Weekly Vulnerabilities Reports > January 14 to 20, 2019

Overview

424 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 347 products from 78 vendors including Oracle, Microsoft, Adobe, Apple, and Netapp. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Cross-site Scripting", "Use After Free", "Out-of-bounds Write", and "Improper Input Validation".

  • 355 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 64 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 339 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 161 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 37 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

42 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-01-18 CVE-2018-5915 Qualcomm Data Processing Errors vulnerability in Qualcomm products

Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130

10.0
2019-01-18 CVE-2017-18160 Qualcomm Cryptographic Issues vulnerability in Qualcomm products

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850

10.0
2019-01-18 CVE-2019-3909 Identicard Insecure Default Initialization of Resource vulnerability in Identicard Premisys ID 3.1.190

Premisys Identicard version 3.1.190 database uses default credentials.

10.0
2019-01-18 CVE-2018-19715 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-19708 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-19707 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-19702 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability.

10.0
2019-01-18 CVE-2018-19700 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-19698 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-16040 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-16039 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-16037 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-16036 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

10.0
2019-01-18 CVE-2018-15982 Adobe
Apple
Linux
Microsoft
Google
Redhat
USE After Free vulnerability in Adobe Flash Player

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability.

10.0
2019-01-15 CVE-2018-20718 Pydio Deserialization of Untrusted Data vulnerability in Pydio

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference.

10.0
2019-01-18 CVE-2018-19720 Adobe
Microsoft
Apple
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability.

9.3
2019-01-18 CVE-2018-19713 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16046 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16045 Adobe
Microsoft
Apple
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability.

9.3
2019-01-18 CVE-2018-16044 Adobe
Microsoft
Apple
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability.

9.3
2019-01-18 CVE-2018-16026 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16025 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16021 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability.

9.3
2019-01-18 CVE-2018-16018 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability.

9.3
2019-01-18 CVE-2018-16016 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability.

9.3
2019-01-18 CVE-2018-16014 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16011 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-16008 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

9.3
2019-01-18 CVE-2018-16004 Adobe
Microsoft
Apple
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability.

9.3
2019-01-18 CVE-2018-16003 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-16000 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability.

9.3
2019-01-18 CVE-2018-15999 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability.

9.3
2019-01-18 CVE-2018-15998 Adobe
Microsoft
Apple
Buffer Errors vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability.

9.3
2019-01-18 CVE-2018-15994 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-15993 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-15992 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-15991 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-15990 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability.

9.3
2019-01-18 CVE-2018-15988 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability.

9.3
2019-01-18 CVE-2018-15987 Adobe
Microsoft
Apple
Buffer Errors vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability.

9.3
2019-01-18 CVE-2018-12830 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability.

9.3
2019-01-18 CVE-2019-3906 Identicard USE of Hard-Coded Credentials vulnerability in Identicard Premisys ID 3.1.190

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003.

9.0

48 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-01-18 CVE-2018-11284 Qualcomm Unspecified vulnerability in Qualcomm products

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20

8.5
2019-01-18 CVE-2019-3910 Crestron Unspecified vulnerability in Crestron Airmedia Am-100 Firmware

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script.

8.5
2019-01-20 CVE-2019-6496 Marvell Out-Of-Bounds Write vulnerability in Marvell products

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks.

8.3
2019-01-18 CVE-2018-5881 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

8.3
2019-01-18 CVE-2018-5879 Qualcomm Out-Of-Bounds Write vulnerability in Qualcomm products

Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

8.3
2019-01-18 CVE-2018-11993 Qualcomm Out-Of-Bounds Write vulnerability in Qualcomm Mdm9206 Firmware and Mdm9607 Firmware

Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607

8.3
2019-01-18 CVE-2018-11279 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

8.3
2019-01-18 CVE-2018-11998 Qualcomm Race Condition vulnerability in Qualcomm products

While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016

7.9
2019-01-16 CVE-2019-2511 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

7.8
2019-01-16 CVE-2019-2437 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

7.8
2019-01-16 CVE-2018-20720 ABB Improper Input Validation vulnerability in ABB Relion 630 Firmware

ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.

7.8
2019-01-20 CVE-2019-6497 Hotels Server Project SQL Injection vulnerability in Hotels Server Project Hotels Server 20181105

Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.

7.5
2019-01-18 CVE-2019-3774 Pivotal Software XXE vulnerability in Pivotal Software Spring Batch

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

7.5
2019-01-18 CVE-2019-3773 Pivotal Software
Oracle
XXE vulnerability in multiple products

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

7.5
2019-01-18 CVE-2019-3772 Vmware
Oracle
XXE vulnerability in multiple products

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

7.5
2019-01-18 CVE-2018-19716 Adobe
Microsoft
Apple
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability.

