Weekly Vulnerabilities Reports > January 21 to 27, 2019
Overview
184 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 242 products from 59 vendors including Microsoft, Foxitsoftware, Cisco, Debian, and Redhat. Vulnerabilities are notably categorized as "Use After Free", "Cross-site Scripting", "Improper Input Validation", "Cross-Site Request Forgery (CSRF)", and "Out-of-bounds Read".
- 167 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities have public exploit available.
- 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 156 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 81 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-01-22 | CVE-2018-6444 | Brocade Netapp | OS Command Injection vulnerability in multiple products A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. | 10.0 |
2019-01-23 | CVE-2017-17836 | Apache | Credentials Management vulnerability in Apache Airflow In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. | 9.8 |
2019-01-22 | CVE-2019-6339 | Drupal Debian | Improper Input Validation vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. | 9.8 |
2019-01-23 | CVE-2019-1641 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Online and Webex Meetings Server A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2019-01-23 | CVE-2019-1640 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Online and Webex Meetings Server A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2019-01-23 | CVE-2019-1639 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Online and Webex Meetings Server A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2019-01-23 | CVE-2019-1638 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Online and Webex Meetings Server A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2019-01-23 | CVE-2019-1637 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Online and Webex Meetings Server A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2019-01-23 | CVE-2019-1636 | Cisco | OS Command Injection vulnerability in Cisco Webex Teams 3.0.4533 A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. | 9.3 |
2019-01-21 | CVE-2019-6499 | Teradata | Use of Hard-coded Credentials vulnerability in Teradata Viewpoint 16.20.00.02B80 Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. | 9.3 |
2019-01-24 | CVE-2018-12237 | Symantec | OS Command Injection vulnerability in Symantec Reporter The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. | 9.0 |
2019-01-24 | CVE-2019-1652 | Cisco | Improper Input Validation vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. | 9.0 |
2019-01-24 | CVE-2019-1651 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Vsmart Controller A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. | 9.0 |
2019-01-24 | CVE-2019-1650 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 9.0 |
29 High Vulnerabilities
136 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-01-24 | CVE-2018-17707 | Epicgames | OS Command Injection vulnerability in Epicgames Launcher This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. | 6.8 |
2019-01-24 | CVE-2018-17705 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17704 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17703 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17702 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17701 | Foxitsoftware Microsoft | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17698 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17697 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17696 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17695 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17694 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17693 | Foxitsoftware Microsoft | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17692 | Foxitsoftware Microsoft | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17691 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17690 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17689 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17688 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17687 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17685 | Foxitsoftware Microsoft | Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17684 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17683 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17682 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17681 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17680 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17679 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17678 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17677 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17676 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17675 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17674 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17673 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17672 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17671 | Foxitsoftware Microsoft | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17670 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17669 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17668 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17667 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17666 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17665 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17664 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17663 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17662 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17661 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17660 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17659 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17658 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17657 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17656 