SB19-105: Vulnerability Summary for the Week of April 8, 2019

advantech — webaccess Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. 2019-04-09 6.4 CVE-2019-3941
BID
MISC advantech — webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. 2019-04-05 5.0 CVE-2019-6554
MISC airsonic_project — airsonic Airsonic 10.2.1 uses Spring’s default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users. 2019-04-07 5.0 CVE-2019-10907
MISC apache — airflow A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. 2019-04-10 6.8 CVE-2019-0229
MLIST
BID
MISC apache — http_server In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. 2019-04-08 6.0 CVE-2019-0215
MLIST
BID
MISC
MLIST
FEDORA
FEDORA
CONFIRM apache — http_server In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. 2019-04-08 6.0 CVE-2019-0217
SUSE
MLIST
BID
MISC
MISC
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
UBUNTU
UBUNTU
DEBIAN apache — tomcat The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API’s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. 2019-04-10 5.0 CVE-2019-0199
MISC autodesk — advance_steel An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution. 2019-04-09 6.8 CVE-2019-7358
MISC autodesk — advance_steel An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution. 2019-04-09 6.8 CVE-2019-7359
MISC autodesk — advance_steel An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution. 2019-04-09 6.8 CVE-2019-7360
MISC autodesk — advance_steel An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. 2019-04-09 6.8 CVE-2019-7361
MISC aveva — wonderware_system_platform AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. 2019-04-11 4.0 CVE-2019-6525
MISC
CONFIRM bolt — bolt Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. 2019-04-05 6.8 CVE-2019-10874
MISC
MISC
MISC
EXPLOIT-DB cantemo — portal Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. 2019-04-10 6.0 CVE-2019-7551
CONFIRM
CONFIRM
MISC
MISC checkpoint — ipsec_vpn Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. 2019-04-09 4.3 CVE-2019-8456
MISC clamav — clamav A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. 2019-04-08 6.8 CVE-2019-1785
MISC
GENTOO clamav — clamav A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. 2019-04-08 4.3 CVE-2019-1786
MISC
MISC
GENTOO clamav — clamav A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. 2019-04-08 4.3 CVE-2019-1787
MISC
GENTOO clamav — clamav A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device. 2019-04-08 4.3 CVE-2019-1788
MISC
GENTOO clamav — clamav A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. 2019-04-08 4.3 CVE-2019-1798
MISC
GENTOO claws-mail — mail In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. 2019-04-07 4.3 CVE-2019-10735
MISC cmsmadesimple — cms_made_simple An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. 2019-04-11 6.5 CVE-2019-9056
CONFIRM
CONFIRM ctolog — thinkadmin application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator’s cookie-based credentials after a password change. 2019-04-08 5.0 CVE-2019-11018
MISC cyberark — endpoint_privilege_manager CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. 2019-04-09 4.6 CVE-2018-14894
MISC
MISC
EXPLOIT-DB
MISC dasannetworks — h660rm_firmware diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. 2019-04-11 6.4 CVE-2019-9974
MISC
MISC
BUGTRAQ dasannetworks — h660rm_firmware DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. 2019-04-11 5.0 CVE-2019-9975
MISC
MISC
BUGTRAQ dasannetworks — h660rm_firmware The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. 2019-04-11 4.0 CVE-2019-9976
MISC eclipse — kura In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. 2019-04-09 5.0 CVE-2019-10242
BID
CONFIRM eclipse — kura In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura. 2019-04-09 5.0 CVE-2019-10243
BID
CONFIRM eclipse — kura In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation. 2019-04-09 5.0 CVE-2019-10244
BID
CONFIRM elgg — elgg Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. 2019-04-08 5.8 CVE-2019-11016
MISC
MISC
MISC fastadmin — fastadmin FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. 2019-04-10 6.0 CVE-2019-11077
MISC fedoraproject — fedora simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. 2019-04-08 4.3 CVE-2019-9844
MISC
FEDORA
MISC fortinet — fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. 2019-04-09 5.0 CVE-2018-13366
CONFIRM freedesktop — poppler An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. 2019-04-05 4.3 CVE-2019-10871
BID
MISC freedesktop — poppler An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. 2019-04-05 6.8 CVE-2019-10872
BID
MISC freedesktop — poppler An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. 2019-04-05 4.3 CVE-2019-10873
BID