7.5
2019-01-17 CVE-2018-20732 SAS
HPE
IBM
Linux
Microsoft
Oracle
Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

7.5
2019-01-16 CVE-2018-18814 Tibco Improper Authentication vulnerability in Tibco products

The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms.

7.5
2019-01-16 CVE-2018-3311 Oracle Unspecified vulnerability in Oracle Retail Xstore Payment 3.3

Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security).

7.5
2019-01-16 CVE-2015-9277 Mailenable Path Traversal vulnerability in Mailenable

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/..

7.5
2019-01-16 CVE-2018-20721 Uriparser Project
Debian
Out-Of-Bounds Read vulnerability in multiple products

URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

7.5
2019-01-16 CVE-2019-6446 Numpy
Fedoraproject
Deserialization of Untrusted Data vulnerability in multiple products

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier.

7.5
2019-01-16 CVE-2019-6440 Zemana Data Processing Errors vulnerability in Zemana Antimalware

Zemana AntiMalware before 3.0.658 Beta mishandles update logic.

7.5
2019-01-16 CVE-2019-6439 Wolfssl Out-Of-Bounds Write vulnerability in Wolfssl

examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.

7.5
2019-01-15 CVE-2019-3557 Facebook Out-Of-Bounds Read vulnerability in Facebook Hhvm

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently.

7.5
2019-01-15 CVE-2018-6345 Facebook Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Facebook Hhvm

The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large.

7.5
2019-01-15 CVE-2019-0022 Juniper USE of Hard-Coded Credentials vulnerability in Juniper Advanced Threat Prevention

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software.

7.5
2019-01-15 CVE-2019-0020 Juniper USE of Hard-Coded Credentials vulnerability in Juniper Advanced Threat Prevention

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software.

7.5
2019-01-15 CVE-2019-0007 Juniper USE of Insufficiently Random Values vulnerability in Juniper Junos 15.1

The vMX Series software uses a predictable IP ID Sequence Number.

7.5
2019-01-15 CVE-2019-0006 Juniper Improper Input Validation vulnerability in Juniper Junos 14.1X53/15.1/15.1X53

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration.

7.5
2019-01-15 CVE-2019-0002 Juniper Unspecified vulnerability in Juniper Junos 15.1X53/18.1/18.2

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect.

7.5
2019-01-15 CVE-2017-6925 Drupal Unspecified vulnerability in Drupal

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities.

7.5
2019-01-15 CVE-2018-20716 Cubecart SQL Injection vulnerability in Cubecart

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

7.5
2019-01-15 CVE-2018-20715 Oxid Esales SQL Injection vulnerability in Oxid-Esales Eshop 4.10.6

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

7.5
2019-01-15 CVE-2019-6296 Skymoonlabs SQL Injection vulnerability in Skymoonlabs Cleanto 5.0

Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.

7.5
2019-01-15 CVE-2019-6295 Skymoonlabs SQL Injection vulnerability in Skymoonlabs Cleanto 5.0

Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.

7.5
2019-01-14 CVE-2019-6259 Icmsdev SQL Injection vulnerability in Icmsdev Icms 7.0.13

An issue was discovered in idreamsoft iCMS V7.0.13.

7.5
2019-01-14 CVE-2019-6256 Live555
Debian
Improper Handling of Exceptional Conditions vulnerability in multiple products

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93.

7.5
2019-01-18 CVE-2018-5880 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

7.2
2019-01-18 CVE-2018-5869 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810

7.2
2019-01-18 CVE-2018-5868 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130

7.2
2019-01-18 CVE-2018-5867 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130

7.2
2019-01-18 CVE-2018-11288 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130

7.2
2019-01-18 CVE-2017-18331 Qualcomm Unspecified vulnerability in Qualcomm products

Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660

7.2
2019-01-17 CVE-2018-20735 BMC Improper Authentication vulnerability in BMC Patrol Agent

** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01.

7.2
2019-01-16 CVE-2018-15782 RSA Path Traversal vulnerability in RSA Authentication Manager

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability.

7.2
2019-01-16 CVE-2017-3141 ISC Unquoted Search Path OR Element vulnerability in ISC Bind

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this.

7.2
2019-01-15 CVE-2019-0001 Juniper
Fedoraproject
Uncontrolled Recursion vulnerability in multiple products

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service.

7.1

277 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-01-18 CVE-2018-16029 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

6.8
2019-01-18 CVE-2018-16027 Adobe
Microsoft
Apple
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability.

6.8
2019-01-18 CVE-2018-15983 Adobe
Apple
Linux
Microsoft
Google
Untrusted Search Path vulnerability in Adobe Flash Player

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability.