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17655 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17654 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17653 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17652 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17651 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17650 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17649 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17648 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17647 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17646 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17645 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17644 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17643 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17642 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17641 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17640 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17639 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17638 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17637 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17636 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17635 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17634 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17633 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17632 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17631 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17630 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. | 6.8 |
2019-01-24 | CVE-2018-17629 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. | 6.8 |
2019-01-24 | CVE-2018-17627 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17626 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. | 6.8 |
2019-01-24 | CVE-2018-17625 | Foxitsoftware Microsoft | Use After Free vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. | 6.8 |
2019-01-22 | CVE-2018-19019 | Omron | Incorrect Type Conversion or Cast vulnerability in Omron Cx-Supervisor 3.5 A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). | 6.8 |
2019-01-22 | CVE-2018-19017 | Omron | Use After Free vulnerability in Omron Cx-Supervisor 3.5 Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). | 6.8 |
2019-01-22 | CVE-2018-19011 | Omron | Code Injection vulnerability in Omron Cx-Supervisor 3.5 CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. | 6.8 |
2019-01-22 | CVE-2019-6510 | Creditease SEC | Cross-Site Request Forgery (CSRF) vulnerability in Creditease-Sec Insight An issue was discovered in creditease-sec insight through 2018-09-11. | 6.8 |
2019-01-22 | CVE-2019-6509 | Creditease SEC | Cross-Site Request Forgery (CSRF) vulnerability in Creditease-Sec Insight An issue was discovered in creditease-sec insight through 2018-09-11. | 6.8 |
2019-01-22 | CVE-2019-6508 | Creditease SEC | Cross-Site Request Forgery (CSRF) vulnerability in Creditease-Sec Insight An issue was discovered in creditease-sec insight through 2018-09-11. | 6.8 |
2019-01-22 | CVE-2019-6507 | Creditease SEC | Cross-Site Request Forgery (CSRF) vulnerability in Creditease-Sec Insight An issue was discovered in creditease-sec insight through 2018-09-11. | 6.8 |
2019-01-23 | CVE-2018-15459 | Cisco | Unspecified vulnerability in Cisco Identity Services Engine 2.3(0.298)/2.5(0.1) A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. | 6.5 |
2019-01-23 | CVE-2019-6708 | Phpshe | SQL Injection vulnerability in PHPshe 1.7 PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. | 6.5 |
2019-01-23 | CVE-2019-6707 | Phpshe | SQL Injection vulnerability in PHPshe 1.7 PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. | 6.5 |
2019-01-23 | CVE-2019-3587 | Mcafee | Untrusted Search Path vulnerability in Mcafee Total Protection 4.0.161.1/4.0.176.1/4.6 DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. | 6.5 |
2019-01-23 | CVE-2019-6691 | Phpwind | SQL Injection vulnerability in PHPwind 9.0.2.170426 phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. | 6.5 |
2019-01-22 | CVE-2018-14666 | Redhat | Incorrect Authorization vulnerability in Redhat Satellite An improper authorization flaw was found in the Smart Class feature of Foreman. | 6.5 |
2019-01-22 | CVE-2017-6923 | Drupal | Missing Authorization vulnerability in Drupal In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. | 6.5 |
2019-01-22 | CVE-2017-6922 | Drupal Debian | Files or Directories Accessible to External Parties vulnerability in multiple products In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. | 6.5 |
2019-01-24 | CVE-2019-1668 | Cisco | Cross-site Scripting vulnerability in Cisco Socialminer 11.6(1)/11.6(2)/12.0(1) A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. | 6.1 |
2019-01-23 | CVE-2019-3584 | Mcafee | Improper Authentication vulnerability in Mcafee Mvision Endpoint Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors. | 6.0 |
2019-01-25 | CVE-2018-19023 | Hetronic | Improper Authentication vulnerability in Hetronic products Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. | 5.8 |
2019-01-25 | CVE-2019-6956 | Audiocoding Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 5.8 |
2019-01-24 | CVE-2019-6780 | Kaine | Open Redirect vulnerability in Kaine Wise Chat The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. | 5.8 |
2019-01-24 | CVE-2019-6779 | Chshcms | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1.8 Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | 5.8 |
2019-01-21 | CVE-2019-6498 | Labapart | Out-of-bounds Read vulnerability in Labapart Gattlib 0.2 GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused. | 5.8 |
2019-01-26 | CVE-2019-6976 | Libvips | Use of Uninitialized Resource vulnerability in Libvips libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. | 5.3 |
2019-01-25 | CVE-2018-20743 | Mumble Debian | Improper Input Validation vulnerability in multiple products murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | 5.0 |
