SB19-161: Vulnerability Summary for the Week of June 3, 2019

anviz — m3_outdoor_rfid_access_control
  Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the “open door” command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). 2019-06-06 not yet calculated CVE-2019-11523
MISC au_optronics — data_recorder Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. 2019-06-03 not yet calculated CVE-2019-11368
MISC
MISC au_optronics — data_recorder
  An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. 2019-06-03 not yet calculated CVE-2019-11367
MISC
MISC
MISC carel_industries — pcoweb An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. 2019-06-03 not yet calculated CVE-2019-11369
MISC
MISC carel_industries — pcoweb Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html “System contact” field. 2019-06-03 not yet calculated CVE-2019-11370
MISC
MISC chartkick_gem_for_ruby_on_rails — chartkick_gem_for_ruby_on_rails The Chartkick gem through 3.1.0 for Ruby allows XSS. 2019-06-06 not yet calculated CVE-2019-12732
CONFIRM
CONFIRM cisco — industrial_network_director
  A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. 2019-06-05 not yet calculated CVE-2019-1861
BID
CISCO cisco — unified_computing_system_c-series_rack_servers
  A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device. 2019-06-05 not yet calculated CVE-2019-1880
BID
CISCO citrix — application_delivery_management Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. 2019-06-05 not yet calculated CVE-2019-9548
CONFIRM
MISC citrix — sd-wan_center_and_netscaler_sd-wan_center Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. 2019-06-03 not yet calculated CVE-2019-10883
CONFIRM
MISC
MISC
MISC cloudera — data_science_workbench An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW’s internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. 2019-06-07 not yet calculated CVE-2018-20091
CONFIRM
MISC cloudera — navigator_key_trustee_kms In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is “*” which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data. 2019-06-07 not yet calculated CVE-2018-6185
MISC
CONFIRM clusterlabs — libqb
  libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. 2019-06-07 not yet calculated CVE-2019-12779
MISC
MISC
MISC
MISC dameware — dameware_remote_mini_control
  Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service. 2019-06-07 not yet calculated CVE-2019-3955
MISC dell_emc — openmanage_server_administrator Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation 2019-06-06 not yet calculated CVE-2019-3723
BID
CONFIRM dell_emc — openmanage_server_administrator
  Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. 2019-06-06 not yet calculated CVE-2019-3722
BID
CONFIRM digitaldruid.net — hoteldruid
  In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product). 2019-06-07 not yet calculated CVE-2019-9084
MISC
MISC enttec — datagate_mk2 A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor. 2019-06-07 not yet calculated CVE-2019-12774
MISC enttec — multiple_products An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user’s authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products. 2019-06-07 not yet calculated CVE-2019-12776
MISC enttec — multiple_products An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories. 2019-06-07 not yet calculated CVE-2019-12777
MISC enttec — multiple_products
  An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.) 2019-06-07 not yet calculated CVE-2019-12775
MISC foxit_software — reader A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. 2019-06-07 not yet calculated CVE-2018-19451
MISC foxit_software — reader A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation. 2019-06-07 not yet calculated CVE-2018-19452
MISC freenet — freenet
  Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. 2019-06-05 not yet calculated CVE-2019-9673
MISC
MISC
MISC gallagher — command_centre
  Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services. 2019-06-06 not yet calculated CVE-2019-12492
CONFIRM
CONFIRM gemalto — admin_control_center Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one. 2019-06-07 not yet calculated CVE-2019-8282
MISC gemalto — admin_control_center Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have ‘HttpOnly’ flag. This allows malicious javascript to steal it. 2019-06-07 not yet calculated CVE-2019-8283
MISC gemalto — ds3_authentication_server Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. 2019-06-05 not yet calculated CVE-2019-9158
MISC
MISC gemalto — ds3_authentication_server Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure. 2019-06-05 not yet calculated CVE-2019-9157
MISC
MISC gemalto — ds3_authentication_server Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. 2019-06-05 not yet calculated CVE-2019-9156
MISC
MISC google — android In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-124232283. 2019-06-07 not yet calculated CVE-2019-2095
CONFIRM google — android In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968. 2019-06-07 not yet calculated CVE-2019-2101
CONFIRM google — android In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-129068792. 2019-06-07 not yet calculated CVE-2019-2094
CONFIRM google — android In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052. 2019-06-07 not yet calculated CVE-2019-2102
CONFIRM google — android In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599668. 2019-06-07 not yet calculated CVE-2019-2092
CONFIRM google — android In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123583388. 2019-06-07 not yet calculated CVE-2019-2099
CONFIRM google — android In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599467. 2019-06-07 not yet calculated CVE-2019-2098
CONFIRM google — android In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285. 2019-06-07 not yet calculated CVE-2019-2097