6.8
2019-01-17 CVE-2018-20728 Nedi Cross-Site Request Forgery (CSRF) vulnerability in Nedi

A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.

6.8
2019-01-16 CVE-2019-2418 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0/12.1.3.0/12.2.1.3

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

6.8
2019-01-16 CVE-2019-2402 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.10

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications.

6.8
2019-01-16 CVE-2016-10738 Castlamp Cross-Site Request Forgery (CSRF) vulnerability in Castlamp Zenbership 107

Zenbership v107 has CSRF via admin/cp-functions/event-add.php.

6.8
2019-01-15 CVE-2019-6294 Easycms Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.5

An issue was discovered in EasyCMS 1.5.

6.8
2019-01-14 CVE-2018-16886 Etcd
Redhat
Fedoraproject
Improper Authentication vulnerability in multiple products

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled.

6.8
2019-01-18 CVE-2019-6487 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

6.5
2019-01-17 CVE-2018-20727 Nedi OS Command Injection vulnerability in Nedi

Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.

6.5
2019-01-16 CVE-2019-2452 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0/12.1.3.0/12.2.1.3

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

6.5
2019-01-16 CVE-2019-2443 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher).

6.5
2019-01-16 CVE-2019-2433 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher).

6.5
2019-01-16 CVE-2019-2416 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server).

6.5
2019-01-16 CVE-2019-2406 Oracle Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C

Vulnerability in the Core RDBMS component of Oracle Database Server.

6.5
2019-01-16 CVE-2018-3305 Oracle Unspecified vulnerability in Oracle Application Testing Suite

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps).

6.5
2019-01-15 CVE-2019-0017 Juniper Unrestricted Upload of File With Dangerous Type vulnerability in Juniper Junos Space

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types.

6.5
2019-01-15 CVE-2018-20719 Tiki SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

6.5
2019-01-15 CVE-2018-20717 Prestashop Code Injection vulnerability in Prestashop

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges.

6.5
2019-01-15 CVE-2018-20713 Shopware SQL Injection vulnerability in Shopware

Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.

6.5
2019-01-15 CVE-2017-18356 Automattic Code Injection vulnerability in Automattic Woocommerce

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges.

6.5
2019-01-15 CVE-2019-6289 Dedecms Code Injection vulnerability in Dedecms 5.7

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

6.5
2019-01-14 CVE-2018-1969 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

6.5
2019-01-18 CVE-2018-16042 Adobe
Iskysoft
Improper Verification of Cryptographic Signature vulnerability in multiple products

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability.

6.4
2019-01-16 CVE-2019-2489 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query).

6.4
2019-01-16 CVE-2019-2463 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

6.4
2019-01-16 CVE-2019-2462 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

6.4
2019-01-16 CVE-2019-2456 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

6.4
2019-01-16 CVE-2019-2453 Oracle Unspecified vulnerability in Oracle E-Business Suite 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan).

6.4
2019-01-16 CVE-2019-2425 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

6.4
2019-01-16 CVE-2019-2417 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor).

6.4
2019-01-16 CVE-2019-2403 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.10

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications.

6.4
2019-01-16 CVE-2019-2399 Oracle Unspecified vulnerability in Oracle Communications Diameter Signaling Router 6.0/8.1/8.2

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security).

6.4
2019-01-16 CVE-2018-3304 Oracle Unspecified vulnerability in Oracle Application Testing Suite

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps).

6.4
2019-01-16 CVE-2018-3303 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2/13.3

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console).

6.4
2019-01-16 CVE-2018-3125 Oracle Unspecified vulnerability in Oracle Retail Merchandising System 14.1

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)).

6.4
2019-01-16 CVE-2019-6444 Ntpsec Out-Of-Bounds Read vulnerability in Ntpsec 1.1.0/1.1.1/1.1.2

An issue was discovered in NTPsec before 1.1.3.

6.4
2019-01-16 CVE-2019-6443 Ntpsec Out-Of-Bounds Read vulnerability in Ntpsec 1.1.0/1.1.1/1.1.2

An issue was discovered in NTPsec before 1.1.3.

6.4
2019-01-16 CVE-2019-2415 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets).

6.0
2019-01-16 CVE-2019-2405 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security).

6.0
2019-01-18 CVE-2018-15784 Dell Improper Certificate Validation vulnerability in Dell Networking Os10 10.4.2.1

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake.

5.8
2019-01-16 CVE-2019-2549 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page).

5.8
2019-01-16 CVE-2019-2540 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.12

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

5.8
2019-01-16 CVE-2019-2519 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 9.2

Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status).

5.8
2019-01-16 CVE-2019-2499 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality).

5.8
2019-01-16 CVE-2019-2498 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board).

