Weekly Vulnerabilities Reports > March 11 to 17, 2019

Overview

218 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 425 products from 86 vendors including Intel, IBM, Cisco, GNU, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Read", and "Information Exposure".

  • 145 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 170 reported vulnerabilities are exploitable by an anonymous user.
  • Intel has the most reported vulnerabilities, with 40 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-03-13 CVE-2019-1723 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Common Services Platform Collector 2.7.2/2.8.0/2.8.1

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password.

10.0
2019-03-13 CVE-2019-9748 Tinysvcmdns Project Out-of-bounds Read vulnerability in Tinysvcmdns Project Tinysvcmdns 20160718/20171105/20180116

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer.

9.4
2019-03-15 CVE-2018-20106 Opensuse Improper Input Validation vulnerability in Opensuse Yast2-Printer

In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly.

9.3
2019-03-11 CVE-2019-9686 Pacman Project Path Traversal vulnerability in Pacman Project Pacman

pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header.

9.3
2019-03-11 CVE-2019-1614 Cisco Command Injection vulnerability in Cisco Nx-Os

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.

9.0

39 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-03-12 CVE-2019-5918 Nablarch Project XXE vulnerability in Nablarch Project Nablarch 5/5U1/5U13

Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

8.5
2019-03-15 CVE-2019-9831 Airmore Improper Input Validation vulnerability in Airmore

The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.

7.8
2019-03-15 CVE-2018-19393 Cobham Incorrect Permission Assignment for Critical Resource vulnerability in Cobham products

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file.

7.8
2019-03-13 CVE-2018-0389 Cisco Unspecified vulnerability in Cisco Spa514G Firmware

A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.

7.8
2019-03-15 CVE-2018-20182 Rdesktop
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.

7.5
2019-03-15 CVE-2018-20181 Rdesktop
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.

7.5
2019-03-15 CVE-2018-20180 Rdesktop
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.

7.5
2019-03-15 CVE-2018-20179 Rdesktop Integer Underflow (Wrap or Wraparound) vulnerability in Rdesktop

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.

7.5
2019-03-15 CVE-2018-20177 Rdesktop Integer Overflow or Wraparound vulnerability in Rdesktop

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

7.5
2019-03-14 CVE-2019-9825 Feifeicms Unrestricted Upload of File with Dangerous Type vulnerability in Feifeicms 4.1.190209

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.

7.5
2019-03-14 CVE-2019-9762 Phpshe SQL Injection vulnerability in PHPshe 1.7

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id.

7.5
2019-03-14 CVE-2019-9760 Ftpgetter Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ftpgetter 5.97.0.177

FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses.

7.5
2019-03-11 CVE-2019-9687 Podofo Project
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

7.5
2019-03-11 CVE-2019-9651 Sdcms Code Injection vulnerability in Sdcms 1.7

An issue was discovered in SDCMS V1.7.

7.5
2019-03-15 CVE-2018-18256 Capmon Improper Authentication vulnerability in Capmon Access Manager 5.4.1.1005

An issue was discovered in CapMon Access Manager 5.4.1.1005.

7.2
2019-03-15 CVE-2018-18255 Capmon Improper Authentication vulnerability in Capmon Access Manager 5.4.1.1005

An issue was discovered in CapMon Access Manager 5.4.1.1005.

7.2
2019-03-15 CVE-2018-18252 Capmon Improper Privilege Management vulnerability in Capmon Access Manager 5.4.1.1005

An issue was discovered in CapMon Access Manager 5.4.1.1005.

7.2
2019-03-14 CVE-2018-12220 Intel Unspecified vulnerability in Intel Graphics Driver

Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.

7.2
2019-03-14 CVE-2018-12216 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.

7.2
2019-03-14 CVE-2018-12214 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Graphics Driver

Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.

7.2
2019-03-14 CVE-2018-12205 Intel Improper Certificate Validation vulnerability in Intel products

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.

7.2
2019-03-14 CVE-2018-12204 Intel Improper Initialization vulnerability in Intel products

Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.

7.2
2019-03-14 CVE-2018-12203 Intel Unspecified vulnerability in Intel products

Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.

7.2
2019-03-14 CVE-2018-12202 Intel Unspecified vulnerability in Intel products

Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.

7.2
2019-03-14 CVE-2018-12201 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.