MISC freedesktop — poppler FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. 2019-04-08 4.3 CVE-2019-11026
MISC
MISC gemalto — sentinel_ultrapro_client_library The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. 2019-04-11 6.8 CVE-2019-6534
MISC
MISC
MISC
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). 2019-04-11 4.3 CVE-2019-6796
MISC
MISC
MISC
MISC graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. 2019-04-08 6.4 CVE-2019-11006
MISC
MISC graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. 2019-04-08 5.8 CVE-2019-11007
MISC
MISC
MISC graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. 2019-04-08 6.8 CVE-2019-11008
MISC
MISC graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. 2019-04-08 5.8 CVE-2019-11009
MISC
MISC graphicsmagick — graphicsmagick In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. 2019-04-08 4.3 CVE-2019-11010
MISC
MISC graphviz — graphviz The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. 2019-04-08 6.8 CVE-2019-11023
MISC
MISC ibm — api_connect Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542. 2019-04-08 5.0 CVE-2019-4051
BID
XF
CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. 2019-04-08 5.0 CVE-2018-1885
BID
XF
CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. 2019-04-08 4.0 CVE-2018-1997
XF
CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. 2019-04-08 4.0 CVE-2018-1999
XF
CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. 2019-04-08 6.8 CVE-2018-2000
BID
XF
CONFIRM ibm — business_automation_workflow IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. 2019-04-08 4.0 CVE-2019-4045
XF
CONFIRM ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. 2019-04-08 5.5 CVE-2019-4210
BID
XF
CONFIRM isc — bind A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. 2019-04-09 5.0 CVE-2017-3139
CONFIRM
CONFIRM ivanti — workspace_control An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context. 2019-04-05 4.6 CVE-2019-10885
MISC jenkins — jenkins Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. 2019-04-10 6.8 CVE-2019-1003049
MISC joomla — joomla! An issue was discovered in Joomla! before 3.9.5. The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users. 2019-04-10 5.0 CVE-2019-10946
MISC juniper — junos Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. 2019-04-10 5.0 CVE-2019-0031
BID
CONFIRM juniper — junos A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series. 2019-04-10 5.0 CVE-2019-0033
BID
CONFIRM juniper — junos Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data. Configuration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical ‘set’ operations on the device. These APIs need the client to be authenticated for which the username/password can be used. Successful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network Agent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R1-S3. This issue does not affect Junos OS releases prior to 16.1. 2019-04-10 5.8 CVE-2019-0034
BID
CONFIRM
MISC
MISC
MISC juniper — junos If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1. 2019-04-10 4.3 CVE-2019-0039
CONFIRM juniper — junos On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. 2019-04-10 5.0 CVE-2019-0041
CONFIRM juniper — junos Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160. 2019-04-10 5.0 CVE-2019-0044
BID
CONFIRM k-9_mail_project — k-9_mail K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states “We don’t plan to take any action because of this.” 2019-04-07 4.3 CVE-2019-10741
MISC kde — kmail In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. 2019-04-07 4.3 CVE-2019-10732
MISC kmplayer — kmplayer When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn’t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. 2019-04-09 4.3 CVE-2019-9133
MISC libsixel_project — libsixel The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. 2019-04-08 4.3 CVE-2019-11024
MISC
MISC linux — linux_kernel The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. 2019-04-11 4.7 CVE-2019-11190
BID
MISC
MISC
MISC
MISC linux — linux_kernel The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. 2019-04-11 4.7 CVE-2019-11191
BID
MISC
MISC linux — linux_kernel It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption. 2019-04-11 4.9 CVE-2019-3837
CONFIRM linux — linux_kernel A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0’s APIC register values via L2 guest, when ‘virtualize x2APIC mode’ is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. 2019-04-09 4.7 CVE-2019-3887
BID
CONFIRM materializecss — materialize In Materialize through 1.0.0, XSS is possible via the Tooltip feature. 2019-04-08 4.3 CVE-2019-11002
MISC materializecss — materialize In Materialize through 1.0.0, XSS is possible via the Autocomplete feature. 2019-04-08 4.3 CVE-2019-11003