5.8
2019-01-16 CVE-2019-2497 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages).

5.8
2019-01-16 CVE-2019-2471 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal).

5.8
2019-01-16 CVE-2019-2470 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail).

5.8
2019-01-16 CVE-2019-2469 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2019-01-16 CVE-2019-2447 Oracle Unspecified vulnerability in Oracle Partner Management

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail).

5.8
2019-01-16 CVE-2019-2445 Oracle Unspecified vulnerability in Oracle Content Manager

Vulnerability in the Oracle Content Manager component of Oracle E-Business Suite (subcomponent: Cover Letter).

5.8
2019-01-16 CVE-2019-2442 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core).

5.8
2019-01-16 CVE-2019-2440 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2019-01-16 CVE-2019-2439 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal).

5.8
2019-01-16 CVE-2019-2435 Oracle
Netapp
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python).
5.8
2019-01-16 CVE-2019-2429 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2019-01-16 CVE-2019-2423 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search).

5.8
2019-01-16 CVE-2019-2421 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Eprofile Manager Desktop 9.2

Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Desktop component of Oracle PeopleSoft Products (subcomponent: Guided Self Service).

5.8
2019-01-16 CVE-2019-2413 Oracle Cross-Site Scripting vulnerability in Oracle Reports Developer 12.2.1.3

Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session).

5.8
2019-01-16 CVE-2019-2400 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration).

5.8
2019-01-15 CVE-2017-6924 Drupal Improper Privilege Management vulnerability in Drupal

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments.

5.8
2019-01-14 CVE-2019-6251 Gnome
Webkitgtk
Wpewebkit
Fedoraproject
Canonical
Opensuse
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections.
5.8
2019-01-18 CVE-2018-20233 Atlassian XXE vulnerability in Atlassian Universal Plugin Manager

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.

5.5
2019-01-18 CVE-2018-2019 IBM XXE vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2019-01-16 CVE-2019-2538 Oracle Unspecified vulnerability in Oracle Managed File Transfer 12.2.1.3.0/19.1.0.0.0

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server).

5.5
2019-01-16 CVE-2019-2534 Oracle
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
5.5
2019-01-16 CVE-2019-2436 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
5.5
2019-01-16 CVE-2019-2401 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.5
2019-01-16 CVE-2019-2395 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services).

5.5
2019-01-15 CVE-2019-0016 Juniper Unspecified vulnerability in Juniper Junos Space

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user.

5.5
2019-01-15 CVE-2019-0015 Juniper Insufficient Session Expiration vulnerability in Juniper Junos

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted.

5.5
2019-01-15 CVE-2018-20714 Woocommerce Path Traversal vulnerability in Woocommerce

The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability.

5.5
2019-01-16 CVE-2019-2541 Oracle Unspecified vulnerability in Oracle Solaris 10

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client).

5.4
2019-01-18 CVE-2019-3908 Identicard USE of Hard-Coded Credentials vulnerability in Identicard Premisys ID 3.1.190

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files.

5.0
2019-01-18 CVE-2019-3907 Identicard Inadequate Encryption Strength vulnerability in Identicard Premisys ID 3.1.190

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

5.0
2019-01-18 CVE-2018-19722 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-19718 Adobe Information Exposure vulnerability in Adobe Connect

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability.

5.0
2019-01-18 CVE-2018-19706 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-19701 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-19699 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-16047 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-16041 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-16038 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-16035 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-16031 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

5.0
2019-01-18 CVE-2018-12817 Adobe Out-Of-Bounds Read vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability.

5.0
2019-01-17 CVE-2018-20730 Nedi SQL Injection vulnerability in Nedi

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.

5.0
2019-01-17 CVE-2018-20733 SAS
HPE
IBM
Linux
Microsoft
Oracle
XXE vulnerability in SAS web Infrastructure Platform 9.4

BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.

5.0
2019-01-16 CVE-2018-5740 ISC
Redhat
Debian
Netapp
Canonical
Reachable Assertion vulnerability in multiple products

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.

5.0
2019-01-16 CVE-2018-5739 ISC Missing Release of Resource After Effective Lifetime vulnerability in ISC KEA 1.4.0

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities.

5.0
2019-01-16 CVE-2018-5738 ISC
Canonical
Information Exposure vulnerability in multiple products

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver.

5.0
2019-01-16 CVE-2018-5737 ISC
Netapp
Reachable Assertion vulnerability in multiple products

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.

5.0
2019-01-16 CVE-2018-5734 ISC
Netapp
Reachable Assertion vulnerability in multiple products

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode.

5.0
2019-01-16 CVE-2018-5733 ISC
Redhat
Canonical
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.

