Weekly Vulnerabilities Reports > April 1 to 7, 2019
Overview
423 new vulnerabilities reported during this period, including 66 critical vulnerabilities and 89 high severity vulnerabilities. This weekly summary report vulnerabilities in 325 products from 94 vendors including Apple, Jenkins, Microsoft, Synology, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Missing Encryption of Sensitive Data", and "Insufficiently Protected Credentials".
- 380 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 112 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 314 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 187 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 42 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
66 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-04-05 | CVE-2019-10479 | Glory Global | Use of Hard-coded Credentials vulnerability in Glory-Global Rbw-100 Firmware Ispk05027.0.0 An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. | 10.0 |
2019-04-04 | CVE-2018-19282 | Rockwellautomation | Resource Exhaustion vulnerability in Rockwellautomation Powerflex 525 AC Drives Firmware Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. | 10.0 |
2019-04-04 | CVE-2018-18068 | Raspberrypi | Exposure of Resource to Wrong Sphere vulnerability in Raspberrypi Raspberry PI 3 Model B+ Firmware The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. | 10.0 |
2019-04-04 | CVE-2019-10842 | Getbootstrap | Code Injection vulnerability in Getbootstrap Bootstrap-Sass 3.2.0.3 Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. | 10.0 |
2019-04-03 | CVE-2018-4332 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 10.0 |
2019-04-03 | CVE-2018-4331 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 10.0 |
2019-04-03 | CVE-2018-4268 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 10.0 |
2019-04-02 | CVE-2018-19275 | Mitel | Insecure Default Initialization of Resource vulnerability in Mitel CMG Suite and Inattend The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | 10.0 |
2019-04-01 | CVE-2018-17565 | Grandstream | OS Command Injection vulnerability in Grandstream products Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | 10.0 |
2019-04-01 | CVE-2017-8023 | Dell | Improper Authentication vulnerability in Dell EMC Networker EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. | 10.0 |
2019-04-05 | CVE-2019-10877 | Teeworlds | Integer Overflow or Wraparound vulnerability in Teeworlds 0.7.2 In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. | 9.8 |
2019-04-05 | CVE-2019-10879 | Teeworlds | Integer Overflow or Wraparound vulnerability in Teeworlds 0.7.2 In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled. | 9.8 |
2019-04-05 | CVE-2019-10878 | Teeworlds | Out-of-bounds Write vulnerability in Teeworlds 0.7.2 In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. | 9.8 |
2019-04-04 | CVE-2018-10244 | Oisf | Integer Overflow or Wraparound vulnerability in Oisf Suricata 4.0.4 Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. | 9.8 |
2019-04-03 | CVE-2018-4291 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.8 |
2019-04-03 | CVE-2018-4288 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.8 |
2019-04-03 | CVE-2018-4287 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.8 |
2019-04-03 | CVE-2018-4286 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.8 |
2019-04-03 | CVE-2018-4259 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.8 |
2019-04-02 | CVE-2019-10692 | Codecabin | SQL Injection vulnerability in Codecabin WP GO Maps In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | 9.8 |
2019-04-01 | CVE-2019-5891 | Overit | Unspecified vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 9.8 |
2019-04-03 | CVE-2018-4465 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4463 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4461 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 9.3 |
2019-04-03 | CVE-2018-4456 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 9.3 |
2019-04-03 | CVE-2018-4450 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4449 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4447 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 9.3 |
2019-04-03 | CVE-2018-4427 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4426 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4425 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4424 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A buffer overflow was addressed with improved size validation. | 9.3 |
2019-04-03 | CVE-2018-4422 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4421 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory initialization issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4420 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed by removing the vulnerable code. | 9.3 |
2019-04-03 | CVE-2018-4419 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4415 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4410 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 9.3 |
2019-04-03 | CVE-2018-4408 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | 9.3 |
2019-04-03 | CVE-2018-4402 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4401 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4393 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4383 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 9.3 |
2019-04-03 | CVE-2018-4357 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode A memory corruption issue was addressed with improved input validation. | 9.3 |
2019-04-03 | CVE-2018-4350 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 9.3 |
2019-04-03 | CVE-2018-4344 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4343 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4340 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4337 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4336 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4334 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4327 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4285 | Apple | Incorrect Type Conversion or Cast vulnerability in Apple mac OS X A type confusion issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2018-4126 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2019-04-03 | CVE-2017-13911 | Apple | Improper Input Validation vulnerability in Apple mac OS X A configuration issue was addressed with additional restrictions. | 9.3 |
2019-04-03 | CVE-2019-10673 | Ultimatemember | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 9.3 |
2019-04-02 | CVE-2019-1010260 | Ktlint Project | Cleartext Transmission of Sensitive Information vulnerability in Ktlint Project Ktlint Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. | 9.3 |
2019-04-05 | CVE-2019-10478 | Glory Global | Unrestricted Upload of File with Dangerous Type vulnerability in Glory-Global Rbw-100 Firmware Ispk05027.0.0 An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. | 9.0 |
