SB19-077: Vulnerability Summary for the Week of March 11, 2019

1024tools — 1024tools DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the ‘<EMBED SRC=”data:image/svg+xml’ substring. 2019-03-12 4.3 CVE-2019-9736
MISC apache — solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the “shards” parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. 2019-03-08 5.0 CVE-2017-3164
MLIST
BID blog_mini_project — blog_mini In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. 2019-03-14 4.3 CVE-2019-9765
MISC botan_project — botan A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. 2019-03-08 4.3 CVE-2018-20187
MISC
MISC
MISC checkstyle — checkstyle Checkstyle before 8.18 loads external DTDs by default. 2019-03-11 5.0 CVE-2019-9658
MISC
MISC
MISC
MISC chuango — a11_pstn/lcd/rfid_touch_alarm_system_firmware The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. 2019-03-11 6.4 CVE-2019-9659
MISC cisco — enterprise_chat_and_email Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker’s code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected. 2019-03-11 4.3 CVE-2019-1702
BID
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). 2019-03-08 4.6 CVE-2019-1603
BID
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). 2019-03-11 4.6 CVE-2019-1613
BID
CISCO cisco — nx-os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). 2019-03-11 4.6 CVE-2019-1615
BID
CISCO cisco — nx-os A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a). 2019-03-11 5.0 CVE-2019-1616
BID
CISCO cleanersoft — free_mp3_cd_ripper Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file. 2019-03-14 6.8 CVE-2019-9766
EXPLOIT-DB cleanersoft — free_mp3_cd_ripper Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file. 2019-03-14 6.8 CVE-2019-9767
MISC
EXPLOIT-DB cmsmadesimple — cms_made_simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). 2019-03-11 5.0 CVE-2019-9692
MISC
MISC cmsmadesimple — cms_made_simple In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). 2019-03-11 6.5 CVE-2019-9693
MISC
MISC codecrafters — ability_mail_server Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. 2019-03-12 4.3 CVE-2019-9557
MISC cyberark — endpoint_privilege_manager A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. 2019-03-08 6.9 CVE-2019-9627
BID
MISC editor.md_project — editor.md Editor.md 1.5.0 has DOM-based XSS via vectors involving the ‘<EMBED SRC=”data:image/svg+xml’ substring. 2019-03-12 4.3 CVE-2019-9737
MISC esafenet — electronic_document_security_management_system ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. 2019-03-08 5.0 CVE-2019-9632
MISC ffmpeg — ffmpeg In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. 2019-03-12 4.3 CVE-2019-9718
BID
MISC ffmpeg — ffmpeg A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. 2019-03-12 4.3 CVE-2019-9721
BID
MISC gitnoteapp — gitnote gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require(‘child_process’).execFile substring in the onerror attribute of an IMG element. 2019-03-14 6.8 CVE-2019-9785
MISC
MISC gnome — glib gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). 2019-03-08 4.3 CVE-2019-9633
BID
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. 2019-03-14 5.0 CVE-2019-9770
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. 2019-03-14 5.0 CVE-2019-9771
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. 2019-03-14 5.0 CVE-2019-9772
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. 2019-03-14 5.0 CVE-2019-9773
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. 2019-03-14 6.4 CVE-2019-9774
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. 2019-03-14 6.4 CVE-2019-9775
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). 2019-03-14 5.0 CVE-2019-9776
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. 2019-03-14 5.0 CVE-2019-9777
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. 2019-03-14 5.0 CVE-2019-9778
MISC
MISC gnu — libredwg An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). 2019-03-14 5.0 CVE-2019-9779
MISC
MISC golang — go An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. 2019-03-13 4.3 CVE-2019-9741
MISC golangtc — gopher jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the ‘<EMBED SRC=”data:image/svg+xml’ substring. 2019-03-12 4.3 CVE-2019-9738
MISC gpsd_project — gpsd gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. 2019-03-13 5.8 CVE-2018-17937
BID
MISC ibm — api_connect IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148. 2019-03-11 4.0 CVE-2018-2009
BID
XF
CONFIRM ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858. 2019-03-11 4.6 CVE-2018-1922
