Vulnerability Summary for the Week of July 1, 2019

Original release date: July 8, 2019 | Last revised: July 9, 2019

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
actiontec -- web6000q_firmware On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. 2019-06-28 10.0 CVE-2018-15555
MISC
FULLDISC
advantech -- webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. 2019-06-28 7.5 CVE-2019-10989
MISC
MISC
MISC
advantech -- webaccess In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. 2019-06-28 7.5 CVE-2019-10991
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech -- webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. 2019-06-28 7.5 CVE-2019-10993
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
chamilo -- chamilo_lms Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir. 2019-06-30 7.5 CVE-2019-13082
MISC
MISC
cszcms -- csz_cms core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. 2019-06-30 7.5 CVE-2019-13086
MISC
dosbox -- dosbox DOSBox 0.74-2 has Incorrect Access Control. 2019-07-02 7.5 CVE-2019-12594
CONFIRM
MLIST
FEDORA
MISC
MISC
flowpaper -- flexpaper The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. 2019-07-03 7.5 CVE-2018-11686
MISC
MISC
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. 2019-07-01 7.2 CVE-2019-4057
XF
CONFIRM
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. 2019-07-01 7.2 CVE-2019-4154
BID
XF
CONFIRM
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. 2019-07-01 7.2 CVE-2019-4322
BID
XF
CONFIRM
icon -- loopchain In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). 2019-06-28 9.0 CVE-2019-12997
MISC
lexmark -- 6500_firmware Various Lexmark devices have a Buffer Overflow (issue 1 of 2). 2019-06-28 7.5 CVE-2018-15519
CONFIRM
lexmark -- cx421_firmware Various Lexmark devices have a Buffer Overflow (issue 2 of 2). 2019-06-28 7.5 CVE-2018-15520
CONFIRM
matio_project -- matio Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c 2019-06-30 7.5 CVE-2019-13107
MISC
MISC
netapp -- clustered_data_ontap NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. 2019-07-01 7.5 CVE-2019-5497
CONFIRM
nginx -- njs njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. 2019-06-29 7.5 CVE-2019-13067
MISC
nortekcontrol -- linear_emerge_5000p_firmware Linear eMerge 50P/5000P devices allow Authentication Bypass. 2019-07-02 7.5 CVE-2019-7266
MISC
MISC
nortekcontrol -- linear_emerge_5000p_firmware Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. 2019-07-02 10.0 CVE-2019-7269
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Directory Traversal. 2019-07-02 7.5 CVE-2019-7253
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow File Inclusion. 2019-07-02 9.0 CVE-2019-7254
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Command Injections. 2019-07-02 10.0 CVE-2019-7256
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Unrestricted File Upload. 2019-07-02 7.5 CVE-2019-7257
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices have Hard-coded Credentials. 2019-07-02 10.0 CVE-2019-7261
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices have a Version Control Failure. 2019-07-02 10.0 CVE-2019-7263
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. 2019-07-02 7.5 CVE-2019-7264
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). 2019-07-02 10.0 CVE-2019-7265
MISC
MISC
odoo -- odoo Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds. 2019-06-28 7.5 CVE-2018-14885
MISC
CONFIRM
optergy -- enterprise Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. 2019-07-01 10.0 CVE-2019-7274
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. 2019-07-01 10.0 CVE-2019-7276
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices have Hard-coded Credentials. 2019-07-01 7.5 CVE-2019-7279
BID
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution. 2019-07-01 10.0 CVE-2019-7669
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices allow Authenticated Command Injection resulting in Root Remote Code Execution. 2019-07-01 9.0 CVE-2019-7670
MISC
MISC
pulsesecure -- pulse_connect_secure Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. 2019-06-28 7.5 CVE-2018-20810
CONFIRM
pulsesecure -- pulse_connect_secure An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. 2019-06-28 7.5 CVE-2018-20813
CONFIRM
redhat -- satellite A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. 2019-07-02 7.5 CVE-2019-10137
CONFIRM
synology -- calendar OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. 2019-06-30 7.5 CVE-2019-11829
CONFIRM
synology -- photo_station SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. 2019-06-30 7.5 CVE-2019-11821
CONFIRM
toaruos -- toaruos linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. 2019-06-29 7.2 CVE-2019-13046
MISC
toaruos -- toaruos kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. 2019-06-29 7.2 CVE-2019-13047
MISC
toaruos -- toaruos An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. 2019-06-29 7.2 CVE-2019-13049
MISC
web-gooroo -- cms_web-gooroo SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter. 2019-07-03 7.5 CVE-2017-18346
MISC
EXPLOIT-DB
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. 2019-07-04 6.8 CVE-2019-13247
MISC
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450. 2019-07-04 6.8 CVE-2019-13248
MISC
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a. 2019-07-04 6.8 CVE-2019-13249
MISC
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. 2019-07-04 6.8 CVE-2019-13250
MISC
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff. 2019-07-04 6.8 CVE-2019-13251
MISC
acdsee -- acdsee ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. 2019-07-04 6.8 CVE-2019-13252
MISC
advantech -- webaccess In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. 2019-06-28 5.0 CVE-2019-10983
MISC
MISC
advantech -- webaccess In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. 2019-06-28 6.4 CVE-2019-10985
MISC
MISC
advantech -- webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. 2019-06-28 6.8 CVE-2019-10987
MISC
MISC
MISC
advisto -- peel_shopping Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. 2019-06-30 6.8 CVE-2018-20848
MISC
arastta -- ecommerce Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI. 2019-06-30 4.3 CVE-2018-20849
MISC
archon_project -- archon packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362. 2019-07-03 4.3 CVE-2017-17972
MISC
audio_file_library_project -- audio_file_library In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. 2019-07-01 4.3 CVE-2019-13147
MISC
cyberpanel -- cyberpanel An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection. 2019-07-02 6.8 CVE-2019-13056
MISC
MISC
