Vulnerability Summary for the Week of May 6, 2019
Released
May 13, 2019
Document ID
SB19-133
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ambittechnologies -- itech_b2b_script | Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote). | 2019-05-09 | 7.5 | CVE-2017-12757 MISC MISC |
| barni -- master_ip_camera01_firmware | MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. | 2019-05-08 | 7.5 | CVE-2019-8387 MISC MISC MISC |
| blogengine -- blogengine.net | BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | 2019-05-07 | 7.5 | CVE-2018-14485 MISC MISC MISC |
| cisco -- adaptive_security_appliance_software | A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition. | 2019-05-03 | 7.8 | CVE-2018-15388 CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition. | 2019-05-03 | 7.8 | CVE-2019-1687 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. | 2019-05-03 | 7.8 | CVE-2019-1694 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2019-05-03 | 7.8 | CVE-2019-1697 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. | 2019-05-03 | 7.8 | CVE-2019-1706 CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. | 2019-05-03 | 7.8 | CVE-2019-1708 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. | 2019-05-03 | 9.3 | CVE-2019-1713 CISCO |
| cisco -- application_policy_infrastructure_controller | A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device. | 2019-05-03 | 7.2 | CVE-2019-1682 CISCO |
| cisco -- firepower_management_center | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | 2019-05-03 | 7.2 | CVE-2019-1699 CISCO |
| cisco -- firepower_management_center | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | 2019-05-03 | 7.2 | CVE-2019-1709 BID CISCO |
| cisco -- firepower_threat_defense | A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device. | 2019-05-03 | 7.8 | CVE-2018-15462 BID CISCO |
| cisco -- firepower_threat_defense | A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may prevent ingress buffers from being replenished under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to consume all input buffers, which are shared between all interfaces, leading to a queue wedge condition in all active interfaces. This situation would cause an affected device to stop processing any incoming traffic and result in a DoS condition until the device is reloaded manually. | 2019-05-03 | 7.8 | CVE-2019-1703 BID CISCO |
| cisco -- ip_conference_phone_7832_firmware | A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. | 2019-05-03 | 7.8 | CVE-2019-1635 CISCO |
| cisco -- nexus_9000_series_application_centric_infrastructure | A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device. | 2019-05-03 | 7.2 | CVE-2019-1803 CISCO |
| cisco -- nexus_93108tc-ex_firmware | A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. | 2019-05-03 | 10.0 | CVE-2019-1804 CISCO |
| cisco -- nx-os | A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. | 2019-05-03 | 7.2 | CVE-2019-1592 CISCO |
| cisco -- web_security_appliance | A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | 2019-05-03 | 7.2 | CVE-2019-1816 CISCO |
| cjson_project -- cjson | cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. | 2019-05-09 | 7.5 | CVE-2019-11834 MISC MISC MISC |
| cjson_project -- cjson | cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. | 2019-05-09 | 7.5 | CVE-2019-11835 MISC MISC MISC |
| coship -- rt3050_firmware | An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network. | 2019-05-07 | 7.5 | CVE-2019-7564 MISC |
| cyberark -- enterprise_password_vault | An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | 2019-05-08 | 7.5 | CVE-2019-7442 MISC MISC |
| dhcpcd_project -- dhcpcd | dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | 2019-05-05 | 7.5 | CVE-2019-11766 BID MISC MISC MISC MISC |
| engeniustech -- ews660ap_firmware | The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | 2019-05-09 | 10.0 | CVE-2019-11353 MISC MISC |
| ge -- communicator | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 2019-05-09 | 9.3 | CVE-2019-6564 MISC |
| ge -- communicator | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | 2019-05-09 | 7.2 | CVE-2019-6566 MISC |
| google -- android | NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A. | 2019-05-07 | 7.2 | CVE-2018-6243 BID CONFIRM |
| google -- android | In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 | 2019-05-08 | 9.3 | CVE-2019-2044 CONFIRM |