MISC materializecss — materialize In Materialize through 1.0.0, XSS is possible via the Toast feature. 2019-04-08 4.3 CVE-2019-11004
MISC mi — mi_browser A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the “q” query parameter. The portion of an https URL before the ?q= substring is not shown to the user. 2019-04-05 4.3 CVE-2019-10875
MISC
MISC
MISC microsoft — .net_core_sdk A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package’s folder structure, aka ‘NuGet Package Manager Tampering Vulnerability’. 2019-04-08 4.0 CVE-2019-0757
CONFIRM microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. 2019-04-09 5.0 CVE-2019-0815
BID
MISC microsoft — azure_devops_server_2019 A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Spoofing Vulnerability’. 2019-04-09 4.3 CVE-2019-0857
BID
MISC microsoft — azure_devops_server_2019 A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka ‘Azure DevOps Server HTML Injection Vulnerability’. 2019-04-09 4.3 CVE-2019-0869
BID
MISC microsoft — azure_devops_server_2019 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Cross-site Scripting Vulnerability’. 2019-04-09 4.3 CVE-2019-0874
BID
MISC microsoft — azure_devops_server_2019 An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka ‘Azure DevOps Server Elevation of Privilege Vulnerability’. 2019-04-09 5.0 CVE-2019-0875
MISC microsoft — chakracore An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka ‘Scripting Engine Information Disclosure Vulnerability’. 2019-04-08 4.3 CVE-2019-0746
CONFIRM microsoft — edge An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’. 2019-04-08 4.0 CVE-2019-0678
CONFIRM microsoft — edge A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka ‘Microsoft Browsers Security Feature Bypass Vulnerability’. 2019-04-08 4.3 CVE-2019-0762
CONFIRM microsoft — edge A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka ‘Microsoft Browsers Tampering Vulnerability’. 2019-04-09 4.3 CVE-2019-0764
BID
MISC microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ‘Microsoft Edge Information Disclosure Vulnerability’. 2019-04-09 4.3 CVE-2019-0833
BID
MISC microsoft — exchange_server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka ‘Microsoft Exchange Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0858. 2019-04-09 5.8 CVE-2019-0817
MISC microsoft — exchange_server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka ‘Microsoft Exchange Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0817. 2019-04-09 4.3 CVE-2019-0858
MISC microsoft — internet_explorer A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0768. 2019-04-08 4.3 CVE-2019-0761
CONFIRM microsoft — internet_explorer A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0761. 2019-04-08 4.3 CVE-2019-0768
CONFIRM microsoft — internet_explorer An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka ‘Microsoft Scripting Engine Information Disclosure Vulnerability’. 2019-04-09 4.3 CVE-2019-0835
MISC microsoft — lync_server A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka ‘Skype for Business and Lync Spoofing Vulnerability’. 2019-04-08 4.3 CVE-2019-0798
CONFIRM microsoft — office A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka ‘Office Remote Code Execution Vulnerability’. 2019-04-09 6.8 CVE-2019-0801
MISC microsoft — office A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. 2019-04-09 6.8 CVE-2019-0823
MISC microsoft — office A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. 2019-04-09 6.8 CVE-2019-0824
MISC microsoft — office A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827. 2019-04-09 6.8 CVE-2019-0825
MISC microsoft — office A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827. 2019-04-09 6.8 CVE-2019-0826
MISC microsoft — office A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826. 2019-04-09 6.8 CVE-2019-0827
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. 2019-04-09 4.3 CVE-2019-0866
BID
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. 2019-04-09 4.3 CVE-2019-0867
BID
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. 2019-04-09 4.3 CVE-2019-0868
BID
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. 2019-04-09 4.3 CVE-2019-0870
BID
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870. 2019-04-09 4.3 CVE-2019-0871
BID
MISC microsoft — visual_studio_2017 A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka ‘Visual Studio Remote Code Execution Vulnerability’. 2019-04-08 6.8 CVE-2019-0809
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0774. 2019-04-08 4.3 CVE-2019-0614
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. 2019-04-08 4.6 CVE-2019-0682
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka ‘Windows TCP/IP Information Disclosure Vulnerability’. 2019-04-09 5.0 CVE-2019-0688
