SB19-049: Vulnerability Summary for the Week of February 11, 2019

advancecomp — advancecomp An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. 2019-02-16 not yet calculated CVE-2019-8383
MISC
MISC advancecomp — advancecomp
  An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. 2019-02-16 not yet calculated CVE-2019-8379
MISC
MISC amazon — fire_os Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for “Terms of Use” and Privacy pages. 2019-02-16 not yet calculated CVE-2019-7399
BID
MISC atlassian — jira
  The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. 2019-02-13 not yet calculated CVE-2018-13404
CONFIRM bento4 — bento4 An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8382
MISC
MISC bento4 — bento4 An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8380
MISC
MISC bento4 — bento4
  An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8378
MISC
MISC bitcoin — bitcoin_core_and_bitcoin_knots
  Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port. 2019-02-11 not yet calculated CVE-2018-20587
MISC
MISC c.p.sub_project — c.p.sub C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. 2019-02-11 not yet calculated CVE-2019-7738
MISC
MISC cisco — meeting_server
  A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected. 2019-02-08 not yet calculated CVE-2019-1676
BID
CISCO cisco — network_assurance_engine
  A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). 2019-02-12 not yet calculated CVE-2019-1688
BID
CISCO cloud_foundry — credhub_cli
  Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. 2019-02-13 not yet calculated CVE-2019-3782
BID
CONFIRM d-circle — power_egg Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors. 2019-02-13 not yet calculated CVE-2019-5916
JVN
MISC d-link — dir-823g_devices An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. 2019-02-16 not yet calculated CVE-2019-8392
MISC d-link — dir-878_devices An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field. 2019-02-12 not yet calculated CVE-2019-8317
MISC dedecms — dedecms
  DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as “1.jpg.php” (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). 2019-02-16 not yet calculated CVE-2019-8362
MISC dell — wyse_password_encoder
  The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. 2019-02-13 not yet calculated CVE-2018-15781
MISC django — django Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. 2019-02-11 not yet calculated CVE-2019-6975
BID
MISC
MISC
UBUNTU
MISC
MISC dundas_data_visualization — dundas_bi
  The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the “export the dashboard as an image” feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks. 2019-02-11 not yet calculated CVE-2018-18569
MISC eclipse — openj9
  In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. 2019-02-11 not yet calculated CVE-2018-12547
CONFIRM eclipse — openj9
  In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. 2019-02-11 not yet calculated CVE-2018-12549
CONFIRM enphase_energy — envoy XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. 2019-02-09 not yet calculated CVE-2019-7677
MISC
MISC enphase_energy — envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. 2019-02-09 not yet calculated CVE-2019-7678
MISC
MISC flatpak — flatpak Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. 2019-02-12 not yet calculated CVE-2019-8308
MISC
MISC
MISC freebsd — freebsd In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. 2019-02-12 not yet calculated CVE-2019-5596
FREEBSD freebsd — freebsd In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. 2019-02-12 not yet calculated CVE-2019-5595
FREEBSD genivia — gsoap Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. 2019-02-09 not yet calculated CVE-2019-7659
CONFIRM gnome — keyring
  In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user’s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. 2019-02-12 not yet calculated CVE-2018-20781
MISC
MISC
MISC
MISC hgiga — oaklouds_mailsherlock
  SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. 2019-02-11 not yet calculated CVE-2018-17542
CONFIRM
CONFIRM hiawatha — hiawatha
  In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. 2019-02-16 not yet calculated CVE-2019-8358
CONFIRM ibm — qradar_siem
  IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. 2019-02-15 not yet calculated CVE-2017-1695
XF
CONFIRM ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. 2019-02-15 not yet calculated CVE-2018-1895
CONFIRM
XF ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. 2019-02-15 not yet calculated CVE-2018-1701
XF
CONFIRM ibm — infosphere_information_server
  IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. 2019-02-15 not yet calculated CVE-2018-1727
XF
CONFIRM ibm — rational_clearcase
  IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583. 2019-02-15 not yet calculated CVE-2019-4059
XF
CONFIRM jforum — jforum In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the “create user” function. If a register/check/username?username= request corresponds to a username that exists, then an “is already in use” error is produced. NOTE: this product is discontinued. 2019-02-12 not yet calculated CVE-2019-7550
MISC kunbus — pr100088_modbus_gateway An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. 2019-02-12 not yet calculated CVE-2019-6549
MISC kunbus — pr100088_modbus_gateway Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166). 2019-02-12 not yet calculated CVE-2019-6533
MISC kunbus — pr100088_modbus_gateway PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted. 2019-02-12 not yet calculated CVE-2019-6527
MISC mailmate — mailmate
  MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. 2019-02-11 not yet calculated CVE-2018-15588
MISC mambo — cms
  A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. 2019-02-15 not yet calculated CVE-2013-2565
MISC
MISC micco — lhmelting Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-02-13 not yet calculated CVE-2019-5913
JVN
MISC micco — unarj32.dll Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-02-13 not yet calculated CVE-2019-5912
JVN
MISC micco — unlha32.dll Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-02-13 not yet calculated CVE-2019-5911
JVN
MISC micco — unlha32.dll Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-02-13 not yet calculated CVE-2018-16189
JVN
MISC micco —  unlha32.dll_and_unarj32.dll_and_lhmelting_and_lmlzh32.dll
  Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-02-13 not yet calculated CVE-2018-16190
JVN
MISC
MISC
MISC
MISC micro_focus — solutions_business_manager
  An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. 2019-02-12 not yet calculated CVE-2018-19645
CONFIRM msmtp — msmtp
  In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. 2019-02-13 not yet calculated CVE-2019-8337
CONFIRM multiple_vendors — runc
  runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. 2019-02-11 not yet calculated CVE-2019-5736
BID
REDHAT
REDHAT
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DB
MISC
MISC musicloud — musicloud
  A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). 2019-02-16 not yet calculated CVE-2019-8389
MISC open_source_solution_technology_corporation_and_ogis-ri — openam Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. 2019-02-13 not yet calculated CVE-2019-5915
JVN
MISC
MISC open_source_solution_technology_corporation_and_ogis-ri — openam OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors. 2019-02-13 not yet calculated CVE-2018-0696
JVN
MISC
MISC phpscriptsmall.com — responsive_video_news_script PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. 2019-02-16 not yet calculated CVE-2019-8361
MISC
MISC pmd — pmd
  PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) 2019-02-11 not yet calculated CVE-2019-7722
MISC qualcomm — snapdragon If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660. 2019-02-11 not yet calculated CVE-2018-11855
CONFIRM qualcomm — snapdragon Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016 2019-02-11 not yet calculated CVE-2018-11847
BID
CONFIRM rubygems — fileutils Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. 2019-02-15 not yet calculated CVE-2013-2516
MISC
MISC sap — abap_platform
  SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. 2019-02-15 not yet calculated CVE-2019-0265
BID
MISC
MISC sap — businessobjects
  SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. 2019-02-15 not yet calculated CVE-2019-0259
BID
MISC
MISC sap — disclosure_management
  SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-02-15 not yet calculated CVE-2019-0258
BID
MISC
MISC sap — disclosure_management
  SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 not yet calculated CVE-2019-0254
BID
MISC
MISC sap — fiori_launchpad
  The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 not yet calculated CVE-2019-0251
BID
MISC
MISC sap — hana_extended_application_services
  Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. 2019-02-15 not yet calculated CVE-2019-0266
BID
MISC
MISC sap — hana_extended_application_services
  Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). 2019-02-15 not yet calculated CVE-2019-0261
BID
MISC
MISC sap — manufacturing_integration_and_intelligence
  SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. 2019-02-15 not yet calculated CVE-2019-0267
BID
MISC
MISC sap — netweaver_as_abap_platform
  Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2019-02-15 not yet calculated CVE-2019-0257
BID
MISC
MISC sap — netweaver_as_abap_platform
  SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is ‘Easy Access Menu’. The situation can be misused by any user to leverage privileges to business functionality. 2019-02-15 not yet calculated CVE-2019-0255
BID
MISC
MISC sap — webintelligence_bilaunchpad
  SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-02-15 not yet calculated CVE-2019-0262
BID
MISC
MISC sound_exchange_project — sound_exchange An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. 2019-02-15 not yet calculated CVE-2019-8357
MISC sound_exchange_project — sound_exchange An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. 2019-02-15 not yet calculated CVE-2019-8354
MISC sound_exchange_project — sound_exchange An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. 2019-02-15 not yet calculated CVE-2019-8356
MISC sound_exchange_project — sound_exchange An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. 2019-02-15 not yet calculated CVE-2019-8355
MISC tcpcrypt — boks
  A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. 2019-02-08 not yet calculated CVE-2018-20764
CONFIRM tcpreplay — tcpreplay An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8381
MISC
MISC tcpreplay — tcpreplay An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8377
MISC
MISC tcpreplay — tcpreplay
  An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 2019-02-16 not yet calculated CVE-2019-8376
MISC
MISC themerig — find_a_place_cms_directory Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. 2019-02-16 not yet calculated CVE-2019-8360
MISC tibco — silver_fabric
  The SOAP Admin API component of TIBCO Software Inc.’s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Silver Fabric: versions up to and including 5.8.1. 2019-02-13 not yet calculated CVE-2018-12409
BID
MISC
CONFIRM ua_parser_project — uap_core
  An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.) 2019-02-13 not yet calculated CVE-2018-20164
MISC
MISC
MISC ubiquiti_networks — airmax_and_edgemax
  Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. 2019-02-12 not yet calculated CVE-2017-0938
MISC
MISC
MISC verydows — verydows
  Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. 2019-02-16 not yet calculated CVE-2019-8363
MISC wecon — levistudiou Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to NCCIC. 2019-02-12 not yet calculated CVE-2019-6537
BID
MISC wordpress — wordpress Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. 2019-02-15 not yet calculated CVE-2015-4617
MISC
MISC wordpress — wordpress
  Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables 2019-02-15 not yet calculated CVE-2015-4615
MISC
MISC xerox — workcentre
  An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. 2019-02-10 not yet calculated CVE-2018-20767
CONFIRM xerox — workcentre
  An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. 2019-02-10 not yet calculated CVE-2018-20768
CONFIRM xerox — workcentre
  An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. 2019-02-10 not yet calculated CVE-2018-20769
CONFIRM xerox — workcentre
  An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. 2019-02-10 not yet calculated CVE-2018-20771
CONFIRM xerox — workcentre
  An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. 2019-02-10 not yet calculated CVE-2018-20770
CONFIRM yingzhi — python_programming_language Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone’s storage 2019-02-15 not yet calculated CVE-2013-5654
MISC
MISC yokogawa — multiple_products License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 – R6.06.00), CENTUM VP Entry Class (R5.01.00 – R6.06.00), ProSafe-RS (R3.01.00 – R4.04.00), PRM (R4.01.00 – R4.02.00), B/M9000 VP(R7.01.01 – R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors. 2019-02-13 not yet calculated CVE-2019-5909
MISC
BID
MISC zoho_manageengine — servicedesk_plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. 2019-02-16 not yet calculated CVE-2019-8394
CONFIRM zoho_manageengine — servicedesk_plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. 2019-02-16 not yet calculated CVE-2019-8395
CONFIRM