elitecms -- elite_cms An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. 2019-07-03 6.5 CVE-2018-12250
MISC
MISC
exiv2 -- exiv2 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. 2019-06-30 4.3 CVE-2019-13108
MISC
MISC
exiv2 -- exiv2 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. 2019-06-30 4.3 CVE-2019-13109
MISC
MISC
exiv2 -- exiv2 A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. 2019-06-30 4.3 CVE-2019-13110
MISC
MISC
exiv2 -- exiv2 A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. 2019-06-30 4.3 CVE-2019-13111
MISC
MISC
exiv2 -- exiv2 A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. 2019-06-30 4.3 CVE-2019-13112
MISC
MISC
exiv2 -- exiv2 Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. 2019-06-30 4.3 CVE-2019-13113
MISC
MISC
exiv2 -- exiv2 http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. 2019-06-30 4.3 CVE-2019-13114
MISC
MISC
f5 -- big-ip_access_policy_manager On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. 2019-07-02 6.5 CVE-2019-6620
CONFIRM
f5 -- big-ip_access_policy_manager On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.1-11.5.8 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations. 2019-07-02 6.5 CVE-2019-6621
CONFIRM
f5 -- big-ip_access_policy_manager On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. 2019-07-02 6.5 CVE-2019-6622
CONFIRM
f5 -- big-ip_access_policy_manager On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). 2019-07-02 5.0 CVE-2019-6623
BID
CONFIRM
f5 -- big-ip_access_policy_manager On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS). 2019-07-02 5.0 CVE-2019-6624
CONFIRM
f5 -- websafe_alert_server A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. 2019-07-01 4.3 CVE-2016-5235
CONFIRM
fla-shop -- html5_maps Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5983
MISC
MISC
flightcrew_project -- flightcrew An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. 2019-06-28 4.3 CVE-2019-13032
MISC
gnome -- glib The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. 2019-06-28 5.0 CVE-2019-13012
MISC
MISC
MISC
grafana -- grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). 2019-06-29 4.3 CVE-2019-13068
MISC
MISC
ibm -- bigfix_inventory IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161807. 2019-06-28 5.0 CVE-2019-4369
CONFIRM
BID
XF
ibm -- daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. 2019-07-02 5.0 CVE-2019-4260
CONFIRM
XF
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. 2019-07-01 4.3 CVE-2019-4102
BID
XF
CONFIRM
ibm -- planning_analytics IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. 2019-07-02 4.3 CVE-2019-4134
XF
CONFIRM
ibm -- security_guardium IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. 2019-07-02 6.5 CVE-2019-4292
BID
XF
CONFIRM
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. 2019-06-28 5.0 CVE-2019-4269
BID
XF
CONFIRM
imagemagick -- imagemagick ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. 2019-07-01 4.3 CVE-2019-13133
MISC
MISC
imagemagick -- imagemagick ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. 2019-07-01 4.3 CVE-2019-13134
MISC
MISC
imagemagick -- imagemagick ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. 2019-07-01 6.8 CVE-2019-13135
MISC
MISC
MISC
imagemagick -- imagemagick ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. 2019-07-01 6.8 CVE-2019-13136
MISC
MISC
imagemagick -- imagemagick ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. 2019-07-01 4.3 CVE-2019-13137
MISC
MISC
MISC
intelliants -- subrion Subrion CMS before 4.1.4 has XSS. 2019-07-03 4.3 CVE-2018-11317
MISC
CONFIRM
irssi -- irssi Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. 2019-06-29 6.8 CVE-2019-13045
SUSE
MISC
MLIST
BID
MISC
MISC
BUGTRAQ
UBUNTU
istio -- istio Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. 2019-06-28 5.0 CVE-2019-12995
MISC
MISC
MISC
jetbrains -- teamcity A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. 2019-07-03 4.3 CVE-2019-12842
CONFIRM
jetbrains -- teamcity The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. 2019-07-03 5.0 CVE-2019-12845
MISC
jetbrains -- teamcity A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. 2019-07-03 4.0 CVE-2019-12846
CONFIRM
kubevirt -- containerized-data-importer A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data. 2019-06-28 4.0 CVE-2019-10175
CONFIRM
lemonldap-ng -- lemonldap:: LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule. 2019-06-28 6.8 CVE-2019-13031
MISC
MLIST
mod_auth_mellon_project -- mod_auth_mellon mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. 2019-06-29 4.3 CVE-2019-13038
MISC
monstra -- monstra_cms Monstra CMS before 3.0.4 has XSS via index.php. 2019-07-03 4.3 CVE-2018-11227
MISC
MISC
EXPLOIT-DB
nortekcontrol -- linear_emerge_5000p_firmware Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). 2019-07-02 6.8 CVE-2019-7270
MISC
MISC
nortekcontrol -- linear_emerge_5000p_firmware Nortek Linear eMerge 50P/5000P devices have Default Credentials. 2019-07-01 5.0 CVE-2019-7271
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices have Default Credentials. 2019-07-02 5.0 CVE-2019-7252
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow XSS. 2019-07-02 4.3 CVE-2019-7255
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Privilege Escalation. 2019-07-02 6.5 CVE-2019-7258
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. 2019-07-02 4.0 CVE-2019-7259
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices have Cleartext Credentials in a Database. 2019-07-02 5.0 CVE-2019-7260
MISC
MISC
nortekcontrol -- linear_emerge_elite_firmware Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). 2019-07-02 6.8 CVE-2019-7262
MISC
MISC
novaksolutions -- infusionsoft-php-sdk novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution 2019-07-03 4.3 CVE-2017-6216
MISC
odoo -- odoo Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users. 2019-07-03 4.0 CVE-2018-14861
CONFIRM
odoo -- odoo Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request. 2019-07-03 5.5 CVE-2018-14862
CONFIRM
odoo -- odoo Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. 2019-07-03 5.5 CVE-2018-14863
CONFIRM
odoo -- odoo Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. 2019-07-03 4.0 CVE-2018-14864
CONFIRM
odoo -- odoo Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. 2019-07-03 4.0 CVE-2018-14865
CONFIRM
odoo -- odoo Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. 2019-06-28 5.0 CVE-2018-14867
MISC
CONFIRM
odoo -- odoo Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call. 2019-06-28 4.0 CVE-2018-14868
MISC
CONFIRM
odoo -- odoo The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description. 2019-06-28 4.0 CVE-2018-14886
