONFIRM
w1.fi -- hostapdAn invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.2019-04-175.0CVE-2019-9496
CONFIRM
w1.fi -- hostapdThe implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.2019-04-176.8CVE-2019-9497
CONFIRM
w1.fi -- hostapdThe implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.2019-04-176.8CVE-2019-9498
CONFIRM
w1.fi -- hostapdThe implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.2019-04-176.8CVE-2019-9499
CONFIRM
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.2019-04-154.3CVE-2018-17583
MISC
MISC
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.2019-04-156.8CVE-2018-17584
MISC
MISC
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.2019-04-154.3CVE-2018-17585
MISC
MISC
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.2019-04-154.3CVE-2018-17586
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
centos-webpanel -- centos_web_panelCentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.2019-04-183.5CVE-2019-10893
MISC
MISC
MISC
checkpoint -- zonealarmSome of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.2019-04-172.1CVE-2019-8453
MISC
cisco -- aironet_access_point_firmwareA vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability.2019-04-173.3CVE-2019-1834
BID
CISCO
cisco -- aironet_access_point_firmwareA vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.2019-04-172.1CVE-2019-1835
BID
CISCO
cisco -- firepower_management_centerA vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user to access a report containing malicious content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions 6.2.3, 6.3.0, and 6.4.0 are affected.2019-04-173.5CVE-2019-1802
BID
CISCO
cisco -- identity_services_engineA vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco ISE software version 2.1 is affected.2019-04-173.5CVE-2019-1719
BID
CISCO
cisco -- meeting_serverA vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.2019-04-173.6CVE-2019-1794
CISCO
cisco -- registered_envelope_serviceA vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by sending an email with a malicious payload to another user. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability affects software versions 5.3.4.x.2019-04-173.5CVE-2019-1777
CISCO
cisco -- unified_computing_systemA vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted form of a limited subset of local management CLI commands. An exploit could allow the attacker to overwrite an arbitrary files on disk or inject CLI command parameters that should have been disabled. This vulnerability is fixed in software version 4.0(2a) and later.2019-04-173.6CVE-2019-1725
CISCO
cisco -- wireless_lan_controller_softwareA vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0).2019-04-173.3CVE-2019-1805
BID
CISCO
dlink -- di-524_firmwareOn D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.2019-04-183.5CVE-2019-11017
MISC
EXPLOIT-DB
intel -- -Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.2019-04-172.1CVE-2019-0162
CONFIRM
jenkins -- gitlabA cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-04-183.5CVE-2019-10300
MISC
kofax -- front_office_serverKofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).2019-04-183.5CVE-2018-17288
MISC
miui -- miuiA vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page.2019-04-182.1CVE-2019-11015
MISC
paloaltonetworks -- expedition_migration_toolCross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.2019-04-123.5CVE-2019-1574
BID
CONFIRM
redhat -- satelliteIt was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.2019-04-152.1CVE-2019-3891
CONFIRM
wp-events-plugin -- events_managerThe Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.2019-04-123.5CVE-2018-13137
MISC
MISC
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
74cms -- 74cms74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.2019-04-20not yet calculatedCVE-2019-11374
MISC
activision -- inifinity_ward_call_of_duty_games
 
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.2019-04-19not yet calculatedCVE-2018-20817
MISC
MISC
atftp -- atftpAn issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.2019-04-20not yet calculatedCVE-2019-11366
MISC
MISC
atftp -- atftpAn issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.2019-04-20not yet calculatedCVE-2019-11365
MISC
MISC
atlassian -- confluence_server_and_data_centerConfluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.2019-04-18not yet calculatedCVE-2019-3398
MISC
avecto -- defendpointAvecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.2019-04-17not yet calculatedCVE-2018-10959
MISC
MISC
MISC
check_point -- zonealarmA hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.2019-04-17not yet calculatedCVE-2019-8455
MISC
cisco -- aironet_series_access_pointsA vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.2019-04-17not yet calculatedCVE-2019-1829
BID
CISCO
cisco -- aironet_series_access_pointsA vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition.2019-04-17not yet calculatedCVE-2019-1826
BID
CISCO
cisco -- aironet_series_access_pointsA vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.2019-04-17not yet calculatedCVE-2019-1654
BID
CISCO
cisco -- asr_9000_series_aggregration_services_routersA vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.2019-04-17not yet calculatedCVE-2019-1710
BID
CISCO
cisco -- dna_centerA vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.2019-04-17not yet calculatedCVE-2019-1841
CISCO
clusterlabs -- pacemakerA flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS2019-04-18not yet calculatedCVE-2018-16878
CONFIRM
CONFIRM
clusterlabs -- pacemakerA flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.2019-04-18not yet calculatedCVE-2018-16877
CONFIRM
CONFIRM
contao -- contaoContao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.2019-04-17not yet calculatedCVE-2018-20028
CONFIRM
CONFIRM
cprime -- power_scriptsThe Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.2019-04-18not yet calculatedCVE-2019-9005
CONFIRM
MISC
dell -- supportassist_clientDell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.2019-04-18not yet calculatedCVE-2019-3718
MISC
dell -- supportassist_client
 