7.2
2019-03-14 CVE-2018-12199 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

7.2
2019-03-14 CVE-2018-12192 Intel Improper Authentication vulnerability in Intel products

Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

7.2
2019-03-14 CVE-2018-12191 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

7.2
2019-03-13 CVE-2018-20621 Microvirt Incorrect Permission Assignment for Critical Resource vulnerability in Microvirt Memu 6.0.6

An issue was discovered in Microvirt MEmu 6.0.6.

7.2
2019-03-12 CVE-2019-9729 Shanda Improper Validation of Array Index vulnerability in Shanda Maplestory Online 160.0

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

7.2
2019-03-11 CVE-2019-4016 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.

7.2
2019-03-11 CVE-2019-4015 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.

7.2
2019-03-11 CVE-2018-1998 IBM OS Command Injection vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges.

7.2
2019-03-11 CVE-2018-1980 IBM
Linux
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.

7.2
2019-03-11 CVE-2018-1978 IBM
Linux
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.

7.2
2019-03-11 CVE-2019-1618 Cisco Permission Issues vulnerability in Cisco Nx-Os 7.0(3)I4(9)/7.0(3)I7/7.0(3)I7(2)

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root.

7.2
2019-03-11 CVE-2019-1612 Cisco OS Command Injection vulnerability in Cisco Nx-Os

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

7.2
2019-03-11 CVE-2019-1611 Cisco Command Injection vulnerability in Cisco Fx-Os and Nx-Os

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

7.2
2019-03-11 CVE-2019-1610 Cisco Command Injection vulnerability in Cisco Nx-Os

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

7.2

120 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-03-15 CVE-2018-18253 Capmon Race Condition vulnerability in Capmon Access Manager 5.4.1.1005

An issue was discovered in CapMon Access Manager 5.4.1.1005.

6.9
2019-03-14 CVE-2019-9787 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration.

6.8
2019-03-14 CVE-2019-9785 Gitnoteapp Improper Input Validation vulnerability in Gitnoteapp Gitnote 3.1.0

gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.

6.8
2019-03-14 CVE-2019-9769 Kartatopia Cross-Site Request Forgery (CSRF) vulnerability in Kartatopia Piluscart 1.4.1

PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

6.8
2019-03-14 CVE-2019-9767 Cleanersoft Out-of-bounds Write vulnerability in Cleanersoft Free MP3 CD Ripper 2.6

Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.

6.8
2019-03-14 CVE-2019-9766 Cleanersoft Out-of-bounds Write vulnerability in Cleanersoft Free MP3 CD Ripper 2.6

Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.

6.8
2019-03-12 CVE-2019-5924 Rednao Cross-Site Request Forgery (CSRF) vulnerability in Rednao Smart Forms

Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

6.8
2019-03-12 CVE-2019-5922 Microsoft Untrusted Search Path vulnerability in Microsoft Teams

Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2019-03-12 CVE-2019-5921 Microsoft Untrusted Search Path vulnerability in Microsoft Windows 7

Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2019-03-12 CVE-2019-5920 Ncrafts Cross-Site Request Forgery (CSRF) vulnerability in Ncrafts Formcraft

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

6.8
2019-03-12 CVE-2019-9710 Webargs Project Race Condition vulnerability in Webargs Project Webargs

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products.

6.8
2019-03-11 CVE-2019-9688 Sftnow Cross-Site Request Forgery (CSRF) vulnerability in Sftnow

sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.

6.8
2019-03-11 CVE-2019-9675 PHP
Canonical
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3.

6.8
2019-03-11 CVE-2019-9656 Libofx Project NULL Pointer Dereference vulnerability in Libofx Project Libofx 0.9.14

An issue was discovered in LibOFX 0.9.14.

6.8
2019-03-11 CVE-2019-9652 Sdcms Cross-Site Request Forgery (CSRF) vulnerability in Sdcms 1.7

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request.

6.8
2019-03-15 CVE-2019-9829 Maccms Code Injection vulnerability in Maccms 10.0

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action.

6.5
2019-03-14 CVE-2019-4034 IBM Improper Input Validation vulnerability in IBM Content Navigator 3.0.0

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation.

6.5
2019-03-13 CVE-2019-9752 Otrs Code Injection vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4.