| google -- android | In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758 | 2019-05-08 | 10.0 | CVE-2019-2045 CONFIRM |
| google -- android | In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220 | 2019-05-08 | 10.0 | CVE-2019-2046 CONFIRM |
| google -- android | In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414 | 2019-05-08 | 10.0 | CVE-2019-2047 CONFIRM |
| google -- android | In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9 Android ID: A-120445479 | 2019-05-08 | 7.2 | CVE-2019-2049 CONFIRM |
| google -- android | In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9 Android ID: A-121327323 | 2019-05-08 | 7.2 | CVE-2019-2050 CONFIRM |
| google -- android | In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117555811 | 2019-05-08 | 7.8 | CVE-2019-2051 CONFIRM |
| google -- android | In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117556606 | 2019-05-08 | 7.8 | CVE-2019-2052 CONFIRM |
| hisilicon -- hi3516_firmware | A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and software, as demonstrated by TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2; FDT FD7902 11.3.14.1.3 and 10.3.14.1.3; FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815; and Dericam cameras V11.3.8.1.12. | 2019-05-07 | 10.0 | CVE-2019-11560 MISC |
| joomlaextensions -- component_appointment | https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component. | 2019-05-09 | 7.5 | CVE-2017-12758 MISC MISC |
| kde -- kauth | KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. | 2019-05-07 | 9.3 | CVE-2019-7443 MISC MISC CONFIRM MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | 2019-05-07 | 9.3 | CVE-2018-20836 BID MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | 2019-05-07 | 7.8 | CVE-2019-11810 BID MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. | 2019-05-07 | 10.0 | CVE-2019-11811 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | 2019-05-08 | 9.3 | CVE-2019-11815 BID MISC MISC MISC |
| nginx -- njs | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. | 2019-05-09 | 7.5 | CVE-2019-11838 MISC |
| nginx -- njs | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. | 2019-05-09 | 7.5 | CVE-2019-11839 MISC |
| openmrs -- openmrs-module-htmlformentry | OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | 2019-05-10 | 7.5 | CVE-2017-12795 MISC MISC MISC |
| parsecgaming -- parsec | A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | 2019-05-07 | 7.5 | CVE-2018-6634 MISC |
| php -- imagick | In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. | 2019-05-03 | 7.5 | CVE-2019-11037 MISC |
| printerlogic -- print_management | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit. | 2019-05-08 | 10.0 | CVE-2018-5409 BID CERT-VN |
| printerlogic -- print_management | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges. | 2019-05-08 | 10.0 | CVE-2019-9505 BID CERT-VN |
| qualcomm -- fsm9055_firmware | Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016. | 2019-05-06 | 7.2 | CVE-2017-18279 MISC |
| qualcomm -- mdm9206_firmware | In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. | 2019-05-06 | 7.2 | CVE-2017-18131 CONFIRM |
| qualcomm -- mdm9206_firmware | While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20. | 2019-05-06 | 7.2 | CVE-2017-18156 MISC |
| qualcomm -- mdm9206_firmware | A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | 2019-05-06 | 7.2 | CVE-2017-18157 CONFIRM |
| qualcomm -- mdm9206_firmware | While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835 | 2019-05-06 | 7.2 | CVE-2017-18274 MISC |
| qualcomm -- mdm9206_firmware | Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850 | 2019-05-06 | 7.2 | CVE-2017-18276 MISC |
| qualcomm -- mdm9206_firmware | An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850. | 2019-05-06 | 7.2 | CVE-2017-18278 MISC |
| qualcomm -- sd_425_firmware | In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. | 2019-05-06 | 7.2 | CVE-2017-18173 MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | 2019-05-06 | 9.0 | CVE-2018-4061 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. | 2019-05-06 | 9.3 | CVE-2018-4062 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2019-05-06 | 9.0 | CVE-2018-4063 MISC BID MISC MISC |
| smartbear -- readyapi | The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | 2019-05-03 | 9.3 | CVE-2018-20580 MISC MISC EXPLOIT-DB |
| sricam -- deviceviewer | Shenzhen Sricctv DeviceViewer for XP has a Buffer Overflow via the username field on the initial login form. | 2019-05-09 | 7.5 | CVE-2019-11563 EXPLOIT-DB |