MISC
CONFIRM
odoo -- odoo Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request. 2019-06-28 5.8 CVE-2018-14887
MISC
CONFIRM
open-xchange -- ox_guard OX Guard 2.8.0 has CSRF. 2019-07-03 6.8 CVE-2018-10986
CONFIRM
optergy -- enterprise Optergy Proton/Enterprise devices allow Username Disclosure. 2019-07-01 5.0 CVE-2019-7272
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). 2019-07-01 6.8 CVE-2019-7273
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices allow Open Redirect. 2019-07-01 5.8 CVE-2019-7275
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. 2019-07-01 5.0 CVE-2019-7277
BID
MISC
MISC
optergy -- enterprise Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. 2019-07-01 6.4 CVE-2019-7278
BID
MISC
MISC
paloaltonetworks -- minemeld Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin?s browser. 2019-07-01 4.3 CVE-2019-1578
CONFIRM
paloaltonetworks -- traps Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. 2019-07-01 6.5 CVE-2019-1577
BID
CONFIRM
primasystems -- flexair Prima Systems FlexAir devices have an Insufficient Session-ID Length. 2019-07-01 4.0 CVE-2019-7280
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices allow Cross-Site Request Forgery (CSRF). 2019-07-01 6.8 CVE-2019-7281
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices allow authentication with MD5 hashes directly. 2019-07-01 6.5 CVE-2019-7666
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup due to a predictable name, resulting in authentication bypass (a login authenticated with the MD5 hash of any user found in the database). 2019-07-01 6.4 CVE-2019-7667
MISC
MISC
primasystems -- flexair Prima Systems FlexAir devices have Default Credentials. 2019-07-01 5.0 CVE-2019-7668
MISC
MISC
pulsesecure -- pulse_connect_secure An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX. 2019-06-28 4.3 CVE-2018-20808
CONFIRM
pulsesecure -- pulse_connect_secure A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. 2019-06-28 5.0 CVE-2018-20809
CONFIRM
pulsesecure -- pulse_connect_secure A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. 2019-06-28 5.0 CVE-2018-20811
CONFIRM
pulsesecure -- pulse_connect_secure An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. 2019-06-28 4.3 CVE-2018-20814
BID
CONFIRM
pulsesecure -- pulse_secure_desktop_client An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints. 2019-06-28 5.0 CVE-2018-20812
CONFIRM
rapid7 -- nexpose A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request. 2019-07-03 6.8 CVE-2019-5630
CONFIRM
redhat -- satellite It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. 2019-07-02 4.0 CVE-2019-10136
BID
CONFIRM
rockoa -- rockoa RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. 2019-06-28 4.0 CVE-2019-9846
MISC
seeddms -- seeddms A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. 2019-06-28 4.3 CVE-2019-12932
MISC
squirrelmail -- squirrelmail XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. 2019-07-01 4.3 CVE-2019-12970
MISC
BUGTRAQ
MISC
symantec -- endpoint_encryption Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. 2019-07-01 4.6 CVE-2019-9702
BID
CONFIRM
symantec -- endpoint_encryption Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. 2019-07-01 4.6 CVE-2019-9703
BID
CONFIRM
synology -- moments Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. 2019-06-30 6.5 CVE-2019-11826
CONFIRM
synology -- photo_station Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. 2019-06-30 4.0 CVE-2019-11822
CONFIRM
tenable -- nessus Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration. 2019-07-01 4.3 CVE-2019-3962
BID
CONFIRM
toaruos -- toaruos kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). 2019-06-29 4.9 CVE-2019-13048
MISC
waspthemes -- custom_css_pro Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 6.8 CVE-2019-5984
MISC
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a. 2019-06-30 6.8 CVE-2019-13083
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739. 2019-06-30 6.8 CVE-2019-13084
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa. 2019-06-30 6.8 CVE-2019-13085
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474. 2019-07-04 6.8 CVE-2019-13253
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808. 2019-07-04 6.8 CVE-2019-13254
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. 2019-07-04 6.8 CVE-2019-13255
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849. 2019-07-04 6.8 CVE-2019-13256
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa. 2019-07-04 6.8 CVE-2019-13257
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165. 2019-07-04 6.8 CVE-2019-13258
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566. 2019-07-04 6.8 CVE-2019-13259
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07. 2019-07-04 6.8 CVE-2019-13260
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384. 2019-07-04 6.8 CVE-2019-13261
MISC
xnview -- xnview XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb. 2019-07-04 6.8 CVE-2019-13262
MISC
xpertsol -- server_status_by_hostname/ip A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters. 2019-07-03 6.5 CVE-2019-12570
MISC
zoneminder -- zoneminder Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. 2019-06-29 4.3 CVE-2019-13072
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
1234n -- minicms In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie. 2019-07-05 3.5 CVE-2019-13339
MISC
1234n -- minicms In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186. 2019-07-05 3.5 CVE-2019-13340
MISC
1234n -- minicms In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie. 2019-07-05 3.5 CVE-2019-13341
MISC
f5 -- websafe_alert_server Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. 2019-07-01 3.5 CVE-2016-5236
CONFIRM
fujielectric -- alpha7_pc_loader_firmware An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. 2019-07-02 3.3 CVE-2019-10975
BID
MISC
MISC
ibm -- business_automation_workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. 2019-07-01 3.5 CVE-2019-4410
BID
XF
CONFIRM
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091. 2019-07-01 2.1 CVE-2019-4101
BID
XF
CONFIRM
ibm -- spectrum_protect IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. 2019-07-02 3.6 CVE-2019-4140
CONFIRM
XF
synology -- calendar Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. 2019-06-30 3.5 CVE-2019-11825
CONFIRM
synology -- note_station Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. 2019-06-30 3.5 CVE-2019-11827
CONFIRM
synology -- office Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2019-06-30 3.5 CVE-2019-11828
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
a.t.works -- idoors_reader
 
iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5964
MISC
MISC
amcrest -- ipm-721s_devices On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable functions that performs the various action described in HTTP APIs. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 0x00429084 in IDA pro is the one that processes the HTTP API request for "addUser" action. If one traces the calls to this function, it can be clearly seen that the function sub_ 41F38C at address 0x0041F588 parses the call received from the browser and passes it to the "addUser" function without any authorization check. 2019-07-03 not yet calculated CVE-2017-8230
MISC
MISC
amcrest -- ipm-721s_devices
 
The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a missing length check in the code allows an attacker to send a string of 1024 characters in the password field, and allows an attacker to exploit a memory corruption issue. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 is dissected using the binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that has many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the HTTP API specification. If we open this binary in IDA Pro we will notice that this follows an ARM little-endian format. The function at address 00415364 in IDA Pro starts the HTTP authentication process. This function calls another function at sub_ 0042CCA0 at address 0041549C. This function performs a strchr operation after base64 decoding the credentials, and stores the result on the stack, which results in a stack-based buffer overflow. 2019-07-03 not yet calculated CVE-2017-13719
MISC
MISC
BUGTRAQ
amcrest -- ipm-721s_devices
 
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro, one will notice that this follows a ARM little endian format. The function sub_3DB2FC in IDA pro is identified to be setting up the values at address 0x003DB5A6. The sub_5C057C then sets this value and adds it to the Configuration files in /mnt/mtd/Config/Account1 file. 2019-07-03 not yet calculated CVE-2017-8226
MISC
MISC
BUGTRAQ
amcrest -- ipm-721s_devices
 
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value "Sender not authorized." 2019-07-03 not yet calculated CVE-2017-8227
MISC
MISC
BUGTRAQ
amcrest -- ipm-721s_devices
 
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user's cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application. 2019-07-03 not yet calculated CVE-2017-8228
MISC
MISC
BUGTRAQ
amcrest -- ipm-721s_devices
 
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. 2019-07-03 not yet calculated CVE-2017-8229
MISC
MISC
BUGTRAQ
arox -- school-erp_pro
 
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. 2019-07-04 not yet calculated CVE-2019-13294
MISC
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. 2019-06-29 not yet calculated CVE-2019-13035
MISC
artifex -- mupdf
 
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. 2019-07-04 not yet calculated CVE-2019-13290
MISC
MISC
MISC
MISC
axiosys -- bento4
 
An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer. 2019-07-04 not yet calculated CVE-2019-13238
MISC
bks -- bks_ebk_ethernet_buskoppler_pro
 
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. 2019-07-05 not yet calculated CVE-2019-12971
MISC
blipcare -- blipcare_wi-fi_blood_pressure_monitor
 
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack. 2019-07-02 not yet calculated CVE-2017-11578
MISC
MISC
BUGTRAQ
blipcare -- blipcare_wi-fi_blood_pressure_monitor
 
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network "Blip" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and execute a malicious binary that would infect a user's computer or mobile device with malware. 2019-07-02 not yet calculated CVE-2017-11579
MISC
MISC
BUGTRAQ
blipcare -- blipcare_wi-fi_blood_pressure_monitor
 
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. Presumably this happens as the memory footprint provided to this device is very small. According to the specs from Rezolt, the Wi-Fi module only has 256k of memory. As a result, an incorrect string copy operation using either memcpy, strcpy, or any of their other variants could result in filling up the memory space allocated to the function executing and this would result in memory corruption. To test the theory, one can modify the demo application provided by the Cypress WICED SDK and introduce an incorrect "memcpy" operation and use the compiled application on the evaluation board provided by Cypress semiconductors with exactly the same Wi-Fi SOC. The results were identical where the device would completely stop responding to any of the ping or web requests. 2019-07-02 not yet calculated CVE-2017-11580
MISC
MISC
BUGTRAQ
blogengine -- blogengine.net
 
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. 2019-07-03 not yet calculated CVE-2019-10717
FULLDISC
MISC
MISC
blogengine -- blogengine.net
 
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. 2019-07-03 not yet calculated CVE-2019-10721
MISC
MISC
calamares -- calamares
 
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. 2019-07-02 not yet calculated CVE-2019-13179
MISC
MISC
MISC
MISC
calamares -- calamares
 
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. 2019-07-02 not yet calculated CVE-2019-13178
MISC
MISC
MISC
MISC
MISC
MISC
MISC
centreon -- centreon
 
Centreon V19.04 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). 2019-07-01 not yet calculated CVE-2019-13024
MISC
MISC
MISC
cisco -- 7800_and_8800_series_ip_phones
 
A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. 2019-07-05 not yet calculated CVE-2019-1922
CISCO
cisco -- advanced_malware_protection_for_endpoints_for_windows
 
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. 2019-07-05 not yet calculated CVE-2019-1932
CISCO
cisco -- application_policy_infrastructure_controller_software
 
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device. 2019-07-04 not yet calculated CVE-2019-1889
CISCO
cisco -- email_security_appliance
 
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails. 2019-07-05 not yet calculated CVE-2019-1933
CISCO
cisco -- email_security_appliance
 
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attachment with a specific pattern. A successful exploit could allow the attacker to bypass configured content filters that would normally block the attachment. 2019-07-05 not yet calculated CVE-2019-1921
CISCO
cisco -- enterprise_nfv_infrastructure_software
 
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS. 2019-07-05 not yet calculated CVE-2019-1894
CISCO
cisco -- enterprise_nfv_infrastructure_software
 
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. 2019-07-05 not yet calculated CVE-2019-1893
CISCO
cisco -- firepower_management_center
 
Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-07-05 not yet calculated CVE-2019-1931
CISCO
cisco -- firepower_management_center
 
Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-07-05 not yet calculated CVE-2019-1930
CISCO
cisco -- ios_xr_software
 
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. 2019-07-05 not yet calculated CVE-2019-1909
CISCO
cisco -- jabber
 
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account. 2019-07-04 not yet calculated CVE-2019-1855
BID
CISCO
cisco -- nexus_9000_series_switches
 
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. 2019-07-04 not yet calculated CVE-2019-1890
BID
CISCO
cisco -- small_business_200_and_300_and_500_series_managed_switches
 
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2019-07-05 not yet calculated CVE-2019-1891
CISCO
cisco -- small_business_200_and_300_and_500_series_managed_switches
 
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. 2019-07-05 not yet calculated CVE-2019-1892
CISCO
cisco -- unified_communications_domain_manager
 
A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges. 2019-07-05 not yet calculated CVE-2019-1911
CISCO
cisco -- unified_communications_manager
 
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. 2019-07-05 not yet calculated CVE-2019-1887
CISCO
cisco -- web_security_appliance

 
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. 2019-07-04 not yet calculated CVE-2019-1886
BID
CISCO
cisco -- web_security_appliance
 
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition. 2019-07-04 not yet calculated CVE-2019-1884
CISCO
cloudera -- cloudera_manager The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. 2019-07-03 not yet calculated CVE-2017-9326
CONFIRM
cloudera -- cloudera_manager Secret data of processes managed by CM is not secured by file permissions. 2019-07-03 not yet calculated CVE-2017-9327
CONFIRM
cloudera -- data_science_workbench Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. 2019-07-03 not yet calculated CVE-2018-11215
CONFIRM
cloudera -- solr The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. 2019-07-03 not yet calculated CVE-2017-9325
CONFIRM
codedoc -- codedoc
 
Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. 2019-07-06 not yet calculated CVE-2019-13362
MISC
codeigniter-restserver -- codeigniter-restserver
 
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. 2019-07-03 not yet calculated CVE-2015-3907
MISC
curl -- curl
 
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. 2019-07-02 not yet calculated CVE-2019-5443
MLIST
BID
MISC
d-link -- central_wifi_manager

 
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. 2019-07-06 not yet calculated CVE-2019-13373
MISC
MISC
d-link -- central_wifi_manager

 
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. 2019-07-06 not yet calculated CVE-2019-13374
MISC
MISC
d-link -- central_wifi_manager

 
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. 2019-07-06 not yet calculated CVE-2019-13375
MISC
MISC
d-link -- central_wifi_manager
 
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. 2019-07-06 not yet calculated CVE-2019-13372
MISC
MISC
d-link -- dcs-1100_and_dcs-1130_devices An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption. 2019-07-02 not yet calculated CVE-2017-8414
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. 2019-07-02 not yet calculated CVE-2017-8405
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTSP header and stores it on the stack. The number of bytes to be copied are calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data then it can hold on stack and this results in corrupting the registers for the caller function sub_F6CC which results in memory corruption. The severity of this attack is enlarged by the fact that the same value is then copied on the stack in the function 0x00011378 and this allows to overflow the buffer allocated and thus control the PC register which will result in arbitrary code execution on the device. 2019-07-02 not yet calculated CVE-2017-8410
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. 2019-07-02 not yet calculated CVE-2017-8412
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that handles commands to be executed on the device. The custom protocol created by D-Link follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111. If a packet is received with the packet type being "S" or 0x53 then the string passed in the "C" parameter is base64 decoded and then executed by passing into a System API. We can see at address 0x00009B44 that the string received in packet type subtracts 0x31 or "1" from the packet type and is compared against 0x22 or "double quotes". If that is the case, then the packet is sent towards the block of code that executes a command. Then the value stored in "C" parameter is extracted at address 0x0000A1B0. Finally, the string received is base 64 decoded and passed on to the system API at address 0x0000A2A8 as shown below. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding. 2019-07-02 not yet calculated CVE-2017-8413
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string "admin" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only. 2019-07-02 not yet calculated CVE-2017-8415
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that processing of packets which does an unbounded copy operation which allows to overflow the buffer. The custom protocol created by Dlink follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111 We can see at address function starting at address 0x0000DBF8 handles the entire UDP packet and performs an insecure copy using strcpy function at address 0x0000DC88. This results in overflowing the stack pointer after 1060 characters and thus allows to control the PC register and results in code execution. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding. 2019-07-02 not yet calculated CVE-2017-8416
MISC
MISC
BUGTRAQ
d-link -- dcs-1100_and_dcs-1130_devices
 
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device's password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. 2019-07-02 not yet calculated CVE-2017-8417
MISC
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. 2019-07-02 not yet calculated CVE-2017-8409
MISC
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x00023BCC which calls the "Send_mail" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue. 2019-07-02 not yet calculated CVE-2017-8411
MISC
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "cgibox" is the one that has the vulnerable function "sub_7EAFC" that receives the values sent by the GET request. If we open this binary in IDA-pro we will notice that this follows a ARM little endian format. The function sub_7EAFC in IDA pro is identified to be receiving the values sent in the GET request and the value set in GET parameter "user" is extracted in function sub_7E49C which is then passed to the vulnerable system API call. 2019-07-02 not yet calculated CVE-2017-8408
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password. 2019-07-02 not yet calculated CVE-2017-8407
MISC
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield. 2019-07-02 not yet calculated CVE-2017-8406
MISC
MISC
BUGTRAQ
d-link -- dcs-1130_devices
 
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue. 2019-07-02 not yet calculated CVE-2017-8404
MISC
MISC
BUGTRAQ
d-link -- dir-823g_devices
 
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. 2019-07-01 not yet calculated CVE-2019-13128
MISC
diffplug -- spotless
 
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file. 2019-06-28 not yet calculated CVE-2019-9843
MISC
MISC
MISC
MISC
digisol -- dg-hr3400_wireless_broadband_home_router
 
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. 2019-07-03 not yet calculated CVE-2018-12715
MISC
EXPLOIT-DB
digisol -- hr-3300_wireless_wifi_home_router
 
Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. 2019-07-05 not yet calculated CVE-2018-14027
MISC
django -- django
 
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. 2019-07-01 not yet calculated CVE-2019-12781
MLIST
BID
MISC
MISC
CONFIRM
UBUNTU
DEBIAN
CONFIRM
django_rest_registration -- django_rest_registration
 
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument. 2019-07-02 not yet calculated CVE-2019-13177
MISC
MISC
dnn_software -- dnn_platform
 
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. 2019-07-03 not yet calculated CVE-2018-18326
MISC
MISC
dnn_software -- dnn_platform
 
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. 2019-07-03 not yet calculated CVE-2018-18325
MISC
MISC
dnn_software -- dnn_platform
 
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. 2019-07-03 not yet calculated CVE-2018-15812
MISC
MISC
dnn_software -- dnn_platform
 
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. 2019-07-03 not yet calculated CVE-2018-15811
MISC
MISC
dosbox -- dosbox
 
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. 2019-07-03 not yet calculated CVE-2019-7165
MLIST
FEDORA
MISC
CONFIRM
eventum -- eventum
 
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. 2019-07-05 not yet calculated eve
f5 -- big-ip
 
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp. 2019-07-01 not yet calculated CVE-2019-6642
CONFIRM
f5 -- big-ip
 
On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack. 2019-07-03 not yet calculated CVE-2019-6641
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. 2019-07-03 not yet calculated CVE-2019-6640
CONFIRM
f5 -- big-ip
 
On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. 2019-07-03 not yet calculated CVE-2019-6639
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. 2019-07-03 not yet calculated CVE-2019-6638
CONFIRM
f5 -- big-ip
 
On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack. 2019-07-03 not yet calculated CVE-2019-6637
CONFIRM
f5 -- big-ip
 
On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator. 2019-07-03 not yet calculated CVE-2019-6636
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. 2019-07-03 not yet calculated CVE-2019-6635
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. 2019-07-03 not yet calculated CVE-2019-6634
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. 2019-07-03 not yet calculated CVE-2019-6633
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. 2019-07-03 not yet calculated CVE-2019-6632
CONFIRM
f5 -- big-ip
 
