SB19-140: Vulnerability Summary for the Week of May 13, 2019

airmail — airmailplugin-framework The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the validity of the signing key, which allows remote attackers to spoof arbitrary email signatures by crafting a key with a fake user ID (email address) and injecting it into the user’s keyring. 2019-05-16 not yet calculated CVE-2019-8338
MISC
FULLDISC
MISC
MISC
MISC
MLIST artifex — ghostscript It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable. 2019-05-16 not yet calculated CVE-2019-3839
CONFIRM
CONFIRM
CONFIRM
MLIST aruba — instant A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 2019-05-10 not yet calculated CVE-2018-7064
CONFIRM
CONFIRM aruba — instant A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1 2019-05-10 not yet calculated CVE-2018-7084
CONFIRM
CONFIRM aruba — instant If a process running within Aruba Instant crashes, it may leave behind a “core dump”, which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 2019-05-10 not yet calculated CVE-2018-7083
CONFIRM
CONFIRM aruba — instant A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 2019-05-10 not yet calculated CVE-2018-7082
CONFIRM
CONFIRM atutor — atutor
  ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. 2019-05-17 not yet calculated CVE-2019-12170
MISC
MISC bosch — multiple_hardware_and_software_products A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). 2019-05-13 not yet calculated CVE-2019-8952
CONFIRM
CONFIRM
CONFIRM
CONFIRM bosch — multiple_hardware_and_software_products
  An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). 2019-05-13 not yet calculated CVE-2019-8951
CONFIRM
CONFIRM
CONFIRM
CONFIRM cisco — fxos_and_nx-os A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1781
CISCO cisco — fxos_and_nx-os A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1782
CISCO cisco — fxos_and_nx-os A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. 2019-05-15 not yet calculated CVE-2019-1858
BID
CISCO cisco — fxos_and_nx-os A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1779
CISCO cisco — fxos_and_nx-os A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1795
CISCO cisco — identity_services_engine A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication. 2019-05-15 not yet calculated CVE-2019-1851
BID
CISCO cisco — multiple_small_business_switches A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. 2019-05-15 not yet calculated CVE-2019-1806
BID
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1770
CISCO cisco — nx-os A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface. 2019-05-15 not yet calculated CVE-2019-1733
BID
CISCO cisco — nx-os A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. 2019-05-15 not yet calculated CVE-2019-1768
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1769
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1784
BID
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1791
CISCO cisco — nx-os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. 2019-05-15 not yet calculated CVE-2019-1808
BID
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1790
CISCO cisco — nx-os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-05-15 not yet calculated CVE-2019-1783
BID
CISCO cisco — nx-os
  A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. 2019-05-15 not yet calculated CVE-2019-1732
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. 2019-05-15 not yet calculated CVE-2019-1824
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. 2019-05-15 not yet calculated CVE-2019-1823
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. 2019-05-15 not yet calculated CVE-2019-1825
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. 2019-05-15 not yet calculated CVE-2019-1821
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. 2019-05-15 not yet calculated CVE-2019-1820
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. 2019-05-15 not yet calculated CVE-2019-1819
BID
CISCO cisco — prime_infrastructure_and_evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. 2019-05-15 not yet calculated CVE-2019-1822
BID
CISCO cisco — small_business_300_series_managed_switches A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. 2019-05-15 not yet calculated CVE-2019-1814
BID
CISCO cisco — webex_network_recording_player_and_webex_player A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. 2019-05-15 not yet calculated CVE-2019-1773
BID
CISCO cisco — webex_network_recording_player_and_webex_player A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. 2019-05-15 not yet calculated CVE-2019-1771
BID
CISCO cisco — webex_network_recording_player_and_webex_player A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. 2019-05-15 not yet calculated CVE-2019-1772
BID
CISCO create-sd — create-sd
  CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks. 2019-05-17 not yet calculated CVE-2019-5955
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application ‘Cabinet’. 2019-05-17 not yet calculated CVE-2019-5942
MISC
MISC cybozu — garoon Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application ‘Work Flow’. 2019-05-17 not yet calculated CVE-2019-5936
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application ‘Bulletin’ and the application ‘Cabinet’. 2019-05-17 not yet calculated CVE-2019-5943
MISC
MISC cybozu — garoon Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users’ credential information via the authentication of Cybozu Garoon. 2019-05-17 not yet calculated CVE-2019-5945
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application ‘Multi Report’. 2019-05-17 not yet calculated CVE-2019-5941
MISC
MISC cybozu — garoon SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application ‘logging’. 2019-05-17 not yet calculated CVE-2019-5934
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application ‘Management of Basic System’. 2019-05-17 not yet calculated CVE-2019-5930
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application ‘Bulletin’. 2019-05-17 not yet calculated CVE-2019-5933
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. 2019-05-17 not yet calculated CVE-2019-5931