5.0
2019-01-16 CVE-2017-3145 ISC
Redhat
Debian
Netapp
USE After Free vulnerability in ISC Bind

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.

5.0
2019-01-16 CVE-2017-3144 ISC
Redhat
Canonical
Debian
Resource Exhaustion vulnerability in multiple products

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server.

5.0
2019-01-16 CVE-2017-3137 ISC
Redhat
Netapp
Debian
Reachable Assertion vulnerability in multiple products

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order.

5.0
2019-01-16 CVE-2019-2543 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

5.0
2019-01-16 CVE-2019-2488 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Session Management).

5.0
2019-01-16 CVE-2019-2480 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2479 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2478 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2477 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2476 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2475 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2474 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2473 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2472 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2468 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2467 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2466 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2465 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2464 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2461 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2460 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2459 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2458 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2457 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2019-01-16 CVE-2019-2441 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE).

5.0
2019-01-16 CVE-2019-2427 Oracle Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0

Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application).

5.0
2019-01-16 CVE-2019-2404 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal).

5.0
2019-01-16 CVE-2015-9280 Mailenable XXE vulnerability in Mailenable

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

5.0
2019-01-16 CVE-2015-9278 Mailenable Credentials Management vulnerability in Mailenable

MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.

5.0
2019-01-15 CVE-2019-0014 Juniper Data Processing Errors vulnerability in Juniper Junos 17.2X75/17.4/18.2

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down.

5.0
2019-01-15 CVE-2019-0013 Juniper Data Processing Errors vulnerability in Juniper Junos

The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received.

5.0
2019-01-15 CVE-2019-0010 Juniper Allocation of Resources Without Limits OR Throttling vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49

An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic.

5.0
2019-01-15 CVE-2019-0005 Juniper Allocation of Resources Without Limits OR Throttling vulnerability in Juniper Junos

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers.

5.0
2019-01-14 CVE-2018-1956 IBM Weak Password Requirements vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

5.0
2019-01-18 CVE-2018-11999 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24

4.9
2019-01-16 CVE-2019-2509 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.9
2019-01-16 CVE-2019-2508 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.9
2019-01-16 CVE-2019-2432 Oracle Unspecified vulnerability in Oracle Argus Safety 8.1/8.2

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login).

4.9
2019-01-16 CVE-2019-2419 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Cost Center Common Application Objects 9.2

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder).

4.9
2019-01-16 CVE-2019-2411 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0.8

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite).

4.9
2019-01-16 CVE-2019-6447 Estrongs Missing Authentication FOR Critical Function vulnerability in Estrongs ES File Explorer File Manager

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network.

4.8
2019-01-18 CVE-2017-8276 Qualcomm Incorrect Authorization vulnerability in Qualcomm products

Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.

4.6
2019-01-18 CVE-2019-6488 GNU Improper Resource Shutdown OR Release vulnerability in GNU Glibc

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

4.6
2019-01-16 CVE-2019-2552 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-01-16 CVE-2019-2548 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-01-16 CVE-2019-2524 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-01-16 CVE-2019-2500 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-01-16 CVE-2019-2414 Oracle Unspecified vulnerability in Oracle Http Server 12.2.1.3.0

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener).

4.6
2019-01-16 CVE-2018-3309 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-01-16 CVE-2019-2526 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2019-01-16 CVE-2019-2523 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2019-01-16 CVE-2019-2522 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2019-01-16 CVE-2019-2521 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2019-01-16 CVE-2019-2520 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2019-01-16 CVE-2019-2444 Oracle Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.4
2019-01-16 CVE-2019-2412 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store).

4.4
2019-01-20 CVE-2018-18908 SKY Cleartext Transmission of Sensitive Information vulnerability in SKY GO 1.0.191/1.0.231

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP.

4.3
2019-01-18 CVE-2018-19719 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19717 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19714 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19712 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19711 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19710 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19709 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19705 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19704 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-19703 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16043 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16034 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16033 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16032 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16030 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16028 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16024 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16023 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16022 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16020 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16019 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16017 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16015 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16013 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16012 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16010 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16009 Adobe
Microsoft
Apple
Integer Overflow OR Wraparound vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability.

4.3
2019-01-18 CVE-2018-16007 Adobe
Microsoft
Apple
Integer Overflow OR Wraparound vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability.

4.3
2019-01-18 CVE-2018-16006 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16005 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16002 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-16001 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-15997 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-15996 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-15995 Adobe
Microsoft
Apple
Integer Overflow OR Wraparound vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability.

4.3
2019-01-18 CVE-2018-15989 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-15986 Adobe
Microsoft
Apple
Integer Overflow OR Wraparound vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability.

4.3
2019-01-18 CVE-2018-15985 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-18 CVE-2018-15984 Adobe
Microsoft
Apple
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability.