2019-01-25 | CVE-2017-18359 | Postgis Debian | Improper Input Validation vulnerability in multiple products PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | 5.0 |
2019-01-24 | CVE-2019-1669 | Cisco | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense 6.3.0/6.4.0 A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. | 5.0 |
2019-01-24 | CVE-2019-1653 | Cisco | Improper Access Control vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. | 5.0 |
2019-01-24 | CVE-2018-20742 | Ucbrise | Out-of-bounds Write vulnerability in Ucbrise Opaque An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. | 5.0 |
2019-01-23 | CVE-2019-1644 | Cisco | Resource Exhaustion vulnerability in Cisco IOT Field Network Director 4.3(0.20) A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. | 5.0 |
2019-01-23 | CVE-2019-6719 | MZ Automation | Use After Free vulnerability in Mz-Automation Libiec61850 1.3.1 An issue has been found in libIEC61850 v1.3.1. | 5.0 |
2019-01-23 | CVE-2018-1751 | IBM Linux Microsoft | Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
2019-01-22 | CVE-2018-6445 | Brocade Netapp | A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. | 5.0 |
2019-01-22 | CVE-2018-19634 | Broadcom CA | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | 5.0 |
2019-01-21 | CVE-2019-6500 | Axway | Path Traversal vulnerability in Axway File Tranfer Direct 2.7.1 In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | 5.0 |
2019-01-25 | CVE-2019-3819 | Linux Debian Canonical Opensuse | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. | 4.9 |
2019-01-22 | CVE-2018-19013 | Omron | Command Injection vulnerability in Omron Cx-Supervisor 3.5 An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | 4.9 |
2019-01-24 | CVE-2019-1656 | Cisco | Improper Input Validation vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. | 4.6 |
2019-01-24 | CVE-2018-1959 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 4.6 |
2019-01-21 | CVE-2016-10739 | GNU Opensuse | Improper Input Validation vulnerability in multiple products In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | 4.6 |
2019-01-26 | CVE-2019-6799 | Phpmyadmin Debian | An issue was discovered in phpMyAdmin before 4.8.5. | 4.3 |
2019-01-25 | CVE-2019-6966 | Axiosys | Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.5.1628 An issue was discovered in Bento4 1.5.1-628. | 4.3 |
2019-01-25 | CVE-2019-6804 | Pagerduty | Cross-site Scripting vulnerability in Pagerduty Rundeck An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. | 4.3 |
2019-01-25 | CVE-2019-6803 | Typora | Cross-site Scripting vulnerability in Typora typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. | 4.3 |
2019-01-25 | CVE-2019-6802 | Python | CRLF Injection vulnerability in Python Pypiserver CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. | 4.3 |
2019-01-24 | CVE-2019-1658 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.6(1) A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 4.3 |
2019-01-24 | CVE-2019-1655 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.8 A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 4.3 |
2019-01-24 | CVE-2019-6777 | Zoneminder | Cross-site Scripting vulnerability in Zoneminder 1.32.3 An issue was discovered in ZoneMinder v1.32.3. | 4.3 |
2019-01-24 | CVE-2018-17699 | Foxitsoftware Microsoft | Information Exposure vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. | 4.3 |
2019-01-24 | CVE-2018-17686 | Foxitsoftware Microsoft | Information Exposure vulnerability in Foxitsoftware Phantompdf and Reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. | 4.3 |
2019-01-23 | CVE-2019-1643 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.2.0 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
2019-01-23 | CVE-2019-1642 | Cisco | Cross-site Scripting vulnerability in Cisco Firepower Management Center 6.2.3/6.3.0 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
2019-01-23 | CVE-2018-15455 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.2(0.910)/2.3(0.905)/2.4(0.903) A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. | 4.3 |
2019-01-22 | CVE-2018-6443 | Brocade Netapp | Credentials Management vulnerability in multiple products A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | 4.3 |
2019-01-22 | CVE-2018-13374 | Fortinet | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | 4.3 |
2019-01-24 | CVE-2019-1657 | Cisco | Credentials Management vulnerability in Cisco AMP Threat Grid Appliance and AMP Threat Grid Cloud A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. | 4.0 |
2019-01-23 | CVE-2018-1000997 | Jenkins | Path Traversal vulnerability in Jenkins A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | 4.0 |
2019-01-23 | CVE-2018-0187 | Cisco | Information Exposure vulnerability in Cisco Identity Services Engine 2.4(0.901.1)/2.4(0.901) A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. | 4.0 |
2019-01-23 | CVE-2018-2026 | IBM | Information Exposure vulnerability in IBM Financial Transaction Manager 3.2.1.0 IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-01-23 | CVE-2018-15614 | Avaya | Cross-site Scripting vulnerability in Avaya IP Office 10.0/10.1/11.0 A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. | 3.5 |
2019-01-25 | CVE-2018-19021 | Emerson | Improper Restriction of Excessive Authentication Attempts vulnerability in Emerson Deltav A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | 3.3 |
2019-01-24 | CVE-2019-1645 | Cisco | Information Exposure vulnerability in Cisco Connected Mobile Experiences 10.2(1.0) A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. | 3.3 |
2019-01-25 | CVE-2018-19009 | Pilz | Credentials Management vulnerability in Pilz Pnozmulti Configurator Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. | 2.1 |
2019-01-24 | CVE-2018-5497 | Netapp | Information Exposure vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | 2.1 |