SB19-126: Vulnerability Summary for the Week of April 29, 2019

aikcms — aikcms An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET[‘del’], as demonstrated by an admin/page/system/nav.php?del= URI. 2019-04-27 6.5 CVE-2019-11567
MISC aikcms — aikcms An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type. 2019-04-27 6.8 CVE-2019-11568
MISC anomali — agave Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system. 2019-05-01 5.0 CVE-2019-11641
MISC apache — archiva In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. 2019-04-30 5.5 CVE-2019-0213
MISC
MISC
MLIST
BID
MLIST
MLIST
MLIST
MLIST
BUGTRAQ apache — archiva In Apache Archiva 2.0.0 – 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file. 2019-04-30 5.5 CVE-2019-0214
CONFIRM
MISC
MLIST
BID
MLIST
MLIST
MLIST
MLIST
BUGTRAQ apache — axis A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. 2019-05-01 5.4 CVE-2019-0227
MISC apache — camel Apache Camel’s File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. 2019-04-30 5.0 CVE-2019-0194
MLIST
MLIST
MLIST
MISC
MLIST apache — pluto The input fields of the Apache Pluto “Chat Room” demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file – or – * migrate to version 3.1.0 of the chat-room-demo war file 2019-04-26 4.3 CVE-2019-0186
MLIST
MISC
BID
MLIST
MISC
EXPLOIT-DB
MLIST apache — unstructured_information_management_architecture_distributed_uima_cluster_computing This vulnerability relates to the user’s browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user’s browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. 2019-05-01 4.3 CVE-2018-8035
CONFIRM atlassian — jira The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. 2019-05-03 4.3 CVE-2018-20824
MISC atlassian — jira The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. 2019-04-30 5.0 CVE-2019-3399
MISC atlassian — jira The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. 2019-05-03 4.3 CVE-2019-3400
MISC bpcbt — smartvista BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. 2019-04-30 6.8 CVE-2018-15206
MISC bpcbt — smartvista BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. 2019-04-30 6.5 CVE-2018-15207
MISC bpcbt — smartvista BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. 2019-04-30 5.1 CVE-2018-15208
MISC buffalo — open_xdmod An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. 2019-05-02 4.3 CVE-2018-16960
MISC buffalo — open_xdmod An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. 2019-05-02 5.0 CVE-2018-16961
MISC buffalo — open_xdmod An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. 2019-05-02 5.0 CVE-2018-16988
MISC cisco — hx220c_af_m5_firmware A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. 2019-05-03 6.8 CVE-2019-1857
CISCO cisco — network_registrar A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-05-03 4.3 CVE-2019-1852
CISCO cisco — prime_collaboration_assurance A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external devices to the web-based management interface of an affected PCA device. An attacker in control of devices integrated with an affected PCA device could exploit this vulnerability by using crafted data in certain fields of the controlled devices. A successful exploit could allow the attacker to execute arbitrary script code in the context of the PCA web-based management interface or allow the attacker to access sensitive browser-based information. 2019-05-03 4.3 CVE-2019-1856
BID
CISCO cisco — telepresence_video_communication_server A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface. 2019-05-03 4.0 CVE-2019-1854
CISCO crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user’s password and gain access to restricted areas on the HTTP interface. 2019-04-30 5.0 CVE-2019-3927
MISC crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. 2019-04-30 5.0 CVE-2019-3928
MISC crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. 2019-04-30 5.0 CVE-2019-3933
MISC crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. 2019-04-30 5.0 CVE-2019-3934
MISC crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. 2019-04-30 6.4 CVE-2019-3935
MISC crestron — am-100_firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a “stopped” state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. 2019-04-30 5.0 CVE-2019-3936
MISC dhcpcd_project — dhcpcd auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. 2019-04-28 4.3 CVE-2019-11578
BID
MISC
MISC
MISC
MISC dhcpcd_project — dhcpcd dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. 2019-04-28 5.0 CVE-2019-11579
BID
MISC
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2019-04-30 5.0 CVE-2019-11606
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2019-04-30 5.0 CVE-2019-11607
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. 2019-04-30 6.4 CVE-2019-11608
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. 2019-04-30 6.4 CVE-2019-11609
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2019-04-30 5.0 CVE-2019-11610
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. 2019-04-30 5.0 CVE-2019-11611
MISC doorgets — doorgets_cms doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files. 2019-04-30 6.4 CVE-2019-11612
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information. 2019-04-30 4.0 CVE-2019-11613
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information. 2019-04-30 5.0 CVE-2019-11614
MISC doorgets — doorgets_cms /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. 2019-04-30 6.5 CVE-2019-11615
MISC doorgets — doorgets_cms doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password. 2019-04-30 5.0 CVE-2019-11616