MISC microsoft — windows_10 An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. 2019-04-08 4.6 CVE-2019-0689
CONFIRM microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701. 2019-04-08 5.5 CVE-2019-0690
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694. 2019-04-08 4.6 CVE-2019-0692
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694. 2019-04-08 4.6 CVE-2019-0693
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693. 2019-04-08 4.6 CVE-2019-0694
CONFIRM microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701. 2019-04-08 5.5 CVE-2019-0695
CONFIRM microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695. 2019-04-08 5.5 CVE-2019-0701
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. 2019-04-08 4.0 CVE-2019-0703
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821. 2019-04-08 4.0 CVE-2019-0704
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. 2019-04-09 4.6 CVE-2019-0730
MISC microsoft — windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. 2019-04-09 4.6 CVE-2019-0731
MISC microsoft — windows_10 A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Security Feature Bypass Vulnerability’. 2019-04-09 4.6 CVE-2019-0732
MISC microsoft — windows_10 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. 2019-04-08 4.9 CVE-2019-0754
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0614. 2019-04-08 4.3 CVE-2019-0774
CONFIRM microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0849. 2019-04-09 4.3 CVE-2019-0802
MISC microsoft — windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841. 2019-04-09 4.6 CVE-2019-0805
MISC microsoft — windows_10 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704. 2019-04-08 4.0 CVE-2019-0821
CONFIRM microsoft — windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841. 2019-04-09 4.6 CVE-2019-0836
BID
MISC microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0802. 2019-04-09 4.3 CVE-2019-0849
MISC microsoft — windows_7 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka ‘Active Directory Elevation of Privilege Vulnerability’. 2019-04-08 4.3 CVE-2019-0683
CONFIRM mkcms_project — mkcms MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. 2019-04-10 6.8 CVE-2019-11078
MISC mybb — mybb A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the ‘upsetting[bburl]’ parameter. 2019-04-11 4.3 CVE-2018-19202
CONFIRM
CONFIRM nvidia — jetson_tx1 NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3. 2019-04-11 6.4 CVE-2019-5672
CONFIRM odoo — odoo Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request. 2019-04-09 4.0 CVE-2018-15631
MISC odoo — odoo Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name. 2019-04-09 4.3 CVE-2018-15635
MISC omron — common_components When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. 2019-04-10 6.8 CVE-2019-6556
MISC openstack — neutron An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. 2019-04-05 4.0 CVE-2019-10876
MLIST
MISC
MISC
CONFIRM paessler — prtg PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. 2019-04-10 4.3 CVE-2018-14683
CONFIRM pivotal_software — spring_security Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. 2019-04-09 5.0 CVE-2019-3795
BID
CONFIRM rancher — rancher In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. 2019-04-10 6.5 CVE-2019-6287
CONFIRM
CONFIRM redhat — gluster_storage A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. 2019-04-09 5.5 CVE-2019-3880
SUSE
MISC
CONFIRM
MLIST
CONFIRM
MISC redhat — satellite A lack of access control was found in the message queues maintained by Satellite’s QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. 2019-04-11 5.2 CVE-2019-3845
CONFIRM redhat — satellite In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the “delete_compute_resource” permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. 2019-04-09 4.0 CVE-2019-3893
BID
CONFIRM
MISC
MISC roundcube — webmail In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. 2019-04-07 4.3 CVE-2019-10740
MISC roundup-tracker — roundup Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. 2019-04-06 4.3 CVE-2019-10904
MLIST
MISC
MISC
MLIST
MISC salicru — slc-20-cube3(5) A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request. 2019-04-05 4.3 CVE-2019-10887
MISC
MISC
EXPLOIT-DB sap — business_application_software_integrated_solution ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. 2019-04-10 6.5 CVE-2019-0279
CONFIRM
CONFIRM sap — crystal_reports The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. 2019-04-10 5.0 CVE-2019-0285
CONFIRM
CONFIRM sap — netweaver_process_integration Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. 2019-04-10 4.0 CVE-2019-0278
CONFIRM
CONFIRM sap — netweaver_process_integration Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. 2019-04-10 5.0 CVE-2019-0282