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application ‘Address’ without modify privileges via the application ‘Address’. 2019-05-17 not yet calculated CVE-2019-5944
MISC
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information. 2019-05-17 not yet calculated CVE-2019-5935
MISC
MISC cybozu — garoon
  Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. 2019-05-17 not yet calculated CVE-2019-5946
MISC
MISC dell_emc — recoverpoint Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root. 2019-05-15 not yet calculated CVE-2019-3727
MISC east_japan_railway_company — jr_east_japan_train_operation_information_push_notification JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user’s registered information via unspecified vectors. 2019-05-17 not yet calculated CVE-2019-5954
MISC
MISC espressif — esp-idf An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory. 2019-05-13 not yet calculated CVE-2018-18558
MISC
MISC ez_systems — ez_platform An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4. 2019-05-16 not yet calculated CVE-2019-12139
MISC f-secure — multiple_products
  In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker’s DLL in an elevated security context. 2019-05-17 not yet calculated CVE-2019-11644
CONFIRM fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. 2019-05-17 not yet calculated CVE-2019-12086
MISC
MISC
CONFIRM
MLIST
MISC four-faith — wireless_mobile_router Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. 2019-05-17 not yet calculated CVE-2019-12168
MISC freebsd — freebsd In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. 2019-05-15 not yet calculated CVE-2019-5598
MISC
MISC
MISC freebsd — freebsd In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. 2019-05-15 not yet calculated CVE-2019-5597
MISC
MISC
MISC fujitsu — paperstream_ip In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege. 2019-05-17 not yet calculated CVE-2018-16156
MISC gat-ship — gat-ship_web_module GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request. 2019-05-17 not yet calculated CVE-2019-12163
MISC gitlab — gitlab_community_edition_and_enterprise_edition An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. 2019-05-17 not yet calculated CVE-2019-7353
MISC
MISC gitlab — gitlab_community_edition_and_enterprise_edition An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. 2019-05-17 not yet calculated CVE-2019-6787
MISC
MISC gitlab — gitlab_community_edition_and_enterprise_edition An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. 2019-05-17 not yet calculated CVE-2019-6781
MISC
MISC gitlab — gitlab_community_edition_and_enterprise_edition An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. 2019-05-17 not yet calculated CVE-2018-20500
MISC
MISC gitlab — gitlab_community_edition_and_enterprise_edition An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn’t be allowed to. 2019-05-17 not yet calculated CVE-2019-5883
MISC gitlab — gitlab_community_edition_and_enterprise_edition GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. 2019-05-17 not yet calculated CVE-2018-19585
MISC
MISC gitlab — gitlab_community_edition_and_enterprise_edition
  An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group’s merge requests. 2019-05-17 not yet calculated CVE-2019-6790
MISC
MISC gitlab — gitlab_enterprise_edition An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI. 2019-05-17 not yet calculated CVE-2019-6797
MISC
MISC gnu — wget
  Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. 2019-05-17 not yet calculated CVE-2019-5953
MISC
MISC gohttp — gohttp GoHTTP through 2017-07-25 has a sendHeader use-after-free. 2019-05-17 not yet calculated CVE-2019-12160
MISC gohttp — gohttp GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL. 2019-05-17 not yet calculated CVE-2019-12159
MISC gohttp — gohttp
  GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. 2019-05-17 not yet calculated CVE-2019-12158
MISC

ibm — cloud_private_kubernetes_api_server

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145. 2019-05-17 not yet calculated CVE-2019-4119
CONFIRM
XF ibm — rational_doors_web_access IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916. 2019-05-16 not yet calculated CVE-2018-1975
CONFIRM
XF ibm — websphere_application_server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. 2019-05-17 not yet calculated CVE-2019-4279
XF
CONFIRM intel — active_management_technology Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. 2019-05-17 not yet calculated CVE-2019-0094
MISC intel — active_management_technology Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2019-05-17 not yet calculated CVE-2019-0092
MISC intel — active_management_technology Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. 2019-05-17 not yet calculated CVE-2019-0096
MISC intel — active_management_technology Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. 2019-05-17 not yet calculated CVE-2019-0097
MISC intel — acu_wizard Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0138
MISC intel — converged_security_and_management_engine Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2019-05-17 not yet calculated CVE-2019-0153
MISC intel — converged_security_and_management_engine Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. 2019-05-17 not yet calculated CVE-2019-0093
MISC intel — converged_security_and_management_engine Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2019-05-17 not yet calculated CVE-2019-0098
MISC intel — converged_security_and_management_engine Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0086
MISC intel — converged_security_and_management_engine Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0091
MISC intel — converged_security_and_management_engine Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access. 2019-05-17 not yet calculated CVE-2019-0090
MISC intel — driver_and_support_assistant Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. 2019-05-17 not yet calculated CVE-2019-11095
CONFIRM
MISC intel — driver_and_support_assistant Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. 2019-05-17 not yet calculated CVE-2019-11114
MISC intel — dynamic_application_loader
  Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0170
MISC intel — graphics_drivers A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0114
MISC intel — graphics_drivers Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0115
MISC intel — graphics_drivers An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0116
MISC intel — graphics_drivers
  Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0113
MISC intel — i915_graphics_for_linux Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-11085
CONFIRM
MISC intel — multiple_products Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0120
MISC intel — multiple_products Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0119
MISC intel — nuc Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. 2019-05-17 not yet calculated CVE-2019-11094
MISC intel — proset/wireless_wifi_software Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2018-3701
CONFIRM
MISC intel — quartus Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0171
CONFIRM
MISC intel — server_platform_services Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-0089
MISC intel — server_platform_services Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2019-05-17 not yet calculated CVE-2019-0099
MISC intel — setup_and_configuration_software_and_amt_configuration_utility_wizard Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-05-17 not yet calculated CVE-2019-11093
MISC intel — unite_client A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. 2019-05-17 not yet calculated CVE-2019-0172
MISC intel — unite_client Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access. 2019-05-17 not yet calculated CVE-2019-0132
MISC intel — xeon_processor Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 2019-05-17 not yet calculated CVE-2019-0126
MISC kie_group — kie_server_and_busitess_central It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services. 2019-05-15 not yet calculated CVE-2016-7043
CONFIRM
CONFIRM macdown — macdown
  MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138. 2019-05-17 not yet calculated CVE-2019-12173
MISC mcafee — endpoint_security Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. 2019-05-15 not yet calculated CVE-2019-3586
CONFIRM microsoft — .net_core_and_.net_framework A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka ‘.Net Framework and .Net Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. 2019-05-16 not yet calculated CVE-2019-0981
MISC microsoft — .net_core_and_.net_framework A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka ‘.Net Framework and .Net Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. 2019-05-16 not yet calculated CVE-2019-0980
MISC microsoft — .net_framework A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka ‘.NET Framework and .NET Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. 2019-05-16 not yet calculated CVE-2019-0820
MISC microsoft — .net_framework A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka ‘.NET Framework Denial of Service Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0864
MISC microsoft — asp.net_core
  A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0982
MISC microsoft — azure_active_directory_connect An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the AzureÂ? AD Connect server, aka ‘Microsoft Azure AD Connect Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-1000
MISC microsoft — azure_devops_server_and_team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0979. 2019-05-16 not yet calculated CVE-2019-0872
MISC microsoft — azure_devops_server_and_team_foundation_server An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka ‘Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0971
MISC microsoft — dynamics A security feature bypass vulnerability exists in Dynamics On Premise, aka ‘Microsoft Dynamics On-Premise Security Feature Bypass’. 2019-05-16 not yet calculated CVE-2019-1008
MISC microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ‘Microsoft Edge Memory Corruption Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0926
MISC microsoft — edge An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0938
MISC microsoft — edge_and_internet_explorer A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0940
MISC microsoft — internet_explorer An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka ‘Internet Explorer Information Disclosure Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0930
MISC microsoft — internet_explorer A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0929
MISC microsoft — internet_explorer A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka ‘Internet Explorer Security Feature Bypass Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0995
MISC microsoft — internet_explorer An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka ‘Internet Explorer Spoofing Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0921
MISC microsoft — multiple_windows_operating_systems A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0733
MISC microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0936. 2019-05-16 not yet calculated CVE-2019-0734
MISC microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882. 2019-05-16 not yet calculated CVE-2019-0961
MISC microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0734. 2019-05-16 not yet calculated CVE-2019-0936
MISC microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0863
MISC microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker’s privilege level, aka ‘Windows NDIS Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0707
MISC microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961. 2019-05-16 not yet calculated CVE-2019-0758
MISC microsoft — nuget A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default “objâ€??), aka ‘NuGet Package Manager Tampering Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0976
MISC microsoft — sharepoint A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951. 2019-05-16 not yet calculated CVE-2019-0950
MISC microsoft — sharepoint A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951. 2019-05-16 not yet calculated CVE-2019-0949
MISC microsoft — skype An information disclosure vulnerability exists in Skype for Android, aka ‘Skype for Android Information Disclosure Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0932
MISC microsoft — sql_server An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka ‘Microsoft SQL Server Analysis Services Information Disclosure Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0819
MISC microsoft — team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka ‘Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability’. This CVE ID is unique from CVE-2019-0872. 2019-05-16 not yet calculated CVE-2019-0979
MISC microsoft — visual_studio_and_multiple_windows_operating_systems An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0727
MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka ‘Unified Write Filter Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0942
MISC microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’. 2019-05-16 not yet calculated CVE-2019-0931
MISC ministry_of_internal_affairs_and_communications — electronic_reception_and_examination_of_application_for_radio_licenses_offline Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-05-17 not yet calculated CVE-2019-5958
MISC
MISC ministry_of_internal_affairs_and_communications — electronic_reception_and_examination_of_application_for_radio_licenses_online Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2019-05-17 not yet calculated CVE-2019-5957
MISC
MISC netapp — oncommand_unified_manager OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-05-10 not yet calculated CVE-2019-5494
CONFIRM netapp — oncommand_unified_manager Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-05-10 not yet calculated CVE-2019-5496
CONFIRM netapp — oncommand_unified_manager OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-05-10 not yet calculated CVE-2019-5495
CONFIRM ntp — ntp
  NTP through 4.2.8p12 has a NULL Pointer Dereference. 2019-05-15 not yet calculated CVE-2019-8936
CONFIRM
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
BUGTRAQ
FREEBSD
GENTOO
CONFIRM openemr — openemr An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. 2019-05-17 not yet calculated CVE-2018-17180
MISC
MISC openemr — openemr An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. 2019-05-17 not yet calculated CVE-2018-17181
MISC
MISC openemr — openemr An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. 2019-05-17 not yet calculated CVE-2018-17179
MISC
MISC ovirt — cockpit-ovirt
  During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. 2019-05-17 not yet calculated CVE-2019-10139
CONFIRM rsa — netwitness RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server. 2019-05-15 not yet calculated CVE-2019-3725
BID
CONFIRM rsa — netwitness RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials. 2019-05-15 not yet calculated CVE-2019-3724
MISC
BID
CONFIRM siemens — sinamics_perfect_harmony_gh180_drives_nxg_i_and_nxg_ii_control A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-05-14 not yet calculated CVE-2019-6574
MISC siemens — sinamics_perfect_harmony_gh180_drives_nxg_i_and_nxg_ii_control A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-05-14 not yet calculated CVE-2019-6578
MISC
MISC simple_finance_technology — simple The Simple – Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user’s password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user’s Simple Bank password. 2019-05-13 not yet calculated CVE-2019-8350
MISC
MISC simplybook.me — simplybook.me SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. 2019-05-17 not yet calculated CVE-2019-11887
CONFIRM sony — bravia_smart_tv_devices Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. 2019-05-14 not yet calculated CVE-2019-11336
MISC
FULLDISC
BID
BUGTRAQ
MISC symfony — symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge. 2019-05-16 not yet calculated CVE-2019-10912
CONFIRM
CONFIRM symfony — symfony
  In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. 2019-05-16 not yet calculated CVE-2019-10909
CONFIRM
CONFIRM
MISC sysdig — sysdig
  An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and falco-probe.ko) mishandles a free space calculation. 2019-05-17 not yet calculated CVE-2019-8339
CONFIRM
MISC systemd — systemd systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. 2019-05-17 not yet calculated CVE-2018-20839
MISC
MISC
MISC typora — typora
  Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. 2019-05-17 not yet calculated CVE-2019-12172
MISC university_of_cambridge — mod_ucam_webauth Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field (“kid”) of the IdP’s HTTP response message (“WLS-Response”) can be manipulated by an attacker. The “kid” field is not signed like the rest of the message, and manipulation is therefore trivial. The “kid” field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location. 2019-05-13 not yet calculated CVE-2015-9287
MISC
MISC vmware — workstation VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. 2019-05-15 not yet calculated CVE-2019-5526
MISC
BID
MISC vtiger — vtiger_crm SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. 2019-05-17 not yet calculated CVE-2019-11057
MLIST webinessphp — webiness_inventory An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages. 2019-05-14 not yet calculated CVE-2019-8404
MISC
MISC
EXPLOIT-DB wordpress — wordpress
  ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS. 2019-05-13 not yet calculated CVE-2018-20838
MISC
MISC
MISC
MISC wpo-foundation — webpagetest
  WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). 2019-05-17 not yet calculated CVE-2019-12161
MISC yarn — yarnpkg/website The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key. 2019-05-16 not yet calculated CVE-2018-12556
MISC
FULLDISC
MISC
MISC
MISC
MLIST yeelight — smart_ai_speaker Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information. 2019-05-16 not yet calculated CVE-2018-20007
MISC
MISC