MISC doorgets — doorgets_cms doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for “Google Analytics code” modification. 2019-04-30 6.8 CVE-2019-11617
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information. 2019-04-30 4.0 CVE-2019-11619
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre. 2019-04-30 4.0 CVE-2019-11620
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information. 2019-04-30 4.0 CVE-2019-11621
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre. 2019-04-30 4.0 CVE-2019-11622
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability to obtain database sensitive information. 2019-04-30 4.0 CVE-2019-11623
MISC doorgets — doorgets_cms doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. 2019-04-30 5.5 CVE-2019-11624
MISC doorgets — doorgets_cms doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information. 2019-04-30 4.0 CVE-2019-11625
MISC doorgets — doorgets_cms routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. 2019-04-30 5.0 CVE-2019-11626
MISC esotalk — esotalk esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. 2019-04-29 4.3 CVE-2015-9285
MISC
MISC facebook — fizz An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. 2019-04-29 5.0 CVE-2019-3560
MISC freedesktop — systemd It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. 2019-04-26 4.6 CVE-2019-3843
BID
CONFIRM
FEDORA freedesktop — systemd It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled. 2019-04-26 4.6 CVE-2019-3844
BID
CONFIRM gnu — recutils An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. 2019-05-01 4.3 CVE-2019-11637
MISC
MISC gnu — recutils An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. 2019-05-01 4.3 CVE-2019-11638
MISC
MISC gnu — recutils An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. 2019-05-01 6.8 CVE-2019-11639
MISC
MISC gnu — recutils An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. 2019-05-01 6.8 CVE-2019-11640
MISC
MISC groonga — groonga-httpd The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server. 2019-05-02 6.9 CVE-2019-11675
MISC honeypress_project — honeypress HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. This allows attackers to discover and avoid this honeypot system. 2019-05-01 5.0 CVE-2019-11633
MISC ibm — api_connect IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. 2019-04-29 5.0 CVE-2018-2007
CONFIRM
XF ibm — api_connect IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195. 2019-05-02 4.3 CVE-2018-2015
BID
XF
CONFIRM ibm — emptoris_contract_management IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657. 2019-04-29 5.0 CVE-2018-1961
XF
CONFIRM ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. 2019-04-29 4.0 CVE-2019-4047
BID
XF
CONFIRM ibm — rational_engineering_lifecycle_manager IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. 2019-05-01 5.0 CVE-2018-1608
XF
CONFIRM ibm — storediq IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. 2019-04-30 5.8 CVE-2019-4166
CONFIRM
BID
XF ilnkp2p_project — ilnkp2p The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices. 2019-04-26 6.4 CVE-2019-11219
MISC ilnkp2p_project — ilnkp2p An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. 2019-04-26 4.3 CVE-2019-11220
MISC imagemagick — imagemagick In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. 2019-04-29 5.8 CVE-2019-11597
BID
MISC imagemagick — imagemagick In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. 2019-04-29 5.8 CVE-2019-11598
BID
MISC infinitumit — directadmin The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. 2019-04-30 6.8 CVE-2019-11193
MISC
MISC
EXPLOIT-DB iobit — malware_fighter IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls. 2019-04-30 5.5 CVE-2019-6494
MISC jenkins — ansible_tower A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins 2019-04-30 6.8 CVE-2019-10310
MLIST
MISC jenkins — ansible_tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-04-30 4.0 CVE-2019-10311
MLIST
MISC jenkins — ansible_tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. 2019-04-30 4.0 CVE-2019-10312
MLIST
MISC jenkins — aqua_microscanner Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-04-30 4.0 CVE-2019-10316
MLIST
MISC jenkins — azure_ad Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. 2019-04-30 4.0 CVE-2019-10318
MLIST
MISC jenkins — github_authentication Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. 2019-04-30 6.8 CVE-2019-10315
MLIST
MISC jenkins — koji Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. 2019-04-30 4.3 CVE-2019-10314
MLIST
MISC jenkins — self-organizing_swarm_modules Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. 2019-04-30 4.8 CVE-2019-10309
MLIST
MISC jenkins — sitemonitor Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. 2019-04-30 4.3 CVE-2019-10317
MLIST
MISC jenkins — static_analysis_utilities A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. 2019-04-30 4.3 CVE-2019-10307
MLIST
MISC jenkins — static_analysis_utilities A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. 2019-04-30 4.0 CVE-2019-10308
MLIST
MISC jenkins — twitter Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-04-30 4.0 CVE-2019-10313
MLIST
MISC linux — linux_kernel The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. 2019-04-29 6.9 CVE-2019-11599
MISC
MLIST
MLIST
MLIST
BID
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DB memcached — memcached In memcached before 1.5.14, a NULL pointer dereference was found in the “lru mode” and “lru temp_ttl” commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. 2019-04-29 5.0 CVE-2019-11596
MISC
MISC
MISC
UBUNTU microfocus — network_automation A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. 2019-04-29 6.5 CVE-2019-3493