4.3
2019-01-17 CVE-2018-20731 Nedi Cross-Site Scripting vulnerability in Nedi

A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.

4.3
2019-01-17 CVE-2018-20729 Nedi Cross-Site Scripting vulnerability in Nedi

A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.

4.3
2019-01-17 CVE-2015-9281 SAS
HPE
IBM
Linux
Microsoft
Oracle
Cross-Site Scripting vulnerability in SAS web Infrastructure Platform 9.4

Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.

4.3
2019-01-16 CVE-2018-18813 Tibco Cross-Site Scripting vulnerability in Tibco products

The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks.

4.3
2019-01-16 CVE-2017-3143 ISC
Redhat
Debian
Unspecified vulnerability in ISC Bind

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.

4.3
2019-01-16 CVE-2017-3142 ISC
Redhat
Debian
Improper Input Validation vulnerability in ISC Bind

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.

4.3
2019-01-16 CVE-2017-3140 ISC
Netapp
Resource Exhaustion vulnerability in multiple products

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query.

4.3
2019-01-16 CVE-2017-3136 ISC
Redhat
Netapp
Debian
Reachable Assertion vulnerability in multiple products

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.

4.3
2019-01-16 CVE-2017-3135 ISC
Redhat
Netapp
Debian
Null Pointer Dereference vulnerability in multiple products

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer.

4.3
2019-01-16 CVE-2016-9778 ISC
Netapp
7PK - Errors vulnerability in multiple products

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service.

4.3
2019-01-16 CVE-2019-2550 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page).

4.3
2019-01-16 CVE-2019-2546 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions).

4.3
2019-01-16 CVE-2019-2496 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages).

4.3
2019-01-16 CVE-2019-2492 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display).

4.3
2019-01-16 CVE-2019-2491 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display).

4.3
2019-01-16 CVE-2019-2490 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor).

4.3
2019-01-16 CVE-2019-2485 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Administration).

4.3
2019-01-16 CVE-2019-2431 Oracle Unspecified vulnerability in Oracle Argus Safety 8.1/8.2

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console).

4.3
2019-01-16 CVE-2019-2426 Oracle
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
4.3
2019-01-16 CVE-2019-2422 Oracle
Canonical
Netapp
Redhat
Debian
Opensuse
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries).
4.3
2019-01-16 CVE-2019-2408 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds).

4.3
2019-01-16 CVE-2019-2396 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages).

4.3
2019-01-16 CVE-2019-6462 Cairographics Infinite Loop vulnerability in Cairographics Cairo 1.16.0

An issue was discovered in cairo 1.16.0.

4.3
2019-01-16 CVE-2019-6461 Cairographics Reachable Assertion vulnerability in Cairographics Cairo 1.16.0

An issue was discovered in cairo 1.16.0.

4.3
2019-01-16 CVE-2019-6460 GNU Null Pointer Dereference vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2019-6459 GNU Memory Leak vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2019-6458 GNU Memory Leak vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2019-6457 GNU Memory Leak vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2019-6456 GNU Null Pointer Dereference vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2019-6455 GNU Double Free vulnerability in GNU Recutils 1.8

An issue was discovered in GNU Recutils 1.8.

4.3
2019-01-16 CVE-2015-9279 Mailenable Cross-Site Scripting vulnerability in Mailenable

MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.

4.3
2019-01-16 CVE-2015-9276 Smartertools Cross-Site Scripting vulnerability in Smartertools Smartermail

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms.

4.3
2019-01-16 CVE-2019-6264 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.2.

4.3
2019-01-16 CVE-2019-6261 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.2.

4.3
2019-01-15 CVE-2019-3554 Facebook Data Processing Errors vulnerability in Facebook Wangle

Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections.

4.3
2019-01-15 CVE-2018-7603 Search Autocomplete Project Cross-Site Scripting vulnerability in Search Autocomplete Project Search Autocomplete

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability.

4.3
2019-01-15 CVE-2019-0012 Juniper Resource Exhaustion vulnerability in Juniper Junos

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart.

4.3
2019-01-15 CVE-2019-0003 Juniper Improper Input Validation vulnerability in Juniper Junos

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated.

4.3
2019-01-15 CVE-2017-6921 Drupal Improper Input Validation vulnerability in Drupal

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files.

4.3
2019-01-15 CVE-2018-15463 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface.

4.3
2019-01-15 CVE-2018-15440 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2019-01-15 CVE-2017-18358 Limesurvey Cross-Site Scripting vulnerability in Limesurvey

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.

4.3
2019-01-15 CVE-2019-6293 Flex Project Uncontrolled Recursion vulnerability in Flex Project Flex 2.6.4

An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4.