2019-04-04 | CVE-2018-19981 | Amazon | Cleartext Storage of Sensitive Information vulnerability in Amazon AWS Software Development KIT Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. | 9.0 |
2019-04-02 | CVE-2019-5524 | Vmware | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. | 9.0 |
2019-04-02 | CVE-2019-5515 | Vmware | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. | 9.0 |
2019-04-02 | CVE-2018-1640 | IBM | Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
2019-04-01 | CVE-2018-17990 | Dlink | OS Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. | 9.0 |
2019-04-01 | CVE-2018-5757 | Audiocodes | OS Command Injection vulnerability in Audiocodes 420Hd IP Phone Firmware 3.0.0.535.106 An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. | 9.0 |
2019-04-01 | CVE-2018-13285 | Synology | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 9.0 |
2019-04-01 | CVE-2018-13284 | Synology | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 9.0 |
89 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-04-05 | CVE-2019-10872 | Freedesktop | Out-of-bounds Read vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 8.8 |
2019-04-04 | CVE-2019-10299 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Cloudcoreo Deploytime Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10298 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Koji Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10297 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Sametime Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10296 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Serena SRA Deploy Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10295 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Crittercism-Dsym Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10294 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Kmap Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10291 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Netsparker Cloud Scan Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10288 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Jabber Server Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10287 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Youtrack-Plugin Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10286 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Deployhub Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10285 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Minio Storage Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10284 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Diawi Upload Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10283 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Mabl Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10282 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Klaros-Testmanagement Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10281 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Relution Enterprise Appstore Publisher Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10280 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Assembla Auth Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-10277 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Starteam Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003075 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Audit to Database Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003074 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Hyper.Sh Commons Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003073 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins VS Team Services Continuous Deployment Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003072 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Wildfly Deployer Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003071 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Octopusdeploy Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003070 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Veracode-Scanner Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003069 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Aqua Security Scanner Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003068 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins VMWare Vrealize Automation Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003067 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Trac Publisher Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003066 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Bugzilla Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003065 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Cloudshare Docker-Machine Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003064 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Aws-Device-Farm Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003063 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Amazon SNS Build Notifier Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003062 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins AWS Cloudwatch Logs Publisher Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003061 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Jenkins-Cloudformation-Plugin Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003060 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Official Owasp ZAP Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003057 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Bitbucket Approve Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003056 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003055 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins FTP Publisher Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003054 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Jira Issue Updater Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003053 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Hockeyapp Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003052 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins AWS Elastic Beanstalk Publisher Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-04 | CVE-2019-1003051 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins IRC Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
2019-04-03 | CVE-2018-4407 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 8.8 |
2019-04-01 | CVE-2019-5890 | Overit | Improper Authentication vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 8.8 |
2019-04-07 | CVE-2019-10906 | Palletsprojects Fedoraproject Canonical Redhat Opensuse | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 |
2019-04-03 | CVE-2019-4014 | IBM | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. | 7.8 |