6.5
2019-03-13 CVE-2019-6597 F5 Unspecified vulnerability in F5 products

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

6.5
2019-03-12 CVE-2019-0276 SAP Incorrect Authorization vulnerability in SAP products

Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.

6.5
2019-03-12 CVE-2019-0270 SAP Missing Authorization vulnerability in SAP products

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.5
2019-03-11 CVE-2019-9693 Cmsmadesimple SQL Injection vulnerability in Cmsmadesimple CMS Made Simple

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).

6.5
2019-03-14 CVE-2019-9775 GNU Out-of-bounds Read vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

6.4
2019-03-14 CVE-2019-9774 GNU Out-of-bounds Read vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

6.4
2019-03-13 CVE-2019-9750 Iotivity Improper Input Validation vulnerability in Iotivity

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification.

6.4
2019-03-13 CVE-2015-2254 Huawei Information Exposure vulnerability in Huawei Oceanstor UDS Firmware

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.

6.4
2019-03-12 CVE-2019-5919 Nablarch Project Cryptographic Issues vulnerability in Nablarch Project Nablarch 5/5U1/5U13

An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.

6.4
2019-03-11 CVE-2019-9659 Chuango
Eminent
Improper Input Validation vulnerability in multiple products

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

6.4
2019-03-11 CVE-2019-9662 Jtbc Path Traversal vulnerability in Jtbc PHP 3.0.1.8

An issue was discovered in JTBC(PHP) 3.0.1.8.

6.4
2019-03-11 CVE-2019-1617 Cisco Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Nx-Os

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2019-03-11 CVE-2018-1974 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels.

6.0
2019-03-15 CVE-2019-9835 Fujitsu Unspecified vulnerability in Fujitsu Gk900 Firmware and Lx901 Firmware

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection.

5.8
2019-03-13 CVE-2018-17937 Gpsd Project
Microjson Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.

5.8
2019-03-13 CVE-2018-20800 Otrs Improper Input Validation vulnerability in Otrs 5.0.31/6.0.13

An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.

5.5
2019-03-13 CVE-2019-3785 Cloudfoundry Improper Privilege Management vulnerability in Cloudfoundry Capi-Release

Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization.

5.5
2019-03-12 CVE-2019-0277 SAP XXE vulnerability in SAP Hana Extended Application Services 1.0

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

5.5
2019-03-12 CVE-2019-0268 SAP XML Injection (aka Blind XPath Injection) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

5.5
2019-03-15 CVE-2019-5616 Broadcastboxes Unspecified vulnerability in Broadcastboxes Scion-8 Firmware

CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.

5.0
2019-03-15 CVE-2018-18205 TOP Vision Information Exposure vulnerability in Top-Vision Cc8800Ce Firmware

Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.

5.0
2019-03-15 CVE-2018-17882 Cryptobots Integer Overflow or Wraparound vulnerability in Cryptobots Battletoken

An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token.

5.0
2019-03-15 CVE-2018-20178 Rdesktop
Debian
Out-of-bounds Read vulnerability in multiple products

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

5.0
2019-03-15 CVE-2018-20176 Rdesktop Out-of-bounds Read vulnerability in Rdesktop

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).

5.0
2019-03-15 CVE-2018-20175 Rdesktop
Debian
Out-of-bounds Read vulnerability in multiple products

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

5.0
2019-03-15 CVE-2018-20174 Rdesktop Out-of-bounds Read vulnerability in Rdesktop

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.

5.0
2019-03-15 CVE-2019-9833 Screen Stream Project Improper Input Validation vulnerability in Screen Stream Project Screen Stream

The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.

5.0
2019-03-15 CVE-2019-9832 Airdrop Project Improper Input Validation vulnerability in Airdrop Project Airdrop 1.0/2.0

The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.

5.0
2019-03-15 CVE-2018-19392 Cobham Improper Authentication vulnerability in Cobham products

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability.

5.0
2019-03-14 CVE-2019-3833 Openwsman Project
Fedoraproject
Opensuse
Infinite Loop vulnerability in multiple products

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests.

5.0
2019-03-14 CVE-2019-3816 Openwsman Project
Redhat
Fedoraproject
Opensuse
Information Exposure vulnerability in multiple products

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory.

5.0
2019-03-14 CVE-2018-12187 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware 11.0/11.10/11.20

Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.