CONFIRM
CONFIRM sap — netweaver_process_integration SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document. 2019-04-10 5.5 CVE-2019-0283
CONFIRM
CONFIRM search-guard — search_guard The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. 2019-04-09 4.3 CVE-2018-20698
CONFIRM
CONFIRM spip — spip SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. 2019-04-10 6.5 CVE-2019-11071
MISC
MISC
MISC
MISC symantec — endpoint_encryption Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-04-10 4.6 CVE-2019-9694
CONFIRM symantec — vip_enterprise_gateway Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. 2019-04-09 4.3 CVE-2019-9696
BID
CONFIRM systemd_project — systemd In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the “allow_active” element rather than “allow_any”. 2019-04-09 4.4 CVE-2019-3842
CONFIRM
FEDORA tibco — activematrix_businessworks The HTTP Connector component of TIBCO Software Inc.’s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP “Basic Authentication” policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2. 2019-04-09 6.8 CVE-2019-8990
BID
MISC
MISC trendmicro — apex_one A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product’s management console. 2019-04-05 5.0 CVE-2019-9489
CONFIRM
CONFIRM trendmicro — interscan_web_security_virtual_appliance A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. 2019-04-05 4.0 CVE-2019-9490
BID
CONFIRM trojita_project — trojita In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. 2019-04-07 4.3 CVE-2019-10734
MISC uipath — orchestrator UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. 2019-04-11 6.5 CVE-2018-17305
CONFIRM ukcms — ukcms A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html. 2019-04-05 6.8 CVE-2019-10888
MISC uniqkey — password_manager An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id=”uniqkey-password-popup” and password-popup/popup.html. 2019-04-08 4.3 CVE-2019-10676
MISC
MISC
MISC
MISC uniqkey — password_manager An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn’t registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id=”uniqkey-password-popup” and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676. 2019-04-08 4.3 CVE-2019-10845
MISC
FULLDISC
MISC uniqkey — password_manager Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. 2019-04-05 4.3 CVE-2019-10884
MISC verizon — fios_quantum_gateway_g1100_firmware Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. 2019-04-11 5.4 CVE-2019-3915
BID
MISC verizon — fios_quantum_gateway_g1100_firmware Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). 2019-04-11 5.0 CVE-2019-3916
MISC webkitgtk — webkitgtk WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. 2019-04-10 5.0 CVE-2019-11070
MISC
MLIST
MISC
BUGTRAQ
MISC winmagic — securedoc_disk_encryption WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search Path or Element. 2019-04-08 4.6 CVE-2018-20341
CONFIRM wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. 2019-04-09 5.0 CVE-2019-10894
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. 2019-04-09 5.0 CVE-2019-10895
BID
MISC
MISC
MISC
MISC
MISC wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. 2019-04-09 5.0 CVE-2019-10896
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. 2019-04-09 5.0 CVE-2019-10897
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. 2019-04-09 5.0 CVE-2019-10898
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. 2019-04-09 5.0 CVE-2019-10899
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. 2019-04-09 5.0 CVE-2019-10900
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. 2019-04-09 5.0 CVE-2019-10901
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. 2019-04-09 5.0 CVE-2019-10902
BID
MISC
MISC
MISC wireshark — wireshark In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. 2019-04-09 5.0 CVE-2019-10903
BID
MISC
MISC
MISC wpape — ape_gallery The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function. 2019-04-09 4.3 CVE-2019-6117
MISC xmltooling_project — xmltooling The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. 2019-04-11 5.0 CVE-2019-9628
MISC
MISC
UBUNTU
MISC zarafa — webaccess Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead. 2019-04-11 4.3 CVE-2019-7219
MISC
MISC zyxel — nas326_firmware A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. 2019-04-09 4.0 CVE-2019-10630
MISC zyxel — nas326_firmware Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. 2019-04-09 6.5 CVE-2019-10631
MISC zyxel — nas326_firmware A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user’s files. 2019-04-09 4.0 CVE-2019-10632
MISC zyxel — nas326_firmware An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. 2019-04-09 6.5 CVE-2019-10633
MISC