2019-04-02 | CVE-2018-3974 | GOG | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.45.61 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. | 7.8 |
2019-04-01 | CVE-2019-8956 | Linux Canonical | Use After Free vulnerability in multiple products In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | 7.8 |
2019-04-07 | CVE-2019-10908 | Airsonic Project | Cryptographic Issues vulnerability in Airsonic Project Airsonic 10.2.1 In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. | 7.5 |
2019-04-05 | CVE-2019-6552 | Advantech | Command Injection vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
2019-04-05 | CVE-2019-6550 | Advantech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
2019-04-04 | CVE-2019-6553 | Rockwellautomation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. | 7.5 |
2019-04-04 | CVE-2018-20222 | Airsonic Project | XXE vulnerability in Airsonic Project Airsonic XXE issue in Airsonic before 10.1.2 during parse. | 7.5 |
2019-04-04 | CVE-2018-10243 | Oisf | Out-of-bounds Read vulnerability in Oisf Libhtp 0.5.26 htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. | 7.5 |
2019-04-04 | CVE-2018-10242 | Oisf Debian | Out-of-bounds Read vulnerability in multiple products Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. | 7.5 |
2019-04-04 | CVE-2019-10844 | Sony | Improper Input Validation vulnerability in Sony Neural Network Libraries nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted. | 7.5 |
2019-04-03 | CVE-2015-5463 | Axiomsl | Improper Authorization vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | 7.5 |
2019-04-03 | CVE-2018-4367 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved input validation. | 7.5 |
2019-04-03 | CVE-2018-4353 | Apple | Improper Input Validation vulnerability in Apple mac OS X A configuration issue was addressed with additional restrictions. | 7.5 |
2019-04-03 | CVE-2018-4310 | Apple | Improper Privilege Management vulnerability in Apple Iphone OS and mac OS X An access issue was addressed with additional sandbox restrictions. | 7.5 |
2019-04-03 | CVE-2018-4295 | Apple | Improper Input Validation vulnerability in Apple mac OS X An input validation issue was addressed with improved input validation. | 7.5 |
2019-04-03 | CVE-2019-5421 | Plataformatec | Improper Restriction of Excessive Authentication Attempts vulnerability in Plataformatec Devise Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. | 7.5 |
2019-04-02 | CVE-2019-6506 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm 7.11.0 SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | 7.5 |
2019-04-02 | CVE-2019-10708 | S CMS | SQL Injection vulnerability in S-Cms 1.0 S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | 7.5 |
2019-04-02 | CVE-2019-10707 | Mkcms Project | SQL Injection vulnerability in Mkcms Project Mkcms 5.0 MKCMS V5.0 has SQL injection via the bplay.php play parameter. | 7.5 |
2019-04-02 | CVE-2019-9946 | Kubernetes Cncf Netapp | Always-Incorrect Control Flow Implementation vulnerability in multiple products Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. | 7.5 |
2019-04-02 | CVE-2019-7475 | Sonicwall | Improper Access Control vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. | 7.5 |
2019-04-02 | CVE-2019-9759 | Tongda2000 | SQL Injection vulnerability in Tongda2000 Office Anywhere 10.18.190121 An issue was discovered in TONGDA Office Anywhere 10.18.190121. | 7.5 |
2019-04-01 | CVE-2018-17564 | Grandstream | Unspecified vulnerability in Grandstream products A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | 7.5 |
2019-04-01 | CVE-2019-6715 | Boldgrid | Unspecified vulnerability in Boldgrid W3 Total Cache pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. | 7.5 |
2019-04-01 | CVE-2019-3489 | Microfocus | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Content Manager An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. | 7.5 |
2019-04-01 | CVE-2019-5523 | Vmware | Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. | 7.5 |
2019-04-01 | CVE-2019-10686 | Ctrip | Server-Side Request Forgery (SSRF) vulnerability in Ctrip Apollo An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. | 7.5 |
2019-04-01 | CVE-2019-5889 | Overit | Path Traversal vulnerability in Overit Geocall 6.3 An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 7.5 |
2019-04-01 | CVE-2019-10684 | 74Cms | Code Injection vulnerability in 74Cms 5.0.1 Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. | 7.5 |
2019-04-01 | CVE-2019-3836 | GNU Fedoraproject Opensuse | Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | 7.5 |
2019-04-04 | CVE-2018-13918 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150 | 7.2 |
2019-04-04 | CVE-2018-11970 | Qualcomm | Unspecified vulnerability in Qualcomm products TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | 7.2 |
2019-04-04 | CVE-2018-11966 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 | 7.2 |
2019-04-04 | CVE-2018-11830 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A | 7.2 |
2019-04-03 | CVE-2018-1936 | IBM Linux Microsoft | Out-of-bounds Write vulnerability in IBM DB2 IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. | 7.2 |
2019-04-02 | CVE-2018-4049 | GOG | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.48.36 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). | 7.2 |
2019-04-01 | CVE-2019-9193 | Postgresql | OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. | 7.2 |
2019-04-01 | CVE-2019-5519 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). | 7.2 |
2019-04-01 | CVE-2019-5518 | Vmware | Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). | 7.2 |
2019-04-01 | CVE-2018-4050 | GOG | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 7.2 |
2019-04-03 | CVE-2018-4413 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory initialization issue was addressed with improved memory handling. | 7.1 |
2019-04-03 | CVE-2018-4363 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos An input validation issue existed in the kernel. | 7.1 |
2019-04-03 | CVE-2018-4289 | Apple | Information Exposure vulnerability in Apple mac OS X An information disclosure issue was addressed by removing the vulnerable code. | 7.1 |
2019-04-02 | CVE-2019-4043 | IBM | XXE vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
243 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-04-06 | CVE-2019-10905 | Parsedown | Cross-site Scripting vulnerability in Parsedown Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. | 6.8 |
2019-04-05 | CVE-2019-10888 | Ukcms | Cross-Site Request Forgery (CSRF) vulnerability in Ukcms 1.1.10 A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html. | 6.8 |
2019-04-05 | CVE-2019-10874 | Boltcms | Cross-Site Request Forgery (CSRF) vulnerability in Boltcms Bolt 3.6.6 Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | 6.8 |
2019-04-03 | CVE-2015-5384 | Axiomsl | Session Fixation vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack. | 6.8 |