4.3
2019-01-15 CVE-2019-6292 Yaml CPP Project Uncontrolled Recursion vulnerability in Yaml-Cpp Project Yaml-Cpp 0.6.2

An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2.

4.3
2019-01-15 CVE-2019-6291 Nasm Uncontrolled Recursion vulnerability in Nasm Netwide Assembler

An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02.

4.3
2019-01-15 CVE-2019-6290 Nasm Uncontrolled Recursion vulnerability in Nasm Netwide Assembler

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02.

4.3
2019-01-15 CVE-2019-6267 Premiumwpsuite Cross-Site Scripting vulnerability in Premiumwpsuite Easy Redirect Manager 28.0717

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.

4.3
2019-01-15 CVE-2018-20712 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.31.1

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1.

4.3
2019-01-14 CVE-2019-6286 Sass Lang Out-Of-Bounds Read vulnerability in Sass-Lang Libsass 3.5.5

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

4.3
2019-01-14 CVE-2019-6285 Yaml CPP Project Uncontrolled Recursion vulnerability in Yaml-Cpp Project Yaml-Cpp 0.6.2

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

4.3
2019-01-14 CVE-2019-6284 Sass Lang Out-Of-Bounds Read vulnerability in Sass-Lang Libsass 3.5.5

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

4.3
2019-01-14 CVE-2019-6283 Sass Lang Out-Of-Bounds Read vulnerability in Sass-Lang Libsass 3.5.5

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

4.3
2019-01-14 CVE-2018-1967 IBM Cross-Site Scripting vulnerability in IBM Security Identity Manager

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting.

4.3
2019-01-17 CVE-2019-0647 Microsoft Information Exposure vulnerability in Microsoft Team Foundation Server 2017/2018

An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.

4.0
2019-01-16 CVE-2018-5741 ISC Incorrect Authorization vulnerability in ISC Bind

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy.

4.0
2019-01-16 CVE-2019-2539 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection).
4.0
2019-01-16 CVE-2019-2537 Oracle
Canonical
Debian
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.0
2019-01-16 CVE-2019-2533 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges).
4.0
2019-01-16 CVE-2019-2532 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
4.0
2019-01-16 CVE-2019-2531 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
4.0
2019-01-16 CVE-2019-2530 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.0
2019-01-16 CVE-2019-2529 Oracle
Debian
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.0
2019-01-16 CVE-2019-2528 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition).

4.0
2019-01-16 CVE-2019-2512 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).

4.0
2019-01-16 CVE-2019-2510 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).

4.0
2019-01-16 CVE-2019-2507 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2019-01-16 CVE-2019-2502 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).

4.0
2019-01-16 CVE-2019-2495 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

4.0
2019-01-16 CVE-2019-2494 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

4.0
2019-01-16 CVE-2019-2487 Oracle Unspecified vulnerability in Oracle Transportation Management

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure).

4.0
2019-01-16 CVE-2019-2486 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).

4.0
2019-01-16 CVE-2019-2482 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS).

4.0
2019-01-16 CVE-2019-2481 Oracle
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.0
2019-01-16 CVE-2019-2455 Oracle
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
4.0
2019-01-16 CVE-2019-2438 Oracle Unspecified vulnerability in Oracle web Cache 11.1.1.9.0

Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware (subcomponent: ESI/Partial Page Caching).

4.0
2019-01-16 CVE-2019-2434 Oracle
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
4.0
2019-01-16 CVE-2019-2430 Oracle Unspecified vulnerability in Oracle Argus Safety 8.1/8.2

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console).

4.0
2019-01-16 CVE-2019-2420 Oracle
Canonical
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.0
2019-01-16 CVE-2019-2398 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0/12.1.3.0/12.2.1.3

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment).

4.0
2019-01-16 CVE-2019-6445 Ntpsec Null Pointer Dereference vulnerability in Ntpsec 1.1.0/1.1.1/1.1.2

An issue was discovered in NTPsec before 1.1.3.

4.0
2019-01-16 CVE-2019-6442 Ntpsec Out-Of-Bounds Write vulnerability in Ntpsec 1.1.0/1.1.1/1.1.2

An issue was discovered in NTPsec before 1.1.3.

4.0
2019-01-15 CVE-2019-0030 Juniper Inadequate Encryption Strength vulnerability in Juniper Advanced Threat Prevention Firmware

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents.

4.0
2019-01-15 CVE-2018-16846 Redhat
Debian
Opensuse
Canonical
Allocation of Resources Without Limits OR Throttling vulnerability in multiple products

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

4.0
2019-01-15 CVE-2017-18357 Shopware Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Shopware

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.