On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. 2019-07-03 not yet calculated CVE-2019-6631
CONFIRM
f5 -- big-ip
 
On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier. 2019-07-03 not yet calculated CVE-2019-6628
CONFIRM
f5 -- big-ip
 
On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility. 2019-07-03 not yet calculated CVE-2019-6626
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility. 2019-07-03 not yet calculated CVE-2019-6625
CONFIRM
f5 -- big-ip
 
On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. 2019-07-03 not yet calculated CVE-2019-6629
CONFIRM
f5 -- f5_ssl_orchestrator On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances. 2019-07-03 not yet calculated CVE-2019-6630
CONFIRM
f5 -- f5_ssl_orchestrator
 
On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled. 2019-07-03 not yet calculated CVE-2019-6627
CONFIRM
faststone -- faststone_image_viewer
 
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. 2019-07-04 not yet calculated CVE-2019-13245
MISC
faststone -- faststone_image_viewer
 
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. 2019-07-04 not yet calculated CVE-2019-13244
MISC
faststone -- faststone_image_viewer
 
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. 2019-07-04 not yet calculated CVE-2019-13246
MISC
ffmpeg -- ffmpeg
 
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. 2019-07-04 not yet calculated CVE-2019-13312
MISC
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. 2019-07-02 not yet calculated CVE-2019-5599
MISC
MISC
MLIST
MISC
MISC
BUGTRAQ
FREEBSD
MISC
MISC
CERT-VN
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. 2019-07-03 not yet calculated CVE-2019-5600
MISC
FREEBSD
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. 2019-07-03 not yet calculated CVE-2019-5602
MISC
FREEBSD
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. 2019-07-03 not yet calculated CVE-2019-5601
MISC
FREEBSD
glpi_project -- glpi
 
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. 2019-07-04 not yet calculated CVE-2019-13239
MISC
MISC
MISC
gnome -- libxslt In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. 2019-06-30 not yet calculated CVE-2019-13118
MISC
MISC
MISC
gnome -- libxslt
 
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. 2019-06-30 not yet calculated CVE-2019-13117
MISC
MISC
MISC
grouptime -- teamwire_desktop_client
 
Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected. 2019-06-28 not yet calculated CVE-2018-17170
MISC
grouptime -- teamwire_desktop_client
 
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. 2019-06-28 not yet calculated CVE-2018-17560
MISC
hawt -- hawtio
 
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. 2019-07-03 not yet calculated CVE-2019-9827
MISC
ibm -- db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. 2019-07-01 not yet calculated CVE-2019-4386
BID
XF
CONFIRM
ibm -- infosphere_information_server
 
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. 2019-07-01 not yet calculated CVE-2019-4237
XF
CONFIRM
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. 2019-07-01 not yet calculated CVE-2019-4337
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. 2019-07-01 not yet calculated CVE-2019-4336
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. 2019-07-01 not yet calculated CVE-2019-4299
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. 2019-07-01 not yet calculated CVE-2019-4298
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761. 2019-07-01 not yet calculated CVE-2019-4297
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. 2019-07-01 not yet calculated CVE-2019-4296
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. 2019-07-01 not yet calculated CVE-2019-4295
CONFIRM
XF
ibm -- spectrum_protect_plus When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. 2019-07-01 not yet calculated CVE-2019-4383
CONFIRM
BID
XF
ibm -- spectrum_protect_plus
 
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, 2019-07-01 not yet calculated CVE-2019-4357
CONFIRM
BID
XF
ibm -- spectrum_protect_servers
 
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. 2019-07-02 not yet calculated CVE-2019-4129
CONFIRM
XF
ibm -- spectrum_protect_servers_and_storage_agents
 
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. 2019-07-02 not yet calculated CVE-2019-4087
CONFIRM
XF
ibm -- spectrum_protect_servers_and_storage_agents
 
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. 2019-07-02 not yet calculated CVE-2019-4088
CONFIRM
XF
ignited_cms -- ignited_cms
 
index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. 2019-07-06 not yet calculated CVE-2019-13370
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. 2019-07-04 not yet calculated CVE-2019-13302
MISC
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. 2019-07-04 not yet calculated CVE-2019-13306
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. 2019-07-04 not yet calculated CVE-2019-13311
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. 2019-07-04 not yet calculated CVE-2019-13307
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. 2019-07-04 not yet calculated CVE-2019-13305
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. 2019-07-04 not yet calculated CVE-2019-13304
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. 2019-07-04 not yet calculated CVE-2019-13303
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. 2019-07-04 not yet calculated CVE-2019-13301
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. 2019-07-04 not yet calculated CVE-2019-13300
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. 2019-07-04 not yet calculated CVE-2019-13299
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. 2019-07-04 not yet calculated CVE-2019-13298
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. 2019-07-04 not yet calculated CVE-2019-13297
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. 2019-07-04 not yet calculated CVE-2019-13296
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. 2019-07-04 not yet calculated CVE-2019-13295
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. 2019-07-04 not yet calculated CVE-2019-13308
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. 2019-07-04 not yet calculated CVE-2019-13309
MISC
MISC
MISC
imagemagick -- imagemagick
 
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. 2019-07-04 not yet calculated CVE-2019-13310
MISC
MISC
MISC
invoxia -- nvx220_devices
 
Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. 2019-07-05 not yet calculated CVE-2018-14529
MISC
invoxia -- nvx220_devices
 
Invoxia NVX220 devices allow TELNET access as admin with a default password. 2019-07-05 not yet calculated CVE-2018-14528
MISC
irfanview -- irfanview
 
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. 2019-07-04 not yet calculated CVE-2019-13243
MISC
irfanview -- irfanview
 
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. 2019-07-04 not yet calculated CVE-2019-13242
MISC
jack_audio -- jack2
 
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor. 2019-07-05 not yet calculated CVE-2019-13351
MISC
MISC
jetbrains -- hub
 
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. 2019-07-03 not yet calculated CVE-2019-12847
CONFIRM
jetbrains -- intellij_idea

 
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. 2019-07-03 not yet calculated CVE-2019-9823
CONFIRM
jetbrains -- intellij_idea
 
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. 2019-07-03 not yet calculated CVE-2019-9186
CONFIRM
jetbrains -- intellij_idea
 