5.0
2019-03-14 CVE-2018-20801 Highcharts Incorrect Regular Expression vulnerability in Highcharts

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

5.0
2019-03-14 CVE-2019-9779 GNU NULL Pointer Dereference vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9778 GNU Out-of-bounds Read vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9777 GNU Out-of-bounds Read vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9776 GNU NULL Pointer Dereference vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9773 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9772 GNU NULL Pointer Dereference vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9771 GNU NULL Pointer Dereference vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9770 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.7/0.7.1645

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.

5.0
2019-03-14 CVE-2019-9768 Thinkst Permissions, Privileges, and Access Controls vulnerability in Thinkst Canarytokens 20190301

Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.

5.0
2019-03-14 CVE-2019-9761 Phpshe XXE vulnerability in PHPshe 1.7

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication.

5.0
2019-03-13 CVE-2019-6596 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash.

5.0
2019-03-13 CVE-2019-9749 Treasuredata Improper Input Validation vulnerability in Treasuredata Fluent BIT

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4.

5.0
2019-03-13 CVE-2019-9747 Tinysvcmdns Project Infinite Loop vulnerability in Tinysvcmdns Project Tinysvcmdns 20160718/20171105/20180116

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query.

5.0
2019-03-13 CVE-2019-9746 Webmproject NULL Pointer Dereference vulnerability in Webmproject Libwebm

In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.

5.0
2019-03-13 CVE-2019-9742 Gdata Software Missing Authorization vulnerability in Gdata-Software Total Security

gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.

5.0
2019-03-12 CVE-2019-5923 Ichain Path Traversal vulnerability in Ichain Insurance Wallet

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2019-03-12 CVE-2019-5917 Microsoft Unspecified vulnerability in Microsoft Azure-Umqtt-C

azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2019-03-12 CVE-2019-0274 SAP Unspecified vulnerability in SAP Mobile Platform SDK 3.0

SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e.

5.0
2019-03-12 CVE-2019-9713 Joomla Missing Authorization vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.4.

5.0
2019-03-11 CVE-2019-1616 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition.

5.0
2019-03-11 CVE-2019-9658 Checkstyle
Debian
Fedoraproject
XXE vulnerability in multiple products

Checkstyle before 8.18 loads external DTDs by default.

5.0
2019-03-15 CVE-2018-18254 Capmon Incorrect Permission Assignment for Critical Resource vulnerability in Capmon Access Manager 5.4.1.1005

An issue was discovered in CapMon Access Manager 5.4.1.1005.

4.6
2019-03-14 CVE-2019-0135 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Rapid Storage Technology Enterprise

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-03-14 CVE-2019-0129 Intel Permissions, Privileges, and Access Controls vulnerability in Intel USB 3.0 Creator Utility

Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-03-14 CVE-2019-0121 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Matrix Storage Manager 8.9.0.1023

Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-03-14 CVE-2018-12223 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Graphics Driver

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.

4.6
2019-03-14 CVE-2018-12221 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access.

4.6
2019-03-14 CVE-2018-12208 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

4.6
2019-03-14 CVE-2018-12200 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Capability Licensing Service

Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.

4.6
2019-03-14 CVE-2018-12196 Intel Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware 12.0.5

Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.

4.6
2019-03-14 CVE-2018-12190 Intel Improper Input Validation vulnerability in Intel products

Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.

4.6
2019-03-14 CVE-2018-12185 Intel Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware 12.0.5

Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

4.6
2019-03-11 CVE-2018-1923 IBM
Linux
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.

4.6
2019-03-11 CVE-2018-1922 IBM
Linux
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.

4.6
2019-03-11 CVE-2018-1890 IBM Uncontrolled Search Path Element vulnerability in IBM SDK 8.0

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.

4.6
2019-03-11 CVE-2019-1615 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.

4.6
2019-03-11 CVE-2019-1613 Cisco Command Injection vulnerability in Cisco Nx-Os

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

4.6
2019-03-17 CVE-2018-20806 Phamm Cross-site Scripting vulnerability in Phamm 0.6.8

Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).

4.3
2019-03-15 CVE-2019-9834 Netdata Cross-site Scripting vulnerability in Netdata

** DISPUTED ** The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection.

4.3
2019-03-15 CVE-2018-19391 Cobham Cross-site Scripting vulnerability in Cobham products

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.