4.0
2019-01-14 CVE-2019-6257 Elfinder Project Server-Side Request Forgery (SSRF) vulnerability in Elfinder Project Elfinder

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources.

4.0

57 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-01-16 CVE-2019-2503 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling).

3.8
2019-01-16 CVE-2019-2410 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0.8

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Security).

3.6
2019-01-16 CVE-2019-2407 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

3.6
2019-01-16 CVE-2019-2397 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

3.6
2019-01-17 CVE-2019-0646 Microsoft Cross-Site Scripting vulnerability in Microsoft Team Foundation Server 2018

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.

3.5
2019-01-17 CVE-2019-0624 Microsoft Cross-Site Scripting vulnerability in Microsoft Skype FOR Business 2015

A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

3.5
2019-01-16 CVE-2018-18812 Tibco Incorrect Permission Assignment FOR Critical Resource vulnerability in Tibco products

The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage.

3.5
2019-01-16 CVE-2018-5736 ISC
Netapp
Reachable Assertion vulnerability in multiple products

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession.

3.5
2019-01-16 CVE-2017-3138 ISC
Netapp
Debian
Reachable Assertion vulnerability in multiple products

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.

3.5
2019-01-16 CVE-2019-2547 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

3.5
2019-01-16 CVE-2018-20726 Cacti Cross-Site Scripting vulnerability in Cacti

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

3.5
2019-01-16 CVE-2018-20725 Cacti Cross-Site Scripting vulnerability in Cacti

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

3.5
2019-01-16 CVE-2018-20724 Cacti Cross-Site Scripting vulnerability in Cacti

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

3.5
2019-01-16 CVE-2018-20723 Cacti Cross-Site Scripting vulnerability in Cacti

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

3.5
2019-01-16 CVE-2019-6263 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.2.

3.5
2019-01-16 CVE-2019-6262 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.2.

3.5
2019-01-16 CVE-2016-10737 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity 2.0.4

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

3.5
2019-01-15 CVE-2019-0027 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2019-0026 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2019-0025 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2019-0024 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2019-0023 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2019-0018 Juniper Cross-Site Scripting vulnerability in Juniper Advanced Threat Prevention

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

3.5
2019-01-15 CVE-2018-1772 IBM Cross-Site Scripting vulnerability in IBM Spss Analytic Server 3.1.1.1

IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting.

3.5
2019-01-14 CVE-2019-6278 Jpress Cross-Site Scripting vulnerability in Jpress 1.0.4

XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.

3.5
2019-01-16 CVE-2019-2409 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0.8

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite).

3.3
2019-01-15 CVE-2019-0011 Juniper Improper Input Validation vulnerability in Juniper Junos

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address.

3.3
2019-01-15 CVE-2018-14662 Redhat
Debian
Opensuse
Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

2.7
2019-01-15 CVE-2019-3811 Fedoraproject
Debian
Opensuse
Redhat
Improper Input Validation vulnerability in multiple products

A vulnerability was found in sssd.

2.7
2019-01-16 CVE-2019-2493 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Campus Software Campus Community 9.0/9.2

Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks).

2.6
2019-01-16 CVE-2019-2449 Oracle
Redhat
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
2.6
2019-01-18 CVE-2018-3595 Qualcomm Unspecified vulnerability in Qualcomm products

Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130

2.1
2019-01-18 CVE-2017-18332 Qualcomm Information Exposure vulnerability in Qualcomm products

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130

2.1
2019-01-16 CVE-2019-2556 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2555 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2554 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2553 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2545 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO).

2.1
2019-01-16 CVE-2019-2544 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

2.1
2019-01-16 CVE-2019-2527 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2506 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2505 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2504 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2501 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2451 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2450 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2448 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-16 CVE-2019-2446 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2019-01-15 CVE-2019-0029 Juniper Information Exposure Through LOG Files vulnerability in Juniper Advanced Threat Prevention

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users.

2.1
2019-01-15 CVE-2019-0021 Juniper Information Exposure Through LOG Files vulnerability in Juniper Advanced Threat Prevention

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.

2.1
2019-01-15 CVE-2019-0009 Juniper Improper Input Validation vulnerability in Juniper Junos 15.1X53/18.1/18.2

On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).

2.1
2019-01-15 CVE-2019-0004 Juniper Information Exposure vulnerability in Juniper Advanced Threat Prevention

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users.

2.1
2019-01-16 CVE-2019-2535 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options).
1.9
2019-01-16 CVE-2019-2525 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

1.9
2019-01-14 CVE-2018-16888 Freedesktop
Redhat
Netapp
Improper Input Validation vulnerability in multiple products

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes.

1.9
2019-01-16 CVE-2019-2536 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).
1.2
2019-01-16 CVE-2019-2513 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell).
1.2