2019-04-03 | CVE-2019-10240 | Eclipse | Cleartext Transmission of Sensitive Information vulnerability in Eclipse Hawkbit Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. | 6.8 |
2019-04-03 | CVE-2018-4464 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4443 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4442 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4441 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4438 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A logic issue existed resulting in memory corruption. | 6.8 |
2019-04-03 | CVE-2018-4437 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4435 | Apple | Improper Input Validation vulnerability in Apple products A logic issue was addressed with improved restrictions. | 6.8 |
2019-04-03 | CVE-2018-4423 | Apple | Improper Input Validation vulnerability in Apple mac OS X A logic issue was addressed with improved validation. | 6.8 |
2019-04-03 | CVE-2018-4416 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4414 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4412 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4411 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4394 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4392 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4386 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4384 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4382 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4378 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 6.8 |
2019-04-03 | CVE-2018-4376 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4375 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4373 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4372 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4371 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4361 | Apple Microsoft | Unspecified vulnerability in Apple products A memory consumption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4360 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4359 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4358 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4354 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4347 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4341 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4328 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4326 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4323 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4318 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4317 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4316 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 6.8 |
2019-04-03 | CVE-2018-4315 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4314 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4312 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4306 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4303 | Apple | Improper Input Validation vulnerability in Apple products An input validation issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4299 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4284 | Apple Microsoft | Incorrect Type Conversion or Cast vulnerability in Apple products A type confusion issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4280 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4275 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4272 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4269 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 6.8 |
2019-04-03 | CVE-2018-4267 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4265 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4264 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4263 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4261 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-4197 | Apple Microsoft | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 6.8 |
2019-04-03 | CVE-2018-4191 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 6.8 |
2019-04-03 | CVE-2018-4145 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
2019-04-03 | CVE-2018-20506 | Sqlite Apple Opensuse | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 6.8 |
2019-04-02 | CVE-2018-1622 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
2019-04-01 | CVE-2019-5514 | Vmware | Improper Input Validation vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2 VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. | 6.8 |
2019-04-01 | CVE-2019-9132 | Kakaocorp | Improper Input Validation vulnerability in Kakaocorp Kakaotalk 2.7.5.2024 Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. | 6.8 |
2019-04-01 | CVE-2018-13298 | Synology | Unspecified vulnerability in Synology Moments Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2019-04-01 | CVE-2014-7198 | Openmicroscopy | Cross-Site Request Forgery (CSRF) vulnerability in Openmicroscopy Omero OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | 6.8 |
2019-04-03 | CVE-2018-4434 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 6.6 |
2019-04-05 | CVE-2019-10873 | Freedesktop | NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 6.5 |
2019-04-05 | CVE-2019-10871 | Freedesktop | Out-of-bounds Read vulnerability in Freedesktop Poppler 0.74.0 An issue was discovered in Poppler 0.74.0. | 6.5 |
2019-04-04 | CVE-2019-10867 | Pimcore | Deserialization of Untrusted Data vulnerability in Pimcore An issue was discovered in Pimcore before 5.7.1. | 6.5 |
2019-04-04 | CVE-2019-10863 | Combodo | Code Injection vulnerability in Combodo Teemip A command injection vulnerability exists in TeemIp versions before 2.4.0. | 6.5 |
2019-04-04 | CVE-2019-7001 | Avaya | SQL Injection vulnerability in Avaya IP Office Contact Center A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. | 6.5 |
2019-04-04 | CVE-2019-10293 | Jenkins | Missing Authorization vulnerability in Jenkins Kmap A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10292 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Kmap A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10290 | Jenkins | Missing Authorization vulnerability in Jenkins Netsparker Cloud Scan A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10289 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Netsparker Cloud Scan A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10279 | Jenkins | Missing Authorization vulnerability in Jenkins Jenkins-Reviewbot A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-10278 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins-Reviewbot A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003099 | Jenkins | Missing Authorization vulnerability in Jenkins Openid A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003098 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003097 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Crowd Integration 