| typo3 -- typo3 | TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | 2019-05-09 | 9.3 | CVE-2019-11832 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alkacon -- opencms | Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. | 2019-05-08 | 4.3 | CVE-2019-11818 MISC MISC |
| alkacon -- opencms | Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. | 2019-05-08 | 6.8 | CVE-2019-11819 MISC MISC |
| alliedtelesis -- 8100l/8_firmware | Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter. | 2019-05-07 | 4.3 | CVE-2018-20503 MISC |
| apache -- commons_imaging | Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. | 2019-05-06 | 5.0 | CVE-2018-17201 MLIST |
| apache -- commons_imaging | Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. | 2019-05-06 | 5.0 | CVE-2018-17202 MLIST |
| apache -- karaf | Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later. | 2019-05-09 | 5.5 | CVE-2019-0226 MLIST |
| atlassian -- jira | The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | 2019-05-03 | 4.3 | CVE-2018-20824 MISC |
| atlassian -- jira | The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | 2019-05-03 | 4.3 | CVE-2019-3400 BID MISC |
| axios -- axios | Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. | 2019-05-07 | 5.0 | CVE-2019-10742 MISC MISC MISC |
| cakefoundation -- cakephp | An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction. | 2019-05-08 | 6.4 | CVE-2019-11458 CONFIRM CONFIRM MISC MISC MISC |
| chuango -- a11_firmware | The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. | 2019-05-08 | 4.3 | CVE-2019-11561 MISC |
| cisco -- adaptive_security_appliance_software | A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. | 2019-05-03 | 6.8 | CVE-2019-1693 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry. | 2019-05-03 | 6.1 | CVE-2019-1695 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. | 2019-05-03 | 4.3 | CVE-2019-1705 BID CISCO |
| cisco -- adaptive_security_appliance_software | A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device. | 2019-05-03 | 5.0 | CVE-2019-1714 BID CISCO |
| cisco -- application_policy_infrastructure_controller | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device. | 2019-05-03 | 5.0 | CVE-2019-1692 BID CISCO |
| cisco -- email_security_appliance | A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users. | 2019-05-03 | 5.0 | CVE-2019-1844 BID CISCO |
| cisco -- firepower_threat_defense | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-05-03 | 5.0 | CVE-2019-1704 BID CISCO |
| cisco -- firepower_threat_defense | A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device. | 2019-05-03 | 5.0 | CVE-2019-1715 CISCO |
| cisco -- hx220c_af_m5_firmware | A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. | 2019-05-03 | 6.8 | CVE-2019-1857 BID CISCO |
| cisco -- network_registrar | A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | 2019-05-03 | 4.3 | CVE-2019-1852 CISCO |
| cisco -- nx-os | A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. | 2019-05-03 | 4.0 | CVE-2019-1587 CISCO |
| cisco -- nx-os | A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device. | 2019-05-03 | 6.8 | CVE-2019-1590 CISCO |
| cisco -- nx-os | A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i). | 2019-05-03 | 6.6 | CVE-2019-1836 BID CISCO |
| cisco -- prime_collaboration_assurance | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external devices to the web-based management interface of an affected PCA device. An attacker in control of devices integrated with an affected PCA device could exploit this vulnerability by using crafted data in certain fields of the controlled devices. A successful exploit could allow the attacker to execute arbitrary script code in the context of the PCA web-based management interface or allow the attacker to access sensitive browser-based information. | 2019-05-03 | 4.3 | CVE-2019-1856 BID CISCO |
| cisco -- rv320_dual_gigabit_wan_vpn_router_software | A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session. | 2019-05-03 | 6.8 | CVE-2019-1724 CISCO |
| cisco -- telepresence_video_communication_server | A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface. | 2019-05-03 | 4.0 | CVE-2019-1854 BID CISCO |
| cisco -- umbrella | A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required. | 2019-05-03 | 6.8 | CVE-2019-1807 CISCO |
| cisco -- web_security_appliance | A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition. | 2019-05-03 | 5.0 | CVE-2019-1817 CISCO |