BID
XF
CONFIRM ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859. 2019-03-11 4.6 CVE-2018-1923
BID
XF
CONFIRM ibm — rational_engineering_lifecycle_manager IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120. 2019-03-14 4.0 CVE-2018-1929
CONFIRM
XF ibm — sdk IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. 2019-03-11 4.6 CVE-2018-1890
XF
CONFIRM
CONFIRM
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. 2019-03-11 4.0 CVE-2018-1902
BID
XF
CONFIRM ibm — websphere_mq IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. 2019-03-11 6.0 CVE-2018-1974
XF
CONFIRM ichain — insurance_wallet Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2019-03-12 5.0 CVE-2019-5923
JVN
MISC intel — converged_security_management_engine_firmware Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access. 2019-03-14 4.6 CVE-2018-12185
CONFIRM intel — converged_security_management_engine_firmware Insufficient input validation in Intel CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially execute arbitrary code via local access. 2019-03-14 4.6 CVE-2018-12190
CONFIRM intel — converged_security_management_engine_firmware Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access. 2019-03-14 4.6 CVE-2018-12196
CONFIRM intel — converged_security_management_engine_firmware Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. 2019-03-14 4.6 CVE-2018-12208
CONFIRM intel — graphics_driver Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access. 2019-03-14 4.6 CVE-2018-12221
CONFIRM intel — graphics_driver Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access. 2019-03-14 4.6 CVE-2018-12223
CONFIRM intel — rapid_storage_technology_enterprise Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-03-14 4.6 CVE-2019-0135
CONFIRM intel — usb_3.0_creator_utility Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-03-14 4.6 CVE-2019-0129
CONFIRM iotivity — iotivity In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a “4.01 Unauthorized” response is mishandled. NOTE: the vendor states “While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite.” 2019-03-13 6.4 CVE-2019-9750
MISC jenkins — appdynamics An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. 2019-03-08 4.0 CVE-2019-1003039
CONFIRM jenkins — azure_vm_agents An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the ‘verify configuration’ form validation action, thereby obtaining limited information about the Azure configuration. 2019-03-08 4.0 CVE-2019-1003035
CONFIRM jenkins — azure_vm_agents A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. 2019-03-08 4.0 CVE-2019-1003036
CONFIRM jenkins — azure_vm_agents An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2019-03-08 4.0 CVE-2019-1003037
CONFIRM jenkins — email_extension A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003032
CONFIRM jenkins — groovy A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003033
CONFIRM jenkins — job_dsl A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003034
CONFIRM jenkins — matrix_project A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003031
CONFIRM jenkins — pipeline:_groovy A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003030
CONFIRM jenkins — script_security A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. 2019-03-08 6.5 CVE-2019-1003029
CONFIRM joomla — joomla! An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. 2019-03-12 4.3 CVE-2019-9711
BID
MISC joomla — joomla! An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. 2019-03-12 4.3 CVE-2019-9712
BID
MISC joomla — joomla! An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. 2019-03-12 5.0 CVE-2019-9713
BID
MISC joomla — joomla! An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. 2019-03-12 4.3 CVE-2019-9714
BID
MISC jtbc — jtbc_php An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in “inc.php” can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring. 2019-03-11 6.4 CVE-2019-9662
MISC kartatopia — piluscart PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. 2019-03-14 6.8 CVE-2019-9769
EXPLOIT-DB korenix — jetport_web_manager The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. 2019-03-12 4.3 CVE-2019-9725
MISC lexmark — cx725h_firmware On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server’s hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. 2019-03-12 4.0 CVE-2018-17944
CONFIRM libofx_project — libofx An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. 2019-03-11 6.8 CVE-2019-9656
MISC