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables.2019-04-18not yet calculatedCVE-2019-3719
MISC
electronic_arts -- originThe client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.2019-04-19not yet calculatedCVE-2019-11354
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
elipse -- openj9In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.2019-04-19not yet calculatedCVE-2019-10245
CONFIRM
google -- androidIn l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119870451.2019-04-19not yet calculatedCVE-2019-2037
CONFIRM
google -- androidIn removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119496789.2019-04-19not yet calculatedCVE-2019-2030
CONFIRM
google -- androidIn the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.2019-04-19not yet calculatedCVE-2019-2041
CONFIRM
google -- androidIn updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0Android ID: A-1208661262019-04-19not yet calculatedCVE-2019-2026
CONFIRM
google -- androidIn btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744.2019-04-19not yet calculatedCVE-2019-2029
CONFIRM
google -- androidIn rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121260197.2019-04-19not yet calculatedCVE-2019-2039
CONFIRM
google -- androidIn rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122316913.2019-04-19not yet calculatedCVE-2019-2040
CONFIRM
google -- androidIn rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121259048.2019-04-19not yet calculatedCVE-2019-2038
CONFIRM
google -- androidIn numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120644655.2019-04-19not yet calculatedCVE-2019-2028
CONFIRM
google -- androidIn rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770.2019-04-19not yet calculatedCVE-2019-2034
CONFIRM
google -- androidIn create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-121327565.2019-04-19not yet calculatedCVE-2019-2033
CONFIRM
google -- androidIn SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-121145627.2019-04-19not yet calculatedCVE-2019-2032
CONFIRM
google -- androidIn rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120502559.2019-04-19not yet calculatedCVE-2019-2031
CONFIRM
google -- androidIn rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-1223202562019-04-19not yet calculatedCVE-2019-2035
CONFIRM
google -- android
 
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561.2019-04-19not yet calculatedCVE-2019-2027
CONFIRM
ibm -- mqIBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.2019-04-19not yet calculatedCVE-2019-4055
XF
CONFIRM
ibm -- qradar_siemIBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708.2019-04-19not yet calculatedCVE-2018-1729
CONFIRM
XF
intel -- broadwell_u_i5_vproInsufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.2019-04-17not yet calculatedCVE-2019-0163
CONFIRM
jenkins -- jenkinsCloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.2019-04-19not yet calculatedCVE-2019-11350
MISC
jquery -- jqueryjQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.2019-04-19not yet calculatedCVE-2019-11358
MISC
MISC
MISC
MISC
MISC
MISC
kofax -- front_office_server_administration_consoleIn Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation.2019-04-18not yet calculatedCVE-2018-17287
MISC
matrix -- sydentutil/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.2019-04-19not yet calculatedCVE-2019-11340
MISC
MISC
MISC
MISC
mediaarea -- mediainfoAn out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.2019-04-20not yet calculatedCVE-2019-11372
MISC
MISC
mediaarea -- mediainfoAn out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.2019-04-20not yet calculatedCVE-2019-11373
MISC
MISC
mkcms_project -- mkcmsMKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.2019-04-18not yet calculatedCVE-2019-11332
MISC
msvod -- msvodMsvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.2019-04-20not yet calculatedCVE-2019-11375
MISC
nvidia -- jetson_tx2NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6269
CONFIRM
nvidia -- jetson_tx2NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6239
CONFIRM
okhttp -- okhttpCertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.2019-04-18not yet calculatedCVE-2018-20200
MISC
MISC
MISC
MISC
pluck -- pluckdata/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.2019-04-19not yet calculatedCVE-2019-11344
MISC
projectsend -- projectsendAn issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.2019-04-20not yet calculatedCVE-2019-11378
MISC
qemu -- qemuhw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.2019-04-19not yet calculatedCVE-2019-5008
MISC
MISC
rocboss -- rocbossapp/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.2019-04-20not yet calculatedCVE-2019-11362
MISC
scilico -- i_librarianCross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.2019-04-19not yet calculatedCVE-2019-11359
MISC
seimans -- sinema_remote_connect_serverA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-04-17not yet calculatedCVE-2019-6570
MISC
sony -- photo_sharing_plusAn incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network.2019-04-19not yet calculatedCVE-2019-10886
CONFIRM
teamspeak_systems -- teamspeak_3_clientTeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.2019-04-19not yet calculatedCVE-2019-11351
MISC
vesta -- control_panelVesta Control Panel 0.9.8-23 allows XSS via a crafted URL.2019-04-19not yet calculatedCVE-2019-9841
MISC
CONFIRM
CONFIRM
wcms -- wcmswcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.2019-04-20not yet calculatedCVE-2019-11377
MISC
MISC
xerox -- colorqube_and_colorcube_printersWithin multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.2019-04-12not yet calculatedCVE-2019-10880
MISC
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top