| coppermine-gallery -- coppermine_photo_gallery | ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | 2019-05-07 | 4.3 | CVE-2018-14478 MISC MISC |
| denx -- u-boot | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. | 2019-05-03 | 4.3 | CVE-2019-11690 MISC |
| dkpro-core_project -- dkpro-core | core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. | 2019-05-10 | 6.4 | CVE-2019-11082 MISC |
| dlink -- dcs-5009l_firmware | The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). | 2019-05-06 | 6.5 | CVE-2019-10999 MISC |
| dovecot -- dovecot | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | 2019-05-08 | 5.0 | CVE-2019-11494 MISC MISC |
| dovecot -- dovecot | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | 2019-05-08 | 5.0 | CVE-2019-11499 MISC MISC |
| entropymine -- imageworsener | The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file. | 2019-05-09 | 4.3 | CVE-2017-12804 MISC |
| f5 -- big-ip_access_policy_manager | When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured with a virtual server using a PPTP profile is exposed to this vulnerability. | 2019-05-03 | 5.0 | CVE-2019-6611 BID CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. | 2019-05-03 | 5.0 | CVE-2019-6612 CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. | 2019-05-03 | 5.0 | CVE-2019-6613 BID CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. | 2019-05-03 | 5.5 | CVE-2019-6614 CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. | 2019-05-03 | 6.5 | CVE-2019-6615 BID CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. | 2019-05-03 | 6.5 | CVE-2019-6616 CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. | 2019-05-03 | 5.5 | CVE-2019-6617 BID CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions. | 2019-05-03 | 4.0 | CVE-2019-6618 CONFIRM |
| f5 -- big-ip_access_policy_manager | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero. | 2019-05-03 | 5.0 | CVE-2019-6619 BID CONFIRM |
| facebook -- thrift | C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | 2019-05-06 | 5.0 | CVE-2019-3552 BID MISC |
| facebook -- thrift | Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | 2019-05-06 | 5.0 | CVE-2019-3558 BID MISC MISC |
| facebook -- thrift | Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | 2019-05-06 | 5.0 | CVE-2019-3559 MISC MISC |
| facebook -- thrift | Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | 2019-05-06 | 5.0 | CVE-2019-3564 MISC MISC |
| facebook -- thrift | Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. | 2019-05-06 | 5.0 | CVE-2019-3565 BID MISC MISC |
| ge -- communicator | GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | 2019-05-09 | 6.8 | CVE-2019-6544 MISC |
| ge -- communicator | GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 2019-05-09 | 6.8 | CVE-2019-6546 MISC |
| ge -- communicator | GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | 2019-05-09 | 6.8 | CVE-2019-6548 MISC |
| google -- android | In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087 | 2019-05-08 | 6.9 | CVE-2019-2043 BID CONFIRM |
| google -- android | In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-122074159 | 2019-05-08 | 4.9 | CVE-2019-2053 CONFIRM |
| google -- android | In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | 2019-05-08 | 4.6 | CVE-2019-2054 CONFIRM |
| haproxy -- haproxy | HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. | 2019-05-09 | 4.3 | CVE-2019-11323 MISC CONFIRM |
| htmly -- htmly | Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature. | 2019-05-08 | 4.3 | CVE-2019-8349 MISC MISC MISC |
| humhub -- humhub | A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request. | 2019-05-08 | 4.3 | CVE-2019-11564 MISC MISC |
| ibm -- cloud_app_management | IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283. | 2019-05-10 | 5.0 | CVE-2018-1990 XF CONFIRM |
| ibm -- curam_social_program_management | IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. | 2019-05-07 | 6.8 | CVE-2018-2001 XF CONFIRM |
| ibm -- financial_transaction_manager | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | 2019-05-10 | 6.8 | CVE-2018-1790 CONFIRM XF |
| ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146. | 2019-05-07 | 4.0 | CVE-2018-2008 CONFIRM XF |
| ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. | 2019-05-07 | 5.5 | CVE-2019-4208 CONFIRM XF |
| imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. | 2019-05-09 | 5.0 | CVE-2017-12805 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. | 2019-05-09 | 5.0 | CVE-2017-12806 MISC |