1.0/1.1/1.2 Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003096 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Testfairy Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003095 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Perfecto Mobile Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003094 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Open STF Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003093 | Jenkins | Missing Authorization vulnerability in Jenkins Nomad A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003092 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Nomad A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003091 | Jenkins | Missing Authorization vulnerability in Jenkins Soasta Cloudtest A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003090 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Soasta Cloudtest A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003089 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Upload to Pgyer Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003088 | Jenkins | Missing Encryption of Sensitive Data vulnerability in Jenkins Fabric Beta Publisher Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-04-04 | CVE-2019-1003087 | Jenkins | Missing Authorization vulnerability in Jenkins Chef Sinatra 1.2 A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003086 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003085 | Jenkins | Missing Authorization vulnerability in Jenkins Zephyr Enterprise Test Management A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003084 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Zephyr Enterprise Test Management A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003083 | Jenkins | Missing Authorization vulnerability in Jenkins Gearman A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003082 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gearman A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003081 | Jenkins | Missing Authorization vulnerability in Jenkins Openshift Deployer A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003080 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openshift Deployer A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003079 | Jenkins | Missing Authorization vulnerability in Jenkins VMWare LAB Manager Slaves A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003078 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins VMWare LAB Manager Slaves A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003077 | Jenkins | Missing Authorization vulnerability in Jenkins Audit to Database A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003076 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Audit to Database A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003059 | Jenkins | Missing Authorization vulnerability in Jenkins FTP Publisher A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-04 | CVE-2019-1003058 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins FTP Publisher A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
2019-04-02 | CVE-2019-4080 | IBM | Resource Exhaustion vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. | 6.5 |
2019-04-01 | CVE-2018-3979 | Canonical Nvidia | Resource Exhaustion vulnerability in multiple products A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. | 6.5 |
2019-04-01 | CVE-2019-1002100 | Kubernetes Redhat | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. | 6.5 |
2019-04-01 | CVE-2019-3876 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. | 6.3 |
2019-04-05 | CVE-2019-10887 | Salicru | Cross-site Scripting vulnerability in Salicru Slc-20-Cube3(5) Cs121Snmp4.54.82.130611 A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request. | 6.1 |
2019-04-01 | CVE-2019-5888 | Overit | Cross-site Scripting vulnerability in Overit Geocall 6.3 Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977. | 6.1 |
2019-04-04 | CVE-2019-10856 | Jupyter | Open Redirect vulnerability in Jupyter Notebook In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. | 5.8 |
2019-04-03 | CVE-2018-4319 | Apple | Origin Validation Error vulnerability in Apple products A cross-origin issue existed with "iframe" elements. | 5.8 |
2019-04-03 | CVE-2018-4311 | Apple Microsoft | Information Exposure vulnerability in Apple products The issue was addressed by removing origin information. | 5.8 |
2019-04-02 | CVE-2018-15180 | Qasymphony | Open Redirect vulnerability in Qasymphony Qtest Manager 9.0.0 qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | 5.8 |
2019-04-01 | CVE-2018-8913 | Synology | Open Redirect vulnerability in Synology web Station Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | 5.8 |
2019-04-01 | CVE-2018-13283 | Synology | Unspecified vulnerability in Synology SSL VPN Client Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | 5.8 |
2019-04-01 | CVE-2017-16775 | Synology | Improper Input Validation vulnerability in Synology SSO Server Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 5.8 |
2019-04-04 | CVE-2018-20449 | Linux Netapp | Information Exposure vulnerability in multiple products The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. | 5.5 |
2019-04-01 | CVE-2019-1002101 | Kubernetes Redhat | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |
2019-04-04 | CVE-2019-3886 | Redhat Opensuse Fedoraproject | Missing Authorization vulnerability in multiple products An incorrect permissions check was discovered in libvirt 4.8.0 and above. | 5.4 |
2019-04-01 | CVE-2018-13297 | Synology | Information Exposure vulnerability in Synology Drive Server Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | 5.3 |
2019-04-03 | CVE-2017-7151 | Apple Microsoft | Race Condition vulnerability in Apple products A race condition was addressed with additional validation. | 5.1 |
2019-04-07 | CVE-2019-10907 | Airsonic Project | Inadequate Encryption Strength vulnerability in Airsonic Project Airsonic 10.2.1 Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. | 5.0 |
2019-04-05 | CVE-2019-9489 | Trendmicro | Path Traversal vulnerability in Trendmicro products A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | 5.0 |
2019-04-05 | CVE-2019-6554 | Advantech | Unspecified vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 5.0 |
2019-04-04 | CVE-2018-20229 | Gitlab | Path Traversal vulnerability in Gitlab GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. | 5.0 |
2019-04-03 | CVE-2015-5606 | Axway | Improper Input Validation vulnerability in Axway Vordel XML Gateway 7.2.2 Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. | 5.0 |
2019-04-03 | CVE-2018-4436 | Apple | Improper Certificate Validation vulnerability in Apple Iphone OS, Tvos and Watchos A certificate validation issue existed in configuration profiles. | 5.0 |