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. 2019-07-03 not yet calculated CVE-2019-10104
CONFIRM
jetbrains -- intellij_idea
 
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. 2019-07-03 not yet calculated CVE-2019-10103
CONFIRM
jetbrains -- intellij_idea_ultimate
 
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. 2019-07-03 not yet calculated CVE-2019-9872
CONFIRM
jetbrains -- intellij_idea_ultimate
 
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. 2019-07-03 not yet calculated CVE-2019-9873
CONFIRM
jetbrains -- kotlin
 
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. 2019-07-03 not yet calculated CVE-2019-10102
MISC
jetbrains -- kotlin
 
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. 2019-07-03 not yet calculated CVE-2019-10101
CONFIRM
jetbrains -- teamcity
 
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. 2019-07-03 not yet calculated CVE-2019-12843
CONFIRM
jetbrains -- teamcity
 
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. 2019-07-03 not yet calculated CVE-2019-12841
CONFIRM
jetbrains -- teamcity
 
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. 2019-07-03 not yet calculated CVE-2019-12844
MISC
jetbrains -- youtrack A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. 2019-07-03 not yet calculated CVE-2019-12850
CONFIRM
jetbrains -- youtrack
 
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. 2019-07-03 not yet calculated CVE-2019-12867
CONFIRM
jetbrains -- youtrack
 
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. 2019-07-03 not yet calculated CVE-2019-10100
MISC
jetbrains -- youtrack
 
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. 2019-07-03 not yet calculated CVE-2019-12851
CONFIRM
jetbrains -- youtrack
 
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. 2019-07-03 not yet calculated CVE-2019-12852
CONFIRM
jetbrains -- youtrack
 
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. 2019-07-03 not yet calculated CVE-2019-12866
CONFIRM
jgraph -- mxgraph
 
An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js. 2019-07-01 not yet calculated CVE-2019-13127
MISC
MISC
MISC
libosinfo -- libosinfo
 
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. 2019-07-05 not yet calculated CVE-2019-13313
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. 2019-07-04 not yet calculated CVE-2019-13233
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. 2019-07-05 not yet calculated CVE-2019-10638
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. 2019-07-05 not yet calculated CVE-2019-10639
MISC
MISC
MISC
MISC
logitech -- r500_presentation_clicker
 
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z. 2019-06-29 not yet calculated CVE-2019-13054
MISC
logitech -- unifying_devices
 
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. 2019-06-29 not yet calculated CVE-2019-13055
MISC
logitech -- unifying_devices
 
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. 2019-06-29 not yet calculated CVE-2016-10761
MISC
MISC
logitech -- unifying_devices
 
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. 2019-06-29 not yet calculated CVE-2019-13052
MISC
logitech -- unifying_devices
 
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761. 2019-06-29 not yet calculated CVE-2019-13053
MISC
loytec -- lgate-902_devices
 
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. 2019-06-28 not yet calculated CVE-2018-14916
MISC
FULLDISC
FULLDISC
loytec -- lgate-902_devices
 
LOYTEC LGATE-902 6.3.2 devices allow XSS. 2019-06-28 not yet calculated CVE-2018-14919
MISC
FULLDISC
FULLDISC
MISC
loytec -- lgate-902_devices
 
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. 2019-06-28 not yet calculated CVE-2018-14918
MISC
FULLDISC
mcafee -- epolicy_orchestrator
 
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. 2019-07-03 not yet calculated CVE-2019-3619
CONFIRM
maxx -- waves_maxx_audio
 
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0. 2019-07-03 not yet calculated CVE-2019-13208
MISC
medtronic -- minimed_508_and_paradigm_series_insulin_pumps
 
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump ? All versions, MiniMed Paradigm 511 pump ? All versions, MiniMed Paradigm 512/712 pumps ? All versions, MiniMed Paradigm 712E pump?All versions, MiniMed Paradigm 515/715 pumps?All versions, MiniMed Paradigm 522/722 pumps ? All versions,MiniMed Paradigm 522K/722K pumps ? All versions, MiniMed Paradigm 523/723 pumps ? Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps ? Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps ? Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only ? Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. 2019-06-28 not yet calculated CVE-2019-10964
BID
MISC
mikrotik -- multiple_routers
 
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. 2019-07-03 not yet calculated CVE-2019-13074
MISC
minicms -- minicms
 
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520. 2019-07-03 not yet calculated CVE-2019-13186
MISC
ministry_of_interior_of_the_slovak_republic -- eid_client
 
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic. 2019-06-28 not yet calculated CVE-2019-13028
MISC
MISC
MISC
motorola -- cx2l_mwr04l_router
 
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. 2019-07-01 not yet calculated CVE-2019-13129
MISC
moxa -- oncell_g3100-hspa_series_devices There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420. 2019-07-03 not yet calculated CVE-2018-11423
MISC
moxa -- oncell_g3100-hspa_series_devices Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. 2019-07-03 not yet calculated CVE-2018-11421
MISC
moxa -- oncell_g3100-hspa_series_devices A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change. 2019-07-03 not yet calculated CVE-2018-11426
MISC
moxa -- oncell_g3100-hspa_series_devices CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. 2019-07-03 not yet calculated CVE-2018-11427
MISC
moxa -- oncell_g3100-hspa_series_devices There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423. 2019-07-03 not yet calculated CVE-2018-11420
MISC
moxa -- oncell_g3100-hspa_series_devices Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication. 2019-07-03 not yet calculated CVE-2018-11422
MISC
moxa -- oncell_g3470a-lte_series_devices There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425. 2019-07-03 not yet calculated CVE-2018-11424
MISC
moxa -- oncell_g3470a-lte_series_devices Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424. 2019-07-03 not yet calculated CVE-2018-11425
MISC
nlnet_labs -- nsd
 
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. 2019-07-03 not yet calculated CVE-2019-13207
MISC
nortek_security_and_control -- linear_emerge_50p/5000p_devices
 
Linear eMerge 50P/5000P devices allow Cookie Path Traversal. 2019-07-02 not yet calculated CVE-2019-7267
MISC
MISC
nortek_security_and_control -- linear_emerge_50p/5000p_devices
 
Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. 2019-07-02 not yet calculated CVE-2019-7268
MISC
MISC
npm -- fstream
 
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable. 2019-07-02 not yet calculated CVE-2019-13173
MISC
MISC
odoo -- community_and_enterprise
 