MISC maccms — maccms Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates. 2019-03-14 6.5 CVE-2019-9829
MISC mailtraq — webmail Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. 2019-03-12 4.3 CVE-2019-9558
MISC microsoft — teams Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-03-12 6.8 CVE-2019-5922
JVN
BID microsoft — windows_7 Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-03-12 6.8 CVE-2019-5921
JVN
BID nablarch_project — nablarch An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors. 2019-03-12 6.4 CVE-2019-5919
JVN
MISC ncrafts — formcraft Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. 2019-03-12 6.8 CVE-2019-5920
JVN
MISC
MISC openstack — neutron An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn’t support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it’s applied. (Only deployments using the iptables security group driver are affected.) 2019-03-12 4.0 CVE-2019-9735
BID
MISC openwsman_project — openwsman Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. 2019-03-14 5.0 CVE-2019-3816
CONFIRM
BID
CONFIRM openwsman_project — openwsman Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. 2019-03-14 5.0 CVE-2019-3833
CONFIRM
BID
CONFIRM php — php An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. 2019-03-08 5.0 CVE-2019-9637
MISC
DEBIAN php — php ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: “This issue allows theoretical compromise of security, but a practical attack is usually impossible.” 2019-03-11 6.8 CVE-2019-9675
MISC
MISC phpshe — phpshe An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php. 2019-03-13 5.0 CVE-2019-9761
MISC pixar — renderman A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw. 2019-03-08 4.9 CVE-2018-4055
MISC python — python Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. 2019-03-08 5.0 CVE-2019-9636
BID
MISC
MISC
MISC python — python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. 2019-03-12 4.3 CVE-2019-9740
MISC rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. 2019-03-15 5.0 CVE-2018-20174
MISC
CONFIRM rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). 2019-03-15 5.0 CVE-2018-20175
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). 2019-03-15 5.0 CVE-2018-20176
MISC
CONFIRM rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). 2019-03-15 5.0 CVE-2018-20178
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN rednao — smart_forms Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. 2019-03-12 6.8 CVE-2019-5924
JVN
MISC sap — advanced_business_application_programming_platform_kernel ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. 2019-03-12 6.5 CVE-2019-0270
BID
MISC
MISC sap — banking_services_from_sap Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. 2019-03-12 6.5 CVE-2019-0276
BID
MISC
MISC sap — businessobjects_business_intelligence SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. 2019-03-12 5.5 CVE-2019-0268
BID
MISC
MISC sap — hana_extended_application_services SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). 2019-03-12 5.5 CVE-2019-0277
BID
MISC
MISC sap — mobile_platform_sdk SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later. 2019-03-12 5.0 CVE-2019-0274
BID
MISC
MISC sdcms — sdcms There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. 2019-03-10 6.8 CVE-2019-9652
MISC sftnow — sftnow sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. 2019-03-11 6.8 CVE-2019-9688
MISC stackstorm — stackstorm In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a “null” origin value, potentially leading to XSS. 2019-03-08 4.3 CVE-2019-9580
MISC
MISC
MISC thinkst — canarytokens Thinkst Canarytokens through 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token. 2019-03-14 5.0 CVE-2019-9768
MISC tinycc — tinycc An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c. 2019-03-13 4.3 CVE-2019-9754
MISC tinysvcmdns_project — tinysvcmdns In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product’s web site states “This project is un-maintained, and has been since 2013. … There are known vulnerabilities … You are advised to NOT use this library for any new projects / products.” 2019-03-13 5.0 CVE-2019-9747
MISC treasuredata — fluent_bit An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin’s mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. 2019-03-13 5.0 CVE-2019-9749
MISC webmproject — libwebm In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. 2019-03-13 5.0 CVE-2019-9746
MISC
MISC wordpress — wordpress WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. 2019-03-14 6.8 CVE-2019-9787
BID
MISC
MISC
MISC
MISC