2019-04-03 | CVE-2018-4398 | Apple Microsoft | Improper Input Validation vulnerability in Apple products An issue existed in the method for determining prime numbers. | 5.0 |
2019-04-03 | CVE-2018-4369 | Apple | Improper Input Validation vulnerability in Apple products A logic issue was addressed with improved state management. | 5.0 |
2019-04-03 | CVE-2018-4366 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved input validation. | 5.0 |
2019-04-03 | CVE-2018-4356 | Apple | Unspecified vulnerability in Apple Iphone OS A permissions issue existed. | 5.0 |
2019-04-03 | CVE-2018-4329 | Apple | Data Processing Errors vulnerability in Apple Iphone OS and Safari Clearing a history item may not clear visits with redirect chains. | 5.0 |
2019-04-03 | CVE-2018-4321 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos A validation issue existed in the entitlement verification. | 5.0 |
2019-04-03 | CVE-2018-4293 | Apple Microsoft | Improper Input Validation vulnerability in Apple products A cookie management issue was addressed with improved checks. | 5.0 |
2019-04-03 | CVE-2018-4279 | Apple | Improper Input Validation vulnerability in Apple Safari An inconsistent user interface issue was addressed with improved state management. | 5.0 |
2019-04-03 | CVE-2018-4276 | Apple | NULL Pointer Dereference vulnerability in Apple mac OS X A null pointer dereference was addressed with improved validation. | 5.0 |
2019-04-03 | CVE-2018-4274 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari A spoofing issue existed in the handling of URLs. | 5.0 |
2019-04-03 | CVE-2018-4248 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 5.0 |
2019-04-03 | CVE-2018-4203 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 5.0 |
2019-04-03 | CVE-2018-20505 | Sqlite Apple Microsoft | SQL Injection vulnerability in multiple products SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 5.0 |
2019-04-03 | CVE-2019-5423 | Http Live Simulator Project | Path Traversal vulnerability in Http-Live-Simulator Project Http-Live-Simulator 1.0.5 Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. | 5.0 |
2019-04-02 | CVE-2018-12680 | Coapthon Project | Deserialization of Untrusted Data vulnerability in Coapthon Project Coapthon The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages. | 5.0 |
2019-04-02 | CVE-2017-6049 | 3M | Improper Authentication vulnerability in 3M Detcon Sitewatch Gateway Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. | 5.0 |
2019-04-02 | CVE-2017-6047 | 3M | Credentials Management vulnerability in 3M Detcon Sitewatch Gateway Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication. | 5.0 |
2019-04-02 | CVE-2018-12679 | Coapthon3 Project | Deserialization of Untrusted Data vulnerability in Coapthon3 Project Coapthon3 1.0/1.0.1 The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages. | 5.0 |
2019-04-02 | CVE-2019-7477 | Sonicwall | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. | 5.0 |
2019-04-02 | CVE-2018-1680 | IBM | Weak Password Requirements vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
2019-04-02 | CVE-2018-1618 | IBM | Path Traversal vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. | 5.0 |
2019-04-01 | CVE-2019-3792 | Pivotal Software | SQL Injection vulnerability in Pivotal Software Concourse Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. | 5.0 |
2019-04-01 | CVE-2018-17563 | Grandstream | Missing Encryption of Sensitive Data vulnerability in Grandstream products A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | 5.0 |
2019-04-01 | CVE-2018-13296 | Synology | Resource Exhaustion vulnerability in Synology Mailplus Server Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | 5.0 |
2019-04-01 | CVE-2018-13289 | Synology | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.0 |
2019-04-01 | CVE-2018-13288 | Synology | Information Exposure vulnerability in Synology File Station Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.0 |
2019-04-04 | CVE-2018-11971 | Qualcomm | Information Exposure vulnerability in Qualcomm products Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | 4.9 |
2019-04-04 | CVE-2018-11958 | Qualcomm | Unspecified vulnerability in Qualcomm products Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | 4.9 |
2019-04-03 | CVE-2018-4431 | Apple | Information Exposure vulnerability in Apple products A memory initialization issue was addressed with improved memory handling. | 4.9 |
2019-04-03 | CVE-2018-4283 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read issue existed that led to the disclosure of kernel memory. | 4.9 |
2019-04-03 | CVE-2018-4282 | Apple | Out-of-bounds Read vulnerability in Apple Iphone OS, Tvos and Watchos An out-of-bounds read issue existed that led to the disclosure of kernel memory. | 4.9 |
2019-04-02 | CVE-2018-4051 | GOG | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 4.9 |
2019-04-05 | CVE-2019-10885 | Ivanti | Permissions, Privileges, and Access Controls vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.90.0. | 4.6 |
2019-04-01 | CVE-2018-19113 | Pronestor | Incorrect Permission Assignment for Critical Resource vulnerability in Pronestor Health Monitoring 8.1.11.0 The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file. | 4.4 |
2019-04-07 | CVE-2019-10741 | K 9 Mail Project | 7PK - Security Features vulnerability in K-9 Mail Project K-9 Mail 5.600 K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. | 4.3 |
2019-04-07 | CVE-2019-10740 | Roundcube Fedoraproject Opensuse | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
2019-04-07 | CVE-2019-10735 | Claws Mail | Unspecified vulnerability in Claws-Mail Mail 3.14.1 In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
2019-04-07 | CVE-2019-10734 | Trojita Project | Inadequate Encryption Strength vulnerability in Trojita Project Trojita 0.7 In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
2019-04-07 | CVE-2019-10732 | KDE Debian | Cleartext Transmission of Sensitive Information vulnerability in multiple products In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
2019-04-06 | CVE-2019-10904 | Debian Roundup Tracker | Cross-site Scripting vulnerability in multiple products Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. | 4.3 |
2019-04-05 | CVE-2019-10884 | Uniqkey | Improper Authentication vulnerability in Uniqkey Password Manager 1.14 Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. | 4.3 |
2019-04-05 | CVE-2018-20816 | Salesagility | Cross-site Scripting vulnerability in Salesagility Suitecrm An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. | 4.3 |
2019-04-05 | CVE-2019-10875 | MI | Authentication Bypass by Spoofing vulnerability in MI Browser and Mint Browser A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. | 4.3 |
2019-04-04 | CVE-2019-1828 | Cisco | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. | 4.3 |
2019-04-04 | CVE-2019-1827 | Cisco | Cross-site Scripting vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. | 4.3 |