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. 2019-07-03 not yet calculated CVE-2018-14866
CONFIRM
odoo -- community_and_enterprise
 
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. 2019-07-03 not yet calculated CVE-2018-14860
CONFIRM
odoo -- community_and_enterprise
 
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. 2019-07-03 not yet calculated CVE-2018-14859
CONFIRM
odoo_community_association -- dbfilter_from_header_module
 
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances. 2019-07-05 not yet calculated CVE-2018-14733
CONFIRM
MISC
MISC
MISC
MISC
opencats -- opencats
 
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. 2019-07-05 not yet calculated CVE-2019-13358
MISC
MISC
MISC
panduit -- intravue
 
An insecure login process was discovered in Panduit IntraVUE before 3.2.0. 2019-06-29 not yet calculated CVE-2019-13044
MISC
qemu -- qemu
 
qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. 2019-07-03 not yet calculated CVE-2019-13164
MLIST
MISC
read_the_docs -- read_the_docs
 
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites). 2019-07-02 not yet calculated CVE-2019-13175
MISC
riello -- netman_204
 
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI. 2019-07-03 not yet calculated CVE-2017-6900
MISC
MISC
sdl2_image -- sdl2_image
 
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. 2019-07-03 not yet calculated CVE-2019-5051
MISC
sdl2_image -- sdl2_image
 
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. 2019-07-03 not yet calculated CVE-2019-5052
MISC
sick -- msc800_devices
 
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. 2019-07-01 not yet calculated CVE-2019-10979
BID
MISC
sigil-ebook -- flightcrew
 
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. 2019-07-04 not yet calculated CVE-2019-13241
MISC
sitebridge -- joruri_cms
 
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5967
MISC
MISC
sitebridge -- joruri_mail
 
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5965
MISC
MISC
sitebridge -- joruri_mail
 
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5966
MISC
MISC
sks_keyserver_network -- sks-keyserver_code_and_gnupg
 
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. 2019-06-29 not yet calculated CVE-2019-13050
MISC
sony -- vaio_update
 
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. 2019-07-05 not yet calculated CVE-2019-5982
MISC
MISC
sony -- vaio_update
 
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5981
MISC
MISC
squid-cache -- squid
 
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. 2019-07-05 not yet calculated CVE-2019-13345
MISC
MISC
MLIST
stormshield -- stormshield_network_security
 
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. 2019-07-04 not yet calculated CVE-2018-20850
MISC
supermicro -- superdoctor_5
 
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. 2019-07-01 not yet calculated CVE-2019-13131
MISC
swift -- alliance_web_platform
 
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages. 2019-07-05 not yet calculated CVE-2018-16386
MISC
tencent -- habo
 
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. 2019-07-01 not yet calculated CVE-2019-13125
MISC
tor_project -- tor_browser
 
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. 2019-06-30 not yet calculated CVE-2019-13075
MISC
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. 2019-07-02 not yet calculated CVE-2019-13153
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. 2019-07-02 not yet calculated CVE-2019-13152
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. 2019-07-02 not yet calculated CVE-2019-13148
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. 2019-07-02 not yet calculated CVE-2019-13149
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. 2019-07-02 not yet calculated CVE-2019-13155
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. 2019-07-02 not yet calculated CVE-2019-13150
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. 2019-07-02 not yet calculated CVE-2019-13151
MISC
trendnet -- tew-827dru
 
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. 2019-07-02 not yet calculated CVE-2019-13154
MISC
tsukurito -- tootdon_for_mastodon
 
The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2019-07-05 not yet calculated CVE-2019-5961
MISC
MISC
unzip -- unzip
 
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. 2019-07-04 not yet calculated CVE-2019-13232
MISC
MLIST
MISC

virt-manager -- virt-boostrap

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py. 2019-07-05 not yet calculated CVE-2019-13314
MISC
MISC
virt-manager -- virt-manager
 
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release. 2019-07-03 not yet calculated CVE-2019-10183
BID
CONFIRM
weberp -- weberp
 
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks. 2019-07-04 not yet calculated CVE-2019-13292
MISC
weseek -- growi
 
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'. 2019-07-05 not yet calculated CVE-2019-5968
MISC
MISC
weseek -- growi
 
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login. 2019-07-05 not yet calculated CVE-2019-5969
MISC
MISC
wolfvision -- cynap
 
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access. 2019-07-05 not yet calculated CVE-2019-13352
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5971
MISC
MISC
MISC
wordpress -- wordpress
 
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5962
MISC
MISC
wordpress -- wordpress
 
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code. 2019-07-01 not yet calculated CVE-2019-12826
MISC
CONFIRM
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5979
MISC
MISC
wordpress -- wordpress
 
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5970
MISC
MISC
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5974
MISC
MISC
wordpress -- wordpress
 
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. 2019-07-05 not yet calculated CVE-2019-13344
MISC
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5960
JVN
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5963
MISC
MISC
wordpress -- wordpress
 
Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5972
MISC
MISC
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5980
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. 2019-07-04 not yet calculated CVE-2019-13275
MISC
MISC
MISC
wordpress -- wordpress
 
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-07-05 not yet calculated CVE-2019-5973
MISC
MISC
MISC
wuhan_deepin_technology -- deepin-clone
 
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. 2019-07-04 not yet calculated CVE-2019-13227
MLIST
MISC
MISC
wuhan_deepin_technology -- deepin-clone
 
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. 2019-07-04 not yet calculated CVE-2019-13229
MLIST
MISC
MISC
wuhan_deepin_technology -- deepin-clone
 
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. 2019-07-04 not yet calculated CVE-2019-13226
MLIST
MISC
MISC
wuhan_deepin_technology -- deepin-clone
 
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. 2019-07-04 not yet calculated CVE-2019-13228
MLIST
MISC
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. 2019-07-04 not yet calculated CVE-2019-13287
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. 2019-07-04 not yet calculated CVE-2019-13281
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. 2019-07-04 not yet calculated CVE-2019-13286
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. 2019-07-04 not yet calculated CVE-2019-13282
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. 2019-07-04 not yet calculated CVE-2019-13291
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. 2019-07-04 not yet calculated CVE-2019-13288
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. 2019-07-04 not yet calculated CVE-2019-13289
MISC
xpdf -- xpdf
 
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. 2019-07-04 not yet calculated CVE-2019-13283
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.