CONFIRM google — android In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-128599660. 2019-06-07 not yet calculated CVE-2019-2091
CONFIRM google — android In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119292397. 2019-06-07 not yet calculated CVE-2019-2093
CONFIRM google — android
  In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974. 2019-06-07 not yet calculated CVE-2019-2096
CONFIRM google — android
  In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599183 2019-06-07 not yet calculated CVE-2019-2090
CONFIRM hapi_fhir — hapi_fhir
  XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) 2019-06-05 not yet calculated CVE-2019-12741
MISC
MISC
MISC hashicorp — consul
  HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. 2019-06-06 not yet calculated CVE-2019-12291
CONFIRM hauwei — p30_and_p30_pro_4g_lte_devices
  Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107) 2019-06-04 not yet calculated CVE-2019-5307
CONFIRM hewlett_packard_enterprise — integrated_maintenance_entity_and_maintenance_entity_and_blade_maintenance_entity The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration. 2019-06-05 not yet calculated CVE-2019-5394
CONFIRM hewlett_packard_enterprise — smart_update_manager A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege. 2019-06-05 not yet calculated CVE-2019-11987
CONFIRM hewlett_packard_enterprise — smart_update_manager A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5. 2019-06-05 not yet calculated CVE-2019-11988
CONFIRM hgiga — oaklouds_mailsherlock Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. 2019-06-03 not yet calculated CVE-2019-9882
MISC
MISC hgiga — oaklouds_mailsherlock Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. 2019-06-03 not yet calculated CVE-2019-9883
MISC
MISC htc_corporation — viveport
  Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. 2019-06-03 not yet calculated CVE-2019-12177
MISC
MISC
MISC htc_corporation — viveport
  Privilege escalation in the “HTC Account Service” and “ViveportDesktopService” in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service. 2019-06-03 not yet calculated CVE-2019-12176
MISC
MISC huawai — ap_products
  There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands. 2019-06-04 not yet calculated CVE-2019-5298
CONFIRM huawai –mate_10_smartphones The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. 2019-06-06 not yet calculated CVE-2019-5305
CONFIRM huawai –p20_smartphones There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. 2019-06-04 not yet calculated CVE-2019-5306
CONFIRM huawei — emily-l29c_smartphones Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone. 2019-06-04 not yet calculated CVE-2019-5297
CONFIRM huawei — honor_v10_smartphones
  Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. 2019-06-06 not yet calculated CVE-2019-5295
CONFIRM huawei — leland_al00a_smartphones There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004) 2019-06-04 not yet calculated CVE-2019-5284
CONFIRM huawei — mate10_smartphones There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. 2019-06-06 not yet calculated CVE-2019-5219
CONFIRM huawei — mate10_smartphones
  There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. 2019-06-06 not yet calculated CVE-2019-5214
CONFIRM huawei — mate20_smartphones
  Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal. 2019-06-04 not yet calculated CVE-2019-5296
CONFIRM huawei — p20_smartphones There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed. 2019-06-04 not yet calculated CVE-2019-5283
CONFIRM huawei — p30_smartphones There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109) 2019-06-04 not yet calculated CVE-2019-5215
CONFIRM huawei — pcmanager There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. 2019-06-06 not yet calculated CVE-2019-5241
CONFIRM huawei — pcmanager There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory. 2019-06-06 not yet calculated CVE-2019-5242
CONFIRM huawei — y9_2019_smartphones There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations. 2019-06-04 not yet calculated CVE-2019-5281
CONFIRM huawei –honor_v10_smartphones There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. 2019-06-06 not yet calculated CVE-2019-5216
CONFIRM huawei –mate_9_pro_smartphones Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak. 2019-06-04 not yet calculated CVE-2019-5244
CONFIRM huawei –mate_9_pro_smartphones There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. 2019-06-04 not yet calculated CVE-2019-5217
CONFIRM ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. 2019-06-06 not yet calculated CVE-2019-4257
XF
CONFIRM ibm — intelligent_operations_center IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015. 2019-06-07 not yet calculated CVE-2019-4070
XF
CONFIRM ibm — intelligent_operations_center IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. 2019-06-07 not yet calculated CVE-2019-4069
XF
CONFIRM ibm — intelligent_operations_center IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. 2019-06-07 not yet calculated CVE-2019-4068
XF
CONFIRM ibm — intelligent_operations_center IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. 2019-06-07 not yet calculated CVE-2019-4067
XF
CONFIRM ibm — intelligent_operations_center
  IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011. 2019-06-07 not yet calculated CVE-2019-4066
XF
CONFIRM ibm — jazz_for_serivce_management
  IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. 2019-06-05 not yet calculated CVE-2019-4201
XF
CONFIRM ibm — maximo_asset_management
  IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. 2019-06-05 not yet calculated CVE-2019-4048
XF
CONFIRM ibm — security_information_queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. 2019-06-06 not yet calculated CVE-2019-4162
XF
CONFIRM ibm — security_information_queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227. 2019-06-06 not yet calculated CVE-2019-4218
XF
CONFIRM ibm — security_information_queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. 2019-06-06 not yet calculated CVE-2019-4219
XF
CONFIRM ibm — security_information_queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660. 2019-06-06 not yet calculated CVE-2019-4161
XF
CONFIRM ibm — security_information_queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. 2019-06-06 not yet calculated CVE-2019-4217
XF
CONFIRM inateck — wp1001_wireless_presenter Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected receiver of this device. 2019-06-07 not yet calculated CVE-2019-12505
MISC
BUGTRAQ
MISC inateck — wp2002_wireless_presenter
  Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected receiver of this device. 2019-06-07 not yet calculated CVE-2019-12504
MISC
BUGTRAQ
MISC kyocera — command_center_rx Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. 2019-06-06 not yet calculated CVE-2019-6452
MISC
MISC logitech — r700_laser_presentation_remote Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected receiver of this device. 2019-06-07 not yet calculated CVE-2019-12506
MISC
BUGTRAQ
MISC maccms — maccms
  Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. 2019-06-07 not yet calculated CVE-2018-19465
MISC
MISC martin_raiber — urbackup In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. 2019-06-07 not yet calculated CVE-2018-20014
MISC
MISC micro_focus — solution_business_manager Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. 2019-06-07 not yet calculated CVE-2019-3477
CONFIRM moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials. 2019-06-07 not yet calculated CVE-2018-10690
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization. 2019-06-07 not yet calculated CVE-2018-10691
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie “Password508” does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. 2019-06-07 not yet calculated CVE-2018-10692
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “srvName” is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10693
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user’s computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user’s computer very easily as well. 2019-06-07 not yet calculated CVE-2018-10694
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device’s network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters “to1,to2,to3,to4” are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10695
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs. 2019-06-07 not yet calculated CVE-2018-10696
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “iw_privatePass” is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10699
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “srvName” is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10697
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. 2019-06-07 not yet calculated CVE-2018-10698
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter “iw_board_deviceName” is susceptible to this injection. 2019-06-07 not yet calculated CVE-2018-10700
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “iw_filename” is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10701
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “iw_filename” is susceptible to command injection via shell metacharacters. 2019-06-07 not yet calculated CVE-2018-10702
MISC
BUGTRAQ moxa — awk-3121 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter “iw_serverip” is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack. 2019-06-07 not yet calculated CVE-2018-10703
MISC
BUGTRAQ multiple_vendors — multiple_devices
  Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. 2019-06-07 not yet calculated CVE-2018-19860
CONFIRM
MISC netgear — insight_cloud NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. 2019-06-03 not yet calculated CVE-2019-12591
MISC nextcloud — nextcloud An OS Command Injection has been discovered in the Nextcloud App: Extract prior to version 1.2.0. 2019-06-07 not yet calculated CVE-2019-5441
MISC nextcloud — nextcloud lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). 2019-06-05 not yet calculated CVE-2019-12739
MISC
MISC nuuo — network_video_recorder_firmware NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. 2019-05-31 not yet calculated CVE-2019-9653
MISC
MISC
MISC nvidia — geforce_experience NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure. 2019-05-31 not yet calculated CVE-2019-5678
CONFIRM orpak — siteomat An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data. 2019-06-03 not yet calculated CVE-2017-14852
MISC
BID
MISC orpak — siteomat A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. 2019-06-03 not yet calculated CVE-2017-14851
BID
MISC
MISC orpak — siteomat An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public. 2019-06-03 not yet calculated CVE-2017-14728
MISC
BID
MISC orpak — siteomat All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him. 2019-06-03 not yet calculated CVE-2017-14850
BID
MISC
MISC panasonic — fpwin_pro Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. 2019-06-07 not yet calculated CVE-2019-6532
BID
MISC panasonic — fpwin_pro Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. 2019-06-07 not yet calculated CVE-2019-6530
BID
MISC papercut — papercut_mf_and_papercut_ng
  An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector. 2019-06-06 not yet calculated CVE-2019-12135
CONFIRM
CONFIRM phpscriptsmall.com — api_based_travel_booking An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter. 2019-06-06 not yet calculated CVE-2019-7554
MISC
MISC pivotal — pivotal_ops_manager
  The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources. 2019-06-06 not yet calculated CVE-2019-3790
BID
CONFIRM pivotal — spring_data_jpa
  This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. 2019-06-03 not yet calculated CVE-2019-3802
CONFIRM progress — sitefinity Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed. 2019-06-06 not yet calculated CVE-2019-7215
MISC
CONFIRM python_software_foundation — python A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. 2019-06-07 not yet calculated CVE-2019-10160
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC quest — kace_k1000_appliance The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance?s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance?s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance’s settings. 2019-06-03 not yet calculated CVE-2018-5406
MISC
CONFIRM
CERT-VN quest — kace_k1000_appliance The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with ‘User Console Only’ rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with ‘user console only’ rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator. 2019-06-03 not yet calculated CVE-2018-5405
MISC
CONFIRM
CERT-VN quest — kace_k1000_appliance The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges (‘User Console Only’ role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. 2019-06-03 not yet calculated CVE-2018-5404
CONFIRM
CERT-VN rancher — rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. 2019-06-06 not yet calculated CVE-2019-12303
CONFIRM
CONFIRM rancher — rancher
  In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. 2019-06-06 not yet calculated CVE-2019-12274
CONFIRM
CONFIRM salesagility — suitecrm SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). 2019-06-07 not yet calculated CVE-2019-12600
CONFIRM salesagility — suitecrm SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). 2019-06-07 not yet calculated CVE-2019-12601
CONFIRM salesagility — suitecrm SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. 2019-06-07 not yet calculated CVE-2019-12599
CONFIRM salesagility — suitecrm SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). 2019-06-07 not yet calculated CVE-2019-12598
CONFIRM samsung — galaxy_apps Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. 2019-06-07 not yet calculated CVE-2018-20135
MISC
MISC samsung — galaxy_s9 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. 2019-06-03 not yet calculated CVE-2019-6742
MISC samsung — galaxy_s9 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 – SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472. 2019-06-03 not yet calculated CVE-2019-6740
MISC samsung — galaxy_s9 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 – SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. 2019-06-03 not yet calculated CVE-2019-6741
MISC scamera — security_camera_cz_application The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. 2019-06-07 not yet calculated CVE-2019-12763
MISC sitecore — experience_platform Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object. 2019-06-06 not yet calculated CVE-2019-11080
MISC
MISC solarwinds — serv-u_ftp_server The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. 2019-06-07 not yet calculated CVE-2018-19999
MISC
MISC soyal — ar-727h_and_ar-829ev5_devices On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. 2019-06-06 not yet calculated CVE-2019-6451
MISC
MISC supra — smart_cloud_tv Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI. 2019-06-07 not yet calculated CVE-2019-12477
MISC
MISC synaptics — sound_device_drivers Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API. 2019-06-05 not yet calculated CVE-2019-9730
CONFIRM
MISC
MISC thinstation — thinstation Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring. 2019-06-07 not yet calculated CVE-2019-12771
MISC thomson_reuters — desktop An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine’s SAM and SYSTEM database files, as well as remote code execution. 2019-06-05 not yet calculated CVE-2019-8385
MISC
MISC tp-link — tl-wr940n_router TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. 2019-06-06 not yet calculated CVE-2019-6989
MISC ubiquiti — edgeos_on_edgerouter_lite_devices Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the ‘alias’ or ‘ips’ parameter for shell metacharacters. 2019-06-07 not yet calculated CVE-2018-5265
MISC ubiquiti — unifi_52_devices Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on “free time” Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. 2019-06-07 not yet calculated CVE-2018-5264
MISC vmware — tools
  VMware Tools for Windows (10.x before 10.3.10) update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine. 2019-06-06 not yet calculated CVE-2019-5522
BID
CONFIRM vmware — workstation VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed. 2019-06-06 not yet calculated CVE-2019-5525
BID
CONFIRM wordpress — wordpress
  The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending “magic bytes” to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin’s MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension. 2019-06-03 not yet calculated CVE-2019-11185
MISC
MISC
MISC workday — workday
  CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export. 2019-06-06 not yet calculated CVE-2019-12134
MISC x-cart — x-cart
  X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. 2019-06-06 not yet calculated CVE-2019-7220
MISC
MISC xiaomi — mi6_browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466. 2019-06-03 not yet calculated CVE-2019-6743
MISC xiaomi — mi_5s_plus_devices Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. 2019-06-06 not yet calculated CVE-2019-12762
MISC
MISC xiaomi — redmi_note_5_pro_devices_and_redmi_android_phones Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user’s cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request. 2019-06-07 not yet calculated CVE-2018-20523
MISC
MISC