2019-04-04 | CVE-2014-3603 | Shibboleth | Improper Validation of Certificate with Host Mismatch vulnerability in Shibboleth Identity Provider and Opensaml Java The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
2019-04-03 | CVE-2015-5462 | Axiomsl | Injection vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. | 4.3 |
2019-04-03 | CVE-2019-10723 | Podofo Project | Allocation of Resources Without Limits or Throttling vulnerability in Podofo Project Podofo 0.9.6 An issue was discovered in PoDoFo 0.9.6. | 4.3 |
2019-04-03 | CVE-2018-4470 | Apple | Unspecified vulnerability in Apple mac OS X A privacy issue in the handling of Open Directory records was addressed with improved indexing. | 4.3 |
2019-04-03 | CVE-2018-4462 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4446 | Apple | Improper Input Validation vulnerability in Apple Iphone OS This issue was addressed with improved entitlements. | 4.3 |
2019-04-03 | CVE-2018-4440 | Apple Microsoft | Improper Input Validation vulnerability in Apple products A logic issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4439 | Apple Microsoft | Improper Input Validation vulnerability in Apple products A logic issue was addressed with improved validation. | 4.3 |
2019-04-03 | CVE-2018-4429 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Watchos A spoofing issue existed in the handling of URLs. | 4.3 |
2019-04-03 | CVE-2018-4418 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4417 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4409 | Apple Microsoft | Resource Exhaustion vulnerability in Apple products A resource exhaustion issue was addressed with improved input validation. | 4.3 |
2019-04-03 | CVE-2018-4403 | Apple | Information Exposure vulnerability in Apple mac OS X This issue was addressed by removing additional entitlements. | 4.3 |
2019-04-03 | CVE-2018-4400 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos A validation issue was addressed with improved logic. | 4.3 |
2019-04-03 | CVE-2018-4399 | Apple | Improper Input Validation vulnerability in Apple products An access issue existed with privileged API calls. | 4.3 |
2019-04-03 | CVE-2018-4396 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4389 | Apple | Improper Input Validation vulnerability in Apple mac OS X An inconsistent user interface issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4385 | Apple | Improper Input Validation vulnerability in Apple Iphone OS A logic issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4377 | Apple Microsoft | Cross-site Scripting vulnerability in Apple products A cross-site scripting issue existed in Safari. | 4.3 |
2019-04-03 | CVE-2018-4374 | Apple Microsoft | Cross-site Scripting vulnerability in Apple products A logic issue was addressed with improved validation. | 4.3 |
2019-04-03 | CVE-2018-4365 | Apple | Out-of-bounds Read vulnerability in Apple Iphone OS An out-of-bounds read was addressed with improved bounds checking. | 4.3 |
2019-04-03 | CVE-2018-4362 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari An inconsistent user interface issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4355 | Apple | Information Exposure vulnerability in Apple Iphone OS and mac OS X A configuration issue was addressed with additional restrictions. | 4.3 |
2019-04-03 | CVE-2018-4351 | Apple | Improper Initialization vulnerability in Apple mac OS X A memory initialization issue was addressed with improved memory handling. | 4.3 |
2019-04-03 | CVE-2018-4346 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue existed which allowed local file access. | 4.3 |
2019-04-03 | CVE-2018-4345 | Apple Microsoft | Cross-site Scripting vulnerability in Apple products A cross-site scripting issue existed in Safari. | 4.3 |
2019-04-03 | CVE-2018-4338 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4335 | Apple | Improper Input Validation vulnerability in Apple Iphone OS A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4333 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X A validation issue was addressed with improved input sanitization. | 4.3 |
2019-04-03 | CVE-2018-4324 | Apple | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X A permissions issue existed in the handling of the Apple ID. | 4.3 |
2019-04-03 | CVE-2018-4309 | Apple Microsoft | Cross-site Scripting vulnerability in Apple products A cross-site scripting issue existed in Safari. | 4.3 |
2019-04-03 | CVE-2018-4308 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved bounds checking. | 4.3 |
2019-04-03 | CVE-2018-4307 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari A logic issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4304 | Apple | Improper Input Validation vulnerability in Apple products A denial of service issue was addressed with improved validation. | 4.3 |
2019-04-03 | CVE-2018-4300 | Apple | Information Exposure vulnerability in Apple Cups The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. | 4.3 |
2019-04-03 | CVE-2018-4290 | Apple | Unspecified vulnerability in Apple Iphone OS and Watchos A denial of service issue was addressed with improved memory handling. | 4.3 |
2019-04-03 | CVE-2018-4273 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved input validation. | 4.3 |
2019-04-03 | CVE-2018-4271 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple memory corruption issues were addressed with improved input validation. | 4.3 |
2019-04-03 | CVE-2018-4270 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 4.3 |
2019-04-03 | CVE-2018-4266 | Apple Microsoft | Race Condition vulnerability in Apple products A race condition was addressed with additional validation. | 4.3 |
2019-04-03 | CVE-2018-4260 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari An inconsistent user interface issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4216 | Apple | Unspecified vulnerability in Apple Iphone OS A logic issue existed in the handling of call URLs. | 4.3 |
2019-04-03 | CVE-2018-4195 | Apple | Improper Input Validation vulnerability in Apple Safari An inconsistent user interface issue was addressed with improved state management. | 4.3 |
2019-04-03 | CVE-2018-4153 | Apple | Injection vulnerability in Apple mac OS X An injection issue was addressed with improved validation. | 4.3 |
2019-04-03 | CVE-2019-5422 | Buttle Project | Cross-site Scripting vulnerability in Buttle Project Buttle 0.2.0 XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. | 4.3 |
2019-04-02 | CVE-2018-18035 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | 4.3 |
2019-04-02 | CVE-2019-10714 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. | 4.3 |
2019-04-02 | CVE-2019-6531 | Kunbus | Unspecified vulnerability in Kunbus Pr100088 Modbus Gateway Firmware 1.0.10232 An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position. | 4.3 |
2019-04-05 | CVE-2019-9490 | Trendmicro | Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. | 4.0 |