CONFIRM moodle — moodle Moodle 3.6.3 allows remote authenticated administrators to execute arbitrary PHP code via a ZIP archive, containing a theme_*.php file, to repository/repository_ajax.php?action=upload and admin/tool/installaddon/index.php. 2019-04-30 6.5 CVE-2019-11631
MISC
BID
MISC
EXPLOIT-DB mozilla — firefox Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. 2019-04-26 4.3 CVE-2018-18511
MISC
MISC mozilla — firefox Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. 2019-04-26 4.3 CVE-2018-5124
MISC mozilla — firefox A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. 2019-04-26 5.0 CVE-2018-5179
MISC mozilla — firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 2019-04-26 4.3 CVE-2019-9793
MISC
MISC
MISC
MISC mozilla — firefox Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9797
MISC
MISC mozilla — firefox On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. 2019-04-26 5.8 CVE-2019-9798
MISC
MISC mozilla — firefox Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9799
MISC
MISC mozilla — firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a “URL Handler” in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 2019-04-26 5.0 CVE-2019-9801
MISC
MISC
MISC
MISC mozilla — firefox If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9802
MISC
MISC mozilla — firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66. 2019-04-26 5.8 CVE-2019-9803
MISC
MISC
MISC
MISC mozilla — firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9806
MISC
MISC mozilla — firefox When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. 2019-04-26 4.3 CVE-2019-9807
MISC
MISC mozilla — firefox If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states “Unknown origin” as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9808
MISC
MISC mozilla — firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. 2019-04-26 5.0 CVE-2019-9809
MISC
MISC
MISC mozilla — firefox Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. 2019-04-26 6.8 CVE-2019-9810
MISC
MISC
MISC
MISC mozilla — firefox Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. 2019-04-26 6.8 CVE-2019-9813
MISC
MISC
MISC
MISC mozilla — network_security_services When handling a SSLv2-compatible ClientHello request, the server doesn’t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. 2019-04-29 4.3 CVE-2018-12384
CONFIRM mozilla — network_security_services A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 2019-05-02 4.3 CVE-2018-12404
BID
MISC mozilla — thunderbird A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren’t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1. 2019-04-26 5.0 CVE-2018-18509
MISC
FULLDISC
MLIST
MISC
MISC mozilla — thunderbird A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. 2019-04-26 5.0 CVE-2018-18513
MISC
MISC netapp — hyper_converged_infrastructure_compute_node Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server. 2019-04-29 5.0 CVE-2019-5492
BID
CONFIRM nodebb — nodebb Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. 2019-04-30 4.3 CVE-2015-9286
MISC
MISC
MISC
MISC octopus — octopus_deploy In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) 2019-05-01 5.5 CVE-2019-11632
MISC
MISC omniauth_project — omniauth The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. 2019-04-26 6.8 CVE-2015-9284
MISC
MISC
MLIST phpbb — phpbb The fulltext search component in phpBB before 3.2.6 allows Denial of Service. 2019-05-02 5.0 CVE-2019-9826
MLIST
MLIST
CONFIRM polarisft — intellect_core_banking An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. 2019-04-30 6.5 CVE-2018-14874
MISC polarisft — intellect_core_banking An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. 2019-04-30 6.8 CVE-2018-14930
MISC polarisft — intellect_core_banking An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. 2019-04-30 5.8 CVE-2018-14931
MISC projectsend — projectsend ProjectSend before r1070 writes user passwords to the server logs. 2019-04-26 5.0 CVE-2019-11492
CONFIRM projectsend — projectsend Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. 2019-04-26 4.3 CVE-2019-11533
BID
CONFIRM rapid7 — metasploit Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions. 2019-04-30 6.5 CVE-2019-5624
MISC
CONFIRM
CONFIRM solarwinds — damewire_mini_remote_control DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. 2019-05-02 5.0 CVE-2019-9017
MISC
MISC
EXPLOIT-DB sonicwall — global_management_system A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. 2019-04-26 6.8 CVE-2019-7476
CONFIRM ublock — ublock In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. 2019-04-29 6.8 CVE-2019-11595
MISC
MISC w1.fi — hostapd The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. 2019-04-26 4.3 CVE-2019-11555
MLIST
MISC
MISC
MISC weaver — e-cology An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. 2019-04-30 4.3 CVE-2019-10272
MISC
CONFIRM webidsupport — webid WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php. 2019-04-29 4.3 CVE-2019-11592
MISC z.cash — zcash Zcash 2.x allows an inexpensive approach to “fill all transactions of all blocks” and “prevent any real transaction from occurring” via a “Sapling Wood-Chipper” attack. 2019-05-01 5.0 CVE-2019-11636
MISC
MISC zimbra — collaboration_server Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. 2019-04-30 5.0 CVE-2019-9621
MISC
MISC
MISC
MISC
MISC
CONFIRM
EXPLOIT-DB zohocorp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. 2019-04-30 6.9 CVE-2018-19374
MISC zohocorp — manageengine_firewall_analyzer The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. 2019-05-02 4.3 CVE-2019-11676
MISC