4.3
2019-03-14 CVE-2019-9765 Blog Mini Project Cross-site Scripting vulnerability in Blog Mini Project Blog Mini 1.0

In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.

4.3
2019-03-13 CVE-2019-9754 Tinycc Out-of-bounds Write vulnerability in Tinycc 0.9.27

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27.

4.3
2019-03-13 CVE-2019-6600 F5 Cross-site Scripting vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page.

4.3
2019-03-13 CVE-2019-6599 F5 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager

In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.

4.3
2019-03-13 CVE-2019-9741 Golang
Debian
Fedoraproject
Redhat
CRLF Injection vulnerability in multiple products

An issue was discovered in net/http in Go 1.11.5.

4.3
2019-03-13 CVE-2019-9740 Python CRLF Injection vulnerability in Python

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.

4.3
2019-03-13 CVE-2019-9738 Golangtc Cross-site Scripting vulnerability in Golangtc Gopher 2.0

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.

4.3
2019-03-13 CVE-2019-9737 Ipandao Cross-site Scripting vulnerability in Ipandao Editor.Md 1.5.0

Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.

4.3
2019-03-13 CVE-2019-9736 1024Tools Cross-site Scripting vulnerability in 1024Tools 1.0

DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.

4.3
2019-03-12 CVE-2019-9725 Korenix Cross-site Scripting vulnerability in Korenix products

The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.

4.3
2019-03-12 CVE-2019-9558 Mailtraq Cross-site Scripting vulnerability in Mailtraq Webmail 2.17.7.3550

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message.

4.3
2019-03-12 CVE-2019-9557 Codecrafters Cross-site Scripting vulnerability in Codecrafters Ability Mail Server 4.2.6

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body.

4.3
2019-03-12 CVE-2019-9714 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.4.

4.3
2019-03-12 CVE-2019-9712 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.4.

4.3
2019-03-12 CVE-2019-9711 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.4.

4.3
2019-03-12 CVE-2019-9721 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg 4.1

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

4.3
2019-03-12 CVE-2019-9718 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg 4.1

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

4.3
2019-03-12 CVE-2019-9644 Jupyter Cross-site Scripting vulnerability in Jupyter Notebook

An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server.

4.3
2019-03-11 CVE-2019-1702 Cisco Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email 11.6(1)

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.

4.3
2019-03-11 CVE-2019-9650 Upcoming Events Project Cross-site Scripting vulnerability in Upcoming Events Project Upcoming Events 1.32

An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.

4.3
2019-03-14 CVE-2018-1929 IBM Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see.

4.0
2019-03-13 CVE-2019-6598 F5 Unspecified vulnerability in F5 products

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services.

4.0
2019-03-13 CVE-2019-3711 EMC
RSA
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability.
4.0
2019-03-13 CVE-2019-9735 Openstack
Redhat
Debian
Improper Handling of Exceptional Conditions vulnerability in multiple products

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.

4.0
2019-03-12 CVE-2019-0271 SAP XXE vulnerability in SAP products

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability.

4.0
2019-03-12 CVE-2018-17944 Lexmark Information Exposure vulnerability in Lexmark products

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there.

4.0
2019-03-11 CVE-2018-2009 IBM Information Exposure vulnerability in IBM API Connect

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API.

4.0
2019-03-11 CVE-2018-1902 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system.

4.0
2019-03-11 CVE-2019-9692 Cmsmadesimple Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

4.0

54 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-03-15 CVE-2018-17955 Opensuse Link Following vulnerability in Opensuse Yast2-Multipath

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

3.6
2019-03-14 CVE-2019-0122 Intel
Microsoft
Linux
Double Free vulnerability in Intel Software Guard Extensions SDK

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

3.6
2019-03-15 CVE-2018-19394 Cobham Cross-site Scripting vulnerability in Cobham products

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit.

3.5
2019-03-14 CVE-2018-1984 IBM Cross-site Scripting vulnerability in IBM Rational Team Concert

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1983 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1982 IBM Cross-site Scripting vulnerability in IBM Rational Team Concert

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1952 IBM Cross-site Scripting vulnerability in IBM products

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1916 IBM Cross-site Scripting vulnerability in IBM products

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1914 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1910 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1908 IBM Cross-site Scripting vulnerability in IBM Robotic Process Automation With Automation Anywhere 11.0.0.0/11.0.0.1

IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1829 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1825 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1824 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1823 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1764 IBM Cross-site Scripting vulnerability in IBM Rational Quality Manager

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1763 IBM Cross-site Scripting vulnerability in IBM Rational Quality Manager

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1761 IBM Cross-site Scripting vulnerability in IBM Rational Team Concert

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1759 IBM Cross-site Scripting vulnerability in IBM Rational Quality Manager

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1688 IBM Cross-site Scripting vulnerability in IBM products

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting.

3.5
2019-03-14 CVE-2018-1658 IBM Improper Input Validation vulnerability in IBM Rational Collaborative Lifecycle Management

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input.

3.5
2019-03-13 CVE-2019-9751 Otrs Cross-site Scripting vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5.

3.5
2019-03-12 CVE-2019-5925 Dradisframework Cross-site Scripting vulnerability in Dradisframework Dradis

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2019-03-12 CVE-2019-0275 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Java

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.

3.5
2019-03-12 CVE-2019-0269 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20

SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2019-03-11 CVE-2019-1707 Cisco Cross-site Scripting vulnerability in Cisco DNA Center

A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2019-03-11 CVE-2019-9661 Yzmcms Cross-site Scripting vulnerability in Yzmcms 5.2

Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,

3.5
2019-03-11 CVE-2019-9660 Yzmcms Cross-site Scripting vulnerability in Yzmcms 5.2

Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.

3.5
2019-03-11 CVE-2019-1690 Cisco Unspecified vulnerability in Cisco Application Policy Infrastructure Controller

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device.

3.3
2019-03-15 CVE-2018-17956 Opensuse Credentials Management vulnerability in Opensuse Yast2-Samba-Provision

In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list

2.1
2019-03-14 CVE-2018-18091 Intel Use After Free vulnerability in Intel Graphics Driver

Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access.

2.1
2019-03-14 CVE-2018-18090 Intel Out-of-bounds Read vulnerability in Intel Graphics Driver

Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access.

2.1
2019-03-14 CVE-2018-18089 Intel Out-of-bounds Read vulnerability in Intel Graphics Driver

Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2019-03-14 CVE-2018-12224 Intel
Microsoft
Information Exposure vulnerability in Intel Graphics Driver

Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2019-03-14 CVE-2018-12222 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access.

2.1
2019-03-14 CVE-2018-12219 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access.

2.1
2019-03-14 CVE-2018-12218 Intel Unspecified vulnerability in Intel Graphics Driver

Unhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a memory leak via local access.

2.1
2019-03-14 CVE-2018-12217 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Graphics Driver

Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access.

2.1
2019-03-14 CVE-2018-12215 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12213 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Graphics Driver

Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12212 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Graphics Driver

Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12211 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12210 Intel
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Graphics Driver

Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12209 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Graphics Driver

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.

2.1
2019-03-14 CVE-2018-12198 Intel Improper Input Validation vulnerability in Intel Server Platform Services Firmware

Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.

2.1
2019-03-14 CVE-2018-12189 Intel Improper Check for Unusual or Exceptional Conditions vulnerability in Intel products

Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.

2.1
2019-03-14 CVE-2018-12188 Intel Improper Input Validation vulnerability in Intel products

Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.

2.1
2019-03-13 CVE-2019-6601 F5 Improper Privilege Management vulnerability in F5 Big-Ip Application Acceleration Manager

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.

2.1
2019-03-13 CVE-2019-3716 RSA Information Exposure Through Log Files vulnerability in RSA Archer GRC Platform

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability.

2.1
2019-03-13 CVE-2019-3715 RSA Information Exposure Through Log Files vulnerability in RSA Archer GRC Platform 6.5

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability.

2.1
2019-03-12 CVE-2019-3615 Mcafee Information Exposure vulnerability in Mcafee Database Security 4.6.6

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.

2.1
2019-03-12 CVE-2019-9706 Debian Use After Free vulnerability in Debian Cron 3.0

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

2.1
2019-03-12 CVE-2019-9705 Cron Project
Debian
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.

2.1
2019-03-12 CVE-2019-9704 Cron Project Improper Input Validation vulnerability in Cron Project Cron 3.0Pl1128.

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.

2.1