| impresscms -- impresscms | ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | 2019-05-06 | 4.3 | CVE-2018-13983 MISC MISC MISC |
| intelliants -- subrion_cms | Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | 2019-05-08 | 4.3 | CVE-2019-11406 MISC MISC |
| jio -- jmr1140_firmware | cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. | 2019-05-07 | 4.3 | CVE-2019-7687 MISC MISC |
| jio -- jmr1140_firmware | JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field. | 2019-05-07 | 5.0 | CVE-2019-7745 MISC MISC MISC |
| jio -- jmr1140_firmware | JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset. | 2019-05-07 | 4.3 | CVE-2019-7746 MISC MISC |
| lenovo -- xclarity_administrator | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | 2019-05-03 | 4.3 | CVE-2019-6158 BID MISC |
| libreoffice -- libreoffice | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. | 2019-05-09 | 6.8 | CVE-2019-9847 CONFIRM |
| mahara -- mahara | An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system. | 2019-05-07 | 4.0 | CVE-2019-9708 CONFIRM CONFIRM |
| matrix -- sydent | An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. | 2019-05-09 | 5.0 | CVE-2019-11842 MISC |
| metinfo -- metinfo | Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. | 2019-05-09 | 4.3 | CVE-2017-12788 MISC |
| metinfo -- metinfo | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state. | 2019-05-09 | 4.3 | CVE-2017-12790 MISC |
| microfocus -- identity_manager | The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. | 2019-05-09 | 5.0 | CVE-2016-1600 CONFIRM |
| misp -- misp | A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. | 2019-05-08 | 4.3 | CVE-2019-11812 MISC |
| misp -- misp | An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. | 2019-05-08 | 4.3 | CVE-2019-11813 MISC |
| misp -- misp | An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | 2019-05-08 | 4.3 | CVE-2019-11814 MISC |
| mpg123 -- mpg123 | A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. | 2019-05-09 | 6.8 | CVE-2017-12839 MISC MISC MISC |
| nginx -- njs | njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. | 2019-05-09 | 5.0 | CVE-2019-11837 MISC |
| ninjaforms -- ninja_forms | Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | 2019-05-07 | 6.8 | CVE-2019-10869 MISC MISC |
| open-xchange -- open-xchange_appsuite | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | 2019-05-10 | 5.0 | CVE-2017-12884 MISC MISC CONFIRM |
| open-xchange -- open-xchange_appsuite | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | 2019-05-10 | 4.3 | CVE-2017-12885 CONFIRM |
| paloaltonetworks -- demisto | Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | 2019-05-09 | 4.3 | CVE-2019-1568 CONFIRM |
| php -- php | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | 2019-05-03 | 6.4 | CVE-2019-11036 BID MISC FEDORA FEDORA FEDORA |
| phpbb -- phpbb | Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | 2019-05-05 | 5.0 | CVE-2019-11767 MISC |
| printerlogic -- print_management | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. | 2019-05-08 | 5.8 | CVE-2018-5408 BID CERT-VN |
| pulsesecure -- pulse_connect_secure | In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. | 2019-05-08 | 4.3 | CVE-2019-11507 MISC CONFIRM |
| pulsesecure -- pulse_connect_secure | In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | 2019-05-08 | 6.5 | CVE-2019-11508 MISC CONFIRM |
| pulsesecure -- pulse_connect_secure | In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 2019-05-08 | 6.5 | CVE-2019-11510 BID MISC CONFIRM |
| qnap -- myqnapcloud | Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. | 2019-05-09 | 5.0 | CVE-2019-7181 CONFIRM |
| qualcomm -- mdm9206_firmware | A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845. | 2019-05-06 | 4.9 | CVE-2017-18275 MISC |
| qualcomm -- sd_410_firmware | When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. | 2019-05-06 | 4.9 | CVE-2017-15841 CONFIRM |
| ratpack_project -- ratpack | Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs. | 2019-05-07 | 4.3 | CVE-2019-11808 MISC MISC MISC |
| redhat -- jboss_enterprise_application_platform | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. | 2019-05-03 | 4.7 | CVE-2019-3805 REDHAT REDHAT REDHAT REDHAT CONFIRM |
| redhat -- jboss_enterprise_application_platform | It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. | 2019-05-03 | 6.5 | CVE-2019-3894 REDHAT REDHAT REDHAT REDHAT CONFIRM |
| revive-adserver -- revive_adserver | A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0. | 2019-05-06 | 5.8 | CVE-2019-5433 MISC MISC |
| rukovoditel -- rukovoditel | Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | 2019-05-07 | 4.3 | CVE-2019-7541 MISC MISC MISC |
| s9y -- serendipity | Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | 2019-05-09 | 4.3 | CVE-2019-11870 MLIST MISC MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. | 2019-05-06 | 4.3 | CVE-2018-4065 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability. | 2019-05-06 | 6.8 | CVE-2018-4066 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2019-05-06 | 4.0 | CVE-2018-4067 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. | 2019-05-06 | 5.0 | CVE-2018-4068 MISC |
| sierrawireless -- airlink_es450_firmware | An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. | 2019-05-06 | 5.0 | CVE-2018-4069 MISC BID MISC MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. | 2019-05-06 | 4.0 | CVE-2018-4070 MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_TLGet_Task.cgi endpoint. | 2019-05-06 | 4.0 | CVE-2018-4071 MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. | 2019-05-06 | 6.5 | CVE-2018-4072 MISC |
| sierrawireless -- airlink_es450_firmware | An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. | 2019-05-06 | 6.5 | CVE-2018-4073 MISC |
| ui -- unifi_video | In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | 2019-05-06 | 6.8 | CVE-2019-5430 MISC MISC |
| ulicms -- ulicms | Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon. | 2019-05-08 | 4.3 | CVE-2019-11398 MISC MISC |
| veeam -- one_reporter | Veeam ONE Reporter 9.5.0.3201 allows CSRF. | 2019-05-06 | 6.8 | CVE-2019-11569 EXPLOIT-DB |
| webfile_explorer_project -- webfile_explorer | http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php. | 2019-05-09 | 5.0 | CVE-2017-12761 MISC MISC MISC MISC |
| wplaunchpad -- wpbackupplus | The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | 2019-05-07 | 5.0 | CVE-2018-19456 SUSE MISC |
| ynetinteractive -- mobiketa | Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote). | 2019-05-09 | 6.5 | CVE-2017-12760 MISC MISC |
| yuzopro -- yuzo | The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting. | 2019-05-09 | 4.3 | CVE-2019-11869 MISC MISC |
| zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. | 2019-05-07 | 4.3 | CVE-2019-7426 MISC MISC |
| zohocorp -- manageengine_netflow_analyzer | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. | 2019-05-07 | 4.3 | CVE-2019-7427 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- adaptive_security_appliance_software | Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. | 2019-05-03 | 3.5 | CVE-2019-1701 BID CISCO |
| cisco -- application_policy_infrastructure_controller | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | 2019-05-03 | 2.1 | CVE-2019-1586 BID CISCO |
| cisco -- application_policy_infrastructure_controller | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i). | 2019-05-03 | 3.5 | CVE-2019-1838 BID CISCO |
| cisco -- firepower_management_center | Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-05-03 | 3.3 | CVE-2019-1696 BID CISCO |
| cisco -- nx-os | A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device. | 2019-05-03 | 2.1 | CVE-2019-1589 BID CISCO |
| ibm -- business_automation_workflow | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125. | 2019-05-10 | 3.5 | CVE-2019-4204 XF CONFIRM |
| ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. | 2019-05-07 | 2.1 | CVE-2019-4207 XF CONFIRM |
| mahara -- mahara | An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user. | 2019-05-07 | 3.5 | CVE-2019-9709 CONFIRM CONFIRM |
| qbittorrent -- qbittorrent | The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. | 2019-05-09 | 3.6 | CVE-2017-12778 MISC MISC MISC |
| rediff -- rediffmail | The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout. | 2019-05-09 | 2.1 | CVE-2019-11836 MISC |
| synology -- calendar | Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | 2019-05-09 | 2.1 | CVE-2019-11820 CONFIRM |
| typesettercms -- typesetter | include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | 2019-05-09 | 3.5 | CVE-2018-20837 MISC MISC |
| wincofireworks -- fw-1007_firmware | An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. | 2019-05-08 | 3.3 | CVE-2019-5014 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alpine_linux -- docker | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. | 2019-05-08 | not yet calculated | CVE-2019-5021 BID CONFIRM MISC |
| aruba -- instant | If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | 2019-05-10 | not yet calculated | CVE-2018-7083 CONFIRM |
| aruba -- instant | A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1 | 2019-05-10 | not yet calculated | CVE-2018-7084 CONFIRM |
| aruba -- instant | A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | 2019-05-10 | not yet calculated | CVE-2018-7064 CONFIRM |
| aruba -- instant | A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | 2019-05-10 | not yet calculated | CVE-2018-7082 CONFIRM |
| ascensia_diabetes_care -- contour_next_one_for_android | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information. | 2019-05-06 | not yet calculated | CVE-2018-18979 MISC |
| ascensia_diabetes_care -- contour_next_one_for_android | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation. | 2019-05-06 | not yet calculated | CVE-2018-18977 MISC |
| ascensia_diabetes_care -- contour_next_one_for_android | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information. | 2019-05-06 | not yet calculated | CVE-2018-18978 MISC |
| ascensia_diabetes_care -- contour_next_one_for_ios | An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information. | 2019-05-06 | not yet calculated | CVE-2018-18975 MISC |
| ascensia_diabetes_care -- contour_next_one_for_ios_and_android | An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.) | 2019-05-06 | not yet calculated | CVE-2018-18976 MISC |
| avaya -- ip_office | An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading. | 2019-05-10 | not yet calculated | CVE-2018-8812 MISC MISC MISC |
| cisco -- elastic_services_controller | A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. | 2019-05-10 | not yet calculated | CVE-2019-1867 CISCO |
| cisco -- small_business_switches_software | A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. | 2019-05-03 | not yet calculated | CVE-2019-1859 CISCO |
| citrix -- sd-wan_and_netscaler_sd-wan | Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | 2019-05-08 | not yet calculated | CVE-2019-11550 CONFIRM MISC |
| das_u-boot -- das_u-boot | Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. | 2019-05-10 | not yet calculated | CVE-2019-11059 CONFIRM MISC |
| eclipse -- xtext-xtend | All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. | 2019-05-06 | not yet calculated | CVE-2019-10249 CONFIRM CONFIRM |
| gitlab -- gitlab_enterprise_edition | An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. | 2019-05-10 | not yet calculated | CVE-2019-11000 CONFIRM MISC |
| golang -- go | An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. | 2019-05-09 | not yet calculated | CVE-2019-11840 MISC MISC MISC MISC |
| hpe -- nonstop_safeguard | A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials. | 2019-05-10 | not yet calculated | CVE-2018-7119 CONFIRM |
| hpe -- synergy | A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. | 2019-05-10 | not yet calculated | CVE-2018-7120 CONFIRM |
| ibm -- spectrum_control_standard_edition | IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063. | 2019-05-09 | not yet calculated | CVE-2019-4071 CONFIRM XF |
| ibm -- spectrum_control_standard_edition | IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064. | 2019-05-09 | not yet calculated | CVE-2019-4072 CONFIRM XF |
| kaspersky -- antivirus_engine | Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | 2019-05-08 | not yet calculated | CVE-2019-8285 BID CONFIRM |
| lightopenid -- lightopenid | openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. | 2019-05-10 | not yet calculated | CVE-2019-11066 MISC |
| linux -- kernel | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | 2019-05-10 | not yet calculated | CVE-2019-11884 MISC MISC MISC |
| metinfo -- metinfo | Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state. | 2019-05-10 | not yet calculated | CVE-2017-12789 MISC |
| mqttjs -- mqtt-packet | A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | 2019-05-06 | not yet calculated | CVE-2019-5432 MISC |
| netapp -- oncommand_insight | Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 2019-05-10 | not yet calculated | CVE-2019-5496 CONFIRM |
| netapp -- oncommand_unified_manager_for_7-mode | OnCommand Unified Manager for 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 2019-05-10 | not yet calculated | CVE-2019-5494 CONFIRM |
netapp -- oncommand_unified_manager_for_vmware_vsphere_ and_linux_and_windows | OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 2019-05-10 | not yet calculated | CVE-2019-5495 CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service. | 2019-05-10 | not yet calculated | CVE-2019-5677 CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | 2019-05-10 | not yet calculated | CVE-2019-5676 CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure. | 2019-05-10 | not yet calculated | CVE-2019-5675 CONFIRM |
| oneshield -- oneshield_policy | A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application. | 2019-05-08 | not yet calculated | CVE-2019-11642 MISC MISC |
| oneshield -- oneshield_policy | Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users. | 2019-05-08 | not yet calculated | CVE-2019-11643 MISC MISC |
| opto_22 -- multiple_products | A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | 2019-05-10 | not yet calculated | CVE-2015-1006 MISC |
| phoenix_contact -- fl_switch_series | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. | 2019-05-07 | not yet calculated | CVE-2018-13992 MISC MISC |
| phoenix_contact -- fl_switch_series | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. | 2019-05-07 | not yet calculated | CVE-2018-13994 MISC MISC |
| phoenix_contact -- fl_switch_series | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. | 2019-05-07 | not yet calculated | CVE-2018-13993 MISC MISC |
| phoenix_contact -- fl_switch_series | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. | 2019-05-07 | not yet calculated | CVE-2018-13991 MISC MISC |
| phoenix_contact -- fl_switch_series | The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | 2019-05-06 | not yet calculated | CVE-2018-13990 MISC MISC |
| pivotal -- spring_cloud_config | Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | 2019-05-06 | not yet calculated | CVE-2019-3799 MISC CONFIRM |
| pivotal -- spring_data_jpa | This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | 2019-05-06 | not yet calculated | CVE-2019-3797 CONFIRM |
| revive -- revive_adserver | An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0. | 2019-05-06 | not yet calculated | CVE-2019-5434 MISC MISC MISC |
| sintaxi -- harp | Path traversal using symlink in npm harp module versions <= 0.29.0. | 2019-05-10 | not yet calculated | CVE-2019-5438 MISC |
| sintaxi -- harp | Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | 2019-05-10 | not yet calculated | CVE-2019-5437 MISC |
| sonatype -- nexus_repository_manager | Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. | 2019-05-07 | not yet calculated | CVE-2019-11629 CONFIRM |
| sqlite -- sqlite | An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. | 2019-05-10 | not yet calculated | CVE-2019-5018 MISC |
| symantec -- av_engine | Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges. | 2019-05-08 | not yet calculated | CVE-2019-9698 CONFIRM |
| thehive-project -- unshortenlink_analyzer | TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts. | 2019-05-09 | not yet calculated | CVE-2019-7652 MISC CONFIRM |
| twitter -- twitter_kit_for_ios | This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service. | 2019-05-06 | not yet calculated | CVE-2019-5431 MISC |
| typo3_project -- phar-stream-wrapper | The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 2019-05-09 | not yet calculated | CVE-2019-11831 MISC MISC MISC CONFIRM CONFIRM |
| typo3_project -- phar-stream-wrapper | PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | 2019-05-09 | not yet calculated | CVE-2019-11830 MISC MISC MISC |
| wago -- mutliple_devices | The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | 2019-05-07 | not yet calculated | CVE-2019-10712 MISC |
| whatsapp -- whatsapp | A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103. | 2019-05-10 | not yet calculated | CVE-2019-3566 MISC |
| wordpress -- wordpress | The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. | 2019-05-09 | not yet calculated | CVE-2019-11871 MISC |
| wordpress -- wordpress | The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. | 2019-05-06 | not yet calculated | CVE-2019-11807 MISC |
| xiongmai -- besder_ip20h1_cameras | An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds. | 2019-05-10 | not yet calculated | CVE-2019-11878 MISC MISC |
| ynet_interactive -- soa_school_management | Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote). | 2019-05-09 | not yet calculated | CVE-2017-12759 MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.