2019-04-05 | CVE-2019-10876 | Openstack Redhat | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. | 4.0 |
2019-04-05 | CVE-2019-10868 | Tryton Debian | Missing Authorization vulnerability in multiple products In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. | 4.0 |
2019-04-04 | CVE-2019-10273 | Zohocorp | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.0 |
2019-04-03 | CVE-2018-4460 | Apple | Improper Input Validation vulnerability in Apple products A denial of service issue was addressed by removing the vulnerable code. | 4.0 |
2019-04-03 | CVE-2018-4445 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari "Clear History and Website Data" did not clear the history. | 4.0 |
2019-04-03 | CVE-2018-4406 | Apple | Improper Input Validation vulnerability in Apple mac OS X A denial of service issue was addressed with improved validation. | 4.0 |
2019-04-03 | CVE-2018-4397 | Apple | Improper Input Validation vulnerability in Apple Support Analytics data was sent using HTTP rather than HTTPS. | 4.0 |
2019-04-03 | CVE-2018-4368 | Apple | Improper Input Validation vulnerability in Apple products A denial of service issue was addressed with improved validation. | 4.0 |
2019-04-02 | CVE-2019-7474 | Sonicwall | Improper Access Control vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. | 4.0 |
2019-04-02 | CVE-2018-1917 | IBM | Information Exposure vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. | 4.0 |
2019-04-02 | CVE-2018-1906 | IBM | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. | 4.0 |
2019-04-02 | CVE-2018-1626 | IBM | Session Fixation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.0 |
2019-04-02 | CVE-2018-1625 | IBM | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.0 |
2019-04-01 | CVE-2018-13299 | Synology | Path Traversal vulnerability in Synology Calendar Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. | 4.0 |
2019-04-01 | CVE-2018-13295 | Synology | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | 4.0 |
2019-04-01 | CVE-2018-13294 | Synology | Information Exposure vulnerability in Synology Application Service Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | 4.0 |
2019-04-01 | CVE-2018-13292 | Synology | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
2019-04-01 | CVE-2018-13291 | Synology | Information Exposure vulnerability in Synology Diskstation Manager Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
2019-04-01 | CVE-2018-13290 | Synology | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | 4.0 |
2019-04-01 | CVE-2018-13287 | Synology | Incorrect Default Permissions vulnerability in Synology Router Manager Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
2019-04-01 | CVE-2018-13286 | Synology | Incorrect Default Permissions vulnerability in Synology Diskstation Manager Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 4.0 |
25 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-04-02 | CVE-2019-4093 | IBM Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Protect 8.1.7 IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. | 3.6 |
2019-04-03 | CVE-2019-10261 | Centos Webpanel | Cross-site Scripting vulnerability in Centos-Webpanel Centos web Panel 0.9.8.789 CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action. | 3.5 |
2019-04-03 | CVE-2018-1913 | IBM | Cross-site Scripting vulnerability in IBM Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. | 3.5 |
2019-04-03 | CVE-2018-1731 | IBM | Cross-site Scripting vulnerability in IBM Doors Next Generation 5.0/6.0/6.0.2 IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. | 3.5 |
2019-04-01 | CVE-2018-17989 | Dlink | Cross-site Scripting vulnerability in Dlink Dsl-3782 Firmware 1.01 A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. | 3.5 |
2019-04-01 | CVE-2018-13293 | Synology | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | 3.5 |
2019-04-01 | CVE-2017-16774 | Synology | Cross-site Scripting vulnerability in Synology Diskstation Manager Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | 3.5 |
2019-04-03 | CVE-2018-4305 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos An input validation issue was addressed with improved input validation. | 3.3 |
2019-04-03 | CVE-2018-4430 | Apple | Information Exposure vulnerability in Apple Iphone OS A lock screen issue allowed access to contacts on a locked device. | 2.1 |
2019-04-03 | CVE-2018-4395 | Apple | Improper Input Validation vulnerability in Apple products This issue was addressed with improved checks. | 2.1 |
2019-04-03 | CVE-2018-4388 | Apple | Information Exposure vulnerability in Apple Iphone OS A lock screen issue allowed access to the share function on a locked device. | 2.1 |
2019-04-03 | CVE-2018-4387 | Apple | Information Exposure vulnerability in Apple Iphone OS A lock screen issue allowed access to photos via Reply With Message on a locked device. | 2.1 |
2019-04-03 | CVE-2018-4380 | Apple | Information Exposure vulnerability in Apple Iphone OS A lock screen issue allowed access to photos and contacts on a locked device. | 2.1 |
2019-04-03 | CVE-2018-4379 | Apple | Information Exposure vulnerability in Apple Iphone OS A lock screen issue allowed access to the share function on a locked device. | 2.1 |
2019-04-03 | CVE-2018-4352 | Apple | Information Exposure vulnerability in Apple Iphone OS A consistency issue existed in the handling of application snapshots. | 2.1 |
2019-04-03 | CVE-2018-4348 | Apple | Improper Input Validation vulnerability in Apple mac OS X A validation issue was addressed with improved logic. | 2.1 |
2019-04-03 | CVE-2018-4342 | Apple | Improper Input Validation vulnerability in Apple mac OS X A configuration issue was addressed with additional restrictions. | 2.1 |
2019-04-03 | CVE-2018-4325 | Apple | Information Exposure vulnerability in Apple Iphone OS A logic issue was addressed with improved restrictions. | 2.1 |
2019-04-03 | CVE-2018-4322 | Apple | Improper Input Validation vulnerability in Apple Iphone OS This issue was addressed with improved entitlements. | 2.1 |
2019-04-03 | CVE-2018-4313 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos A consistency issue existed in the handling of application snapshots. | 2.1 |
2019-04-03 | CVE-2018-4178 | Apple | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X A permissions issue existed in which execute permission was incorrectly granted. | 2.1 |
2019-04-02 | CVE-2018-4053 | GOG | Improper Input Validation vulnerability in GOG Galaxy 1.2.47 An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 2.1 |
2019-04-02 | CVE-2018-4052 | GOG | Information Exposure vulnerability in GOG Galaxy 1.2.47 An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 2.1 |
2019-04-02 | CVE-2018-1874 | IBM | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. | 2.1 |
2019-04-02 | CVE-2018-1623 | IBM | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |