Weekly Vulnerabilities Reports > April 15 to 21, 2019

Overview

217 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 487 products from 91 vendors including Cisco, Gitlab, Google, Fedoraproject, and Siemens. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Out-of-bounds Read", "Cross-Site Request Forgery (CSRF)", and "Improper Authentication".

  • 182 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 63 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 184 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-04-18 CVE-2019-9161 Xinruidz OS Command Injection vulnerability in Xinruidz Sundray WAN Controller Firmware

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password.

10.0
2019-04-18 CVE-2019-9160 Xinruidz Use of Hard-coded Credentials vulnerability in Xinruidz Sundray WAN Controller Firmware

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).

10.0
2019-04-15 CVE-2019-4202 IBM OS Command Injection vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection.

10.0
2019-04-19 CVE-2019-11351 Teamspeak Untrusted Search Path vulnerability in Teamspeak

TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.

9.3
2019-04-19 CVE-2019-2028 Google Improper Input Validation vulnerability in Google Android

In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved.

9.3
2019-04-19 CVE-2019-2027 Google Out-of-bounds Write vulnerability in Google Android

In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check.

9.3
2019-04-17 CVE-2019-3709 Dell Cross-site Scripting vulnerability in Dell EMC Isilonsd Management Server 1.1.0

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers.

9.3
2019-04-17 CVE-2019-3708 Dell Cross-site Scripting vulnerability in Dell EMC Isilonsd Management Server 1.1.0

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file.

9.3
2019-04-15 CVE-2019-0232 Apache OS Command Injection vulnerability in Apache Tomcat

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows.

9.3
2019-04-18 CVE-2019-3398 Atlassian Path Traversal vulnerability in Atlassian Confluence

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource.

9.0
2019-04-17 CVE-2019-6570 Siemens Improper Handling of Insufficient Permissions or Privileges vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0).

9.0
2019-04-15 CVE-2019-4203 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks.

9.0

39 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-04-18 CVE-2019-3719 Dell Improper Input Validation vulnerability in Dell Supportassist

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability.

7.9
2019-04-18 CVE-2019-1840 Cisco Improper Initialization vulnerability in Cisco Prime Network Registrar

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system.

7.8
2019-04-18 CVE-2019-1837 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI.

7.8
2019-04-17 CVE-2019-1718 Cisco Resource Management Errors vulnerability in Cisco Identity Services Engine 2.1(0.907)

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition.

7.8
2019-04-17 CVE-2019-6575 Siemens Improper Handling of Exceptional Conditions vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl.

7.8
2019-04-17 CVE-2018-16561 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16).

7.8
2019-04-17 CVE-2018-16559 Siemens Improper Input Validation vulnerability in Siemens Simatic S7-1500 Firmware

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5).

7.8
2019-04-17 CVE-2018-16558 Siemens Improper Input Validation vulnerability in Siemens Simatic S7-1500 Firmware

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5).

7.8
2019-04-20 CVE-2019-11371 Burrow Wheeler Aligner Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Burrow-Wheeler Aligner Project Burrow-Wheeler Aligner 0.7.17

BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.

7.5
2019-04-20 CVE-2019-11365 Atftp Project Out-of-bounds Write vulnerability in Atftp Project Atftp 0.7.1

An issue was discovered in atftpd in atftp 0.7.1.

7.5
2019-04-20 CVE-2019-11362 Rocboss SQL Injection vulnerability in Rocboss 2.2.1

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

7.5
2019-04-19 CVE-2018-20817 Activision Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Activision products

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request.

7.5
2019-04-19 CVE-2019-2030 Google Use After Free vulnerability in Google Android 9.0

In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free.

7.5
2019-04-19 CVE-2019-11344 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.8

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.

7.5
2019-04-18 CVE-2019-11223 Supportcandy Unrestricted Upload of File with Dangerous Type vulnerability in Supportcandy

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

7.5
2019-04-18 CVE-2019-11322 Motorola OS Command Injection vulnerability in Motorola CX2 Firmware and M2 Firmware

An issue was discovered in Motorola CX2 1.01 and M2 1.01.

7.5
2019-04-18 CVE-2019-11320 Motorola Unspecified vulnerability in Motorola CX2 Firmware and M2 Firmware

In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.

7.5
2019-04-18 CVE-2019-11319 Motorola OS Command Injection vulnerability in Motorola CX2 Firmware and M2 Firmware

An issue was discovered in Motorola CX2 1.01 and M2 1.01.

7.5
2019-04-17 CVE-2019-1710 Cisco Improper Input Validation vulnerability in Cisco IOS XR

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.

7.5
2019-04-17 CVE-2019-10643 Contao Key Management Errors vulnerability in Contao CMS 4.7.0

Contao 4.7 allows Use of a Key Past its Expiration Date.

7.5
2019-04-17 CVE-2019-9756 Gitlab Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-04-17 CVE-2019-9217 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-04-17 CVE-2019-9174 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-04-17 CVE-2019-0228 Apache XXE vulnerability in Apache Pdfbox 2.0.14

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

7.5
2019-04-17 CVE-2019-6579 Siemens Unspecified vulnerability in Siemens Spectrum Power 4

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal).

7.5
2019-04-17 CVE-2017-11430 Omnitauth Saml Project Improper Authentication vulnerability in Omnitauth-Saml Project Omnitauth-Saml

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

7.5
2019-04-17 CVE-2017-11429 Clever Improper Authentication vulnerability in Clever Saml2-Js

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

7.5
2019-04-17 CVE-2017-11428 Onelogin Improper Authentication vulnerability in Onelogin Ruby-Saml

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

7.5
2019-04-17 CVE-2017-11427 Onelogin Improper Authentication vulnerability in Onelogin Pythonsaml

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

7.5
2019-04-16 CVE-2018-19971 Jfrog Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

7.5
2019-04-16 CVE-2019-9845 Miniblog Core Project Improper Input Validation vulnerability in Miniblog.Core Project Miniblog.Core

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.

7.5
2019-04-15 CVE-2018-18018 Tribulant SQL Injection vulnerability in Tribulant Slideshow Gallery 1.6.8

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

7.5
2019-04-15 CVE-2019-4012 IBM SQL Injection vulnerability in IBM products

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection.

7.5
2019-04-18 CVE-2019-1829 Cisco OS Command Injection vulnerability in Cisco Aironet Access Point Firmware

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication.

7.2
2019-04-17 CVE-2019-1654 Cisco Missing Authentication for Critical Function vulnerability in Cisco Ap-Cos

A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS.

7.2
2019-04-17 CVE-2018-4006 Shimovpn Improper Input Validation vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality.

7.2
2019-04-17 CVE-2018-4005 Shimovpn Improper Input Validation vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function.

7.2
2019-04-15 CVE-2018-4009 Shimovpn Download of Code Without Integrity Check vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing.

7.2
2019-04-15 CVE-2018-4008 Shimovpn Improper Privilege Management vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command.

7.2

148 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-04-19 CVE-2019-2041 Google Insecure Default Initialization of Resource vulnerability in Google Android 8.1/9.0

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value.

6.9
2019-04-20 CVE-2019-11374 74Cms Cross-Site Request Forgery (CSRF) vulnerability in 74Cms 5.0.1

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

6.8
2019-04-19 CVE-2019-11354 EA Code Injection vulnerability in EA Origin 10.5.36

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler.

6.8
2019-04-19 CVE-2019-2035 Google Out-of-bounds Write vulnerability in Google Android

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check.

6.8
2019-04-19 CVE-2019-2034 Google Integer Overflow or Wraparound vulnerability in Google Android

In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow.

6.8
2019-04-19 CVE-2019-2029 Google Use After Free vulnerability in Google Android

In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free.

6.8
2019-04-19 CVE-2019-11339 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.

6.8
2019-04-19 CVE-2019-11338 Ffmpeg NULL Pointer Dereference vulnerability in Ffmpeg 4.1.2

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

6.8
2019-04-18 CVE-2019-11332 Mkcms Project Unspecified vulnerability in Mkcms Project Mkcms 5.0

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.

6.8
2019-04-18 CVE-2019-11331 NTP Unspecified vulnerability in NTP

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.

6.8
2019-04-18 CVE-2019-3718 Dell Cross-Site Request Forgery (CSRF) vulnerability in Dell Supportassist

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.

6.8
2019-04-18 CVE-2019-9005 Cprime Path Traversal vulnerability in Cprime Power Scripts

The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.

6.8
2019-04-18 CVE-2019-1830 Cisco Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition.

6.8
2019-04-18 CVE-2019-1797 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration.

6.8
2019-04-18 CVE-2019-1721 Cisco Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system.

6.8
2019-04-18 CVE-2019-1720 Cisco Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system.

6.8
2019-04-17 CVE-2018-0248 Cisco Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device.

6.8
2019-04-17 CVE-2019-10642 Contao Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0

Contao 4.7 allows CSRF.

6.8
2019-04-17 CVE-2019-10951 Deltaww Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Cncsoft Screeneditor 1.00.88

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior.

6.8
2019-04-17 CVE-2019-10947 Deltaww Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Cncsoft Screeneditor 1.00.88

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior.

6.8
2019-04-17 CVE-2019-9499 W1 FI
Fedoraproject
Opensuse
Debian
Synology
Freebsd
Improper Authentication vulnerability in multiple products

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

6.8
2019-04-17 CVE-2019-9498 W1 FI
Fedoraproject
Opensuse
Debian
Synology
Freebsd
Improper Authentication vulnerability in multiple products

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

6.8
2019-04-17 CVE-2019-9497 W1 FI
Fedoraproject
Improper Authentication vulnerability in multiple products

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.

6.8
2019-04-16 CVE-2018-18489 TP Link Unspecified vulnerability in Tp-Link Wr840N Firmware 3.16.9

The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.

6.8
2019-04-15 CVE-2018-16966 File Manager Project Cross-Site Request Forgery (CSRF) vulnerability in File Manager Project File Manager 3.0

There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

6.8
2019-04-15 CVE-2018-17584 Wpfastestcache Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache 0.8.8.5

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

6.8
2019-04-15 CVE-2019-11222 Gpac
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

6.8
2019-04-15 CVE-2019-11221 Gpac
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

6.8
2019-04-15 CVE-2017-7777 Mozilla
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

6.8
2019-04-15 CVE-2017-7773 Mozilla
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

6.8
2019-04-15 CVE-2017-18366 Intelliants Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.1.5

Subrion CMS 4.1.5 has CSRF in blog/delete/.

6.8
2019-04-17 CVE-2018-4007 Shimovpn Improper Input Validation vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality.

6.6
2019-04-20 CVE-2019-11378 Projectsend Unrestricted Upload of File with Dangerous Type vulnerability in Projectsend R1053

An issue was discovered in ProjectSend r1053.

6.5
2019-04-20 CVE-2019-11377 Wcms Unrestricted Upload of File with Dangerous Type vulnerability in Wcms 0.3.2

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

6.5
2019-04-20 CVE-2019-11376 Brassica Code Injection vulnerability in Brassica SOY CMS 3.0.2

** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box.

6.5
2019-04-18 CVE-2019-10306 Jenkins 7PK - Security Features vulnerability in Jenkins Ontrack

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.

6.5
2019-04-15 CVE-2019-11229 Gitea Unspecified vulnerability in Gitea

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.

6.5
2019-04-18 CVE-2019-11035 PHP
Canonical
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.

6.4
2019-04-18 CVE-2019-11034 PHP
Canonical
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.

6.4
2019-04-17 CVE-2019-9890 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

6.4
2019-04-17 CVE-2018-13808 Siemens Information Exposure vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions).

6.4
2019-04-15 CVE-2019-4178 IBM Path Traversal vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system.

6.4
2019-04-15 CVE-2017-7774 Mozilla
SIL
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

6.4
2019-04-18 CVE-2019-1800 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2019-04-18 CVE-2019-1799 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2019-04-18 CVE-2019-1796 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2019-04-17 CVE-2019-3798 Cloudfoundry Improper Authentication vulnerability in Cloudfoundry Capi-Release

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions.

6.0
2019-04-17 CVE-2019-9176 Gitlab Cross-Site Request Forgery (CSRF) vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.8
2019-04-15 CVE-2019-5517 Vmware Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator.

5.8
2019-04-15 CVE-2019-5516 Vmware Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality.

5.8
2019-04-15 CVE-2017-7776 Mozilla
SIL
Out-of-bounds Read vulnerability in multiple products

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

5.8
2019-04-15 CVE-2017-7771 Mozilla
SIL
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

5.8
2019-04-18 CVE-2019-1841 Cisco Improper Input Validation vulnerability in Cisco DNA Center

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication.

5.5
2019-04-18 CVE-2019-1826 Cisco Improper Input Validation vulnerability in Cisco Aironet Access Point Firmware 8.5(131.3)

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

5.5
2019-04-17 CVE-2019-9222 Gitlab Path Traversal vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.5
2019-04-21 CVE-2019-11391 Modsecurity Incorrect Regular Expression vulnerability in Modsecurity Owasp Modsecurity Core Rule SET 3.0.0/3.0.2/3.1.0

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0.

5.0
2019-04-21 CVE-2019-11390 Modsecurity Incorrect Regular Expression vulnerability in Modsecurity Owasp Modsecurity Core Rule SET 3.0.0/3.0.2/3.1.0

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0.

5.0
2019-04-21 CVE-2019-11389 Modsecurity Incorrect Regular Expression vulnerability in Modsecurity Owasp Modsecurity Core Rule SET 3.0.0/3.0.2/3.1.0

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0.

5.0
2019-04-21 CVE-2019-11388 Modsecurity Incorrect Regular Expression vulnerability in Modsecurity Owasp Modsecurity Core Rule SET 3.0.0/3.0.2/3.1.0

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0.

5.0
2019-04-21 CVE-2019-11387 Modsecurity Incorrect Regular Expression vulnerability in Modsecurity Owasp Modsecurity Core Rule SET 3.0.0/3.0.2/3.1.0

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0.

5.0
2019-04-19 CVE-2019-11350 Cloudbees Insufficiently Protected Credentials vulnerability in Cloudbees Jenkins Operations Center 2.150.2.3

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.

5.0
2019-04-19 CVE-2019-2037 Google Out-of-bounds Read vulnerability in Google Android

In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check.

5.0
2019-04-19 CVE-2019-5008 Qemu NULL Pointer Dereference vulnerability in Qemu 3.1.50

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

5.0
2019-04-19 CVE-2019-4055 IBM Improper Input Validation vulnerability in IBM MQ and MQ Appliance

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function.

5.0
2019-04-19 CVE-2018-1729 IBM Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2

IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users.

5.0
2019-04-19 CVE-2019-10245 Eclipse Improper Input Validation vulnerability in Eclipse Openj9

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes.

5.0
2019-04-18 CVE-2019-11324 Python
Canonical
Improper Certificate Validation vulnerability in multiple products

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome.

5.0
2019-04-18 CVE-2019-3885 Clusterlabs
Canonical
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

5.0
2019-04-18 CVE-2019-8999 Blackberry XXE vulnerability in Blackberry Unified Endpoint Management

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

5.0
2019-04-18 CVE-2019-11321 Motorola Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware and M2 Firmware

An issue was discovered in Motorola CX2 1.01 and M2 1.01.

5.0
2019-04-18 CVE-2016-10746 Redhat
Debian
7PK - Security Features vulnerability in multiple products

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

5.0
2019-04-18 CVE-2019-1831 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2023/12.0.0208

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device.

5.0
2019-04-17 CVE-2019-1712 Cisco Improper Input Validation vulnerability in Cisco IOS XR

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device.

5.0
2019-04-17 CVE-2019-1711 Cisco Improper Input Validation vulnerability in Cisco IOS XR

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2019-04-17 CVE-2019-1686 Cisco Unspecified vulnerability in Cisco IOS XR

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device.

5.0
2019-04-17 CVE-2018-0382 Cisco Improper Authentication vulnerability in Cisco Wireless LAN Controller Software 8.1(111.0)/8.5(120.0)

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.

5.0
2019-04-17 CVE-2019-10641 Contao Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.

5.0
2019-04-17 CVE-2019-9225 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9224 Gitlab Missing Authorization vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9223 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9220 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9178 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9175 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-9170 Gitlab Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

5.0
2019-04-17 CVE-2019-10953 ABB
Phoenixcontact
Schneider Electric
Siemens
Wago
Resource Exhaustion vulnerability in multiple products

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions.

5.0
2019-04-17 CVE-2018-7340 Cisco Improper Authentication vulnerability in Cisco DUO Network Gateway

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

5.0
2019-04-17 CVE-2018-10959 Beyondtrust Untrusted Search Path vulnerability in Beyondtrust Avecto Defendpoint

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.

5.0
2019-04-17 CVE-2019-9496 W1 FI
Fedoraproject
Improper Authentication vulnerability in multiple products

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode.

5.0
2019-04-17 CVE-2019-6568 Siemens Out-of-bounds Read vulnerability in Siemens products

A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl.

5.0
2019-04-17 CVE-2019-3883 Fedoraproject
Debian
Redhat
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads.

5.0
2019-04-15 CVE-2019-6609 F5 Insufficiently Protected Credentials vulnerability in F5 products

Platform dependent weakness.

5.0
2019-04-15 CVE-2019-6526 Moxa Cryptographic Issues vulnerability in Moxa products

Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.

5.0
2019-04-15 CVE-2019-11228 Gitea Improper Input Validation vulnerability in Gitea

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.

5.0
2019-04-17 CVE-2018-4004 Shimovpn Improper Input Validation vulnerability in Shimovpn Shimo VPN 4.1.5.1

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality.

4.9
2019-04-19 CVE-2019-2040 Google Out-of-bounds Read vulnerability in Google Android 9.0

In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check.

4.7
2019-04-19 CVE-2019-2039 Google Out-of-bounds Read vulnerability in Google Android

In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check.

4.7
2019-04-19 CVE-2019-2033 Google Use After Free vulnerability in Google Android 9.0

In create_hdr of dnssd_clientstub.c, there is a possible use after free.

4.6
2019-04-19 CVE-2019-2032 Google Out-of-bounds Write vulnerability in Google Android 8.0/8.1/9.0

In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check.

4.6
2019-04-19 CVE-2019-2031 Google Out-of-bounds Write vulnerability in Google Android

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check.

4.6
2019-04-19 CVE-2019-2026 Google Missing Authorization vulnerability in Google Android 8.0

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check.

4.6
2019-04-18 CVE-2018-16877 Clusterlabs
Canonical
Fedoraproject
Improper Authentication vulnerability in multiple products

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0.

4.6
2019-04-17 CVE-2019-0163 Intel Improper Input Validation vulnerability in Intel I5-5350U Firmware

Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.

4.6
2019-04-17 CVE-2019-0158 Intel Unspecified vulnerability in Intel Graphics Performance Analyzer 18.4

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-04-17 CVE-2018-18094 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Media SDK 2017/2018

Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-04-20 CVE-2019-11375 Meisivod Cross-Site Request Forgery (CSRF) vulnerability in Meisivod Msvod 10

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

4.3
2019-04-20 CVE-2019-11373 Mediaarea
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

4.3
2019-04-20 CVE-2019-11372 Mediaarea
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

4.3
2019-04-20 CVE-2019-11366 Atftp Project NULL Pointer Dereference vulnerability in Atftp Project Atftp 0.7.1

An issue was discovered in atftpd in atftp 0.7.1.

4.3
2019-04-20 CVE-2019-11359 I Librarian Cross-site Scripting vulnerability in I-Librarian I, Librarian 4.10

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.

4.3
2019-04-20 CVE-2019-11358 Jquery
Debian
Drupal
Backdropcms
Fedoraproject
Opensuse
Netapp
Redhat
Oracle
Cross-site Scripting vulnerability in multiple products

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution.

4.3
2019-04-19 CVE-2019-2038 Google Out-of-bounds Read vulnerability in Google Android

In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check.

4.3
2019-04-19 CVE-2019-9841 Vestacp Cross-site Scripting vulnerability in Vestacp Control Panel 0.9.823

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

4.3
2019-04-19 CVE-2019-10886 Sony Missing Authentication for Critical Function vulnerability in Sony Photo Sharing Plus

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs).

4.3
2019-04-19 CVE-2019-11340 Matrix Improper Input Validation vulnerability in Matrix Sydent 1.0.0/1.0.1

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled.

4.3
2019-04-18 CVE-2019-11084 Gbraad Cross-site Scripting vulnerability in Gbraad Gauth 0.9.9

GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies.

4.3
2019-04-18 CVE-2018-20200 Squareup Improper Certificate Validation vulnerability in Squareup Okhttp

** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.

4.3
2019-04-18 CVE-2019-10304 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Deploy

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.

4.3
2019-04-18 CVE-2018-17168 Printeron Cross-Site Request Forgery (CSRF) vulnerability in Printeron 4.1.4

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page.

4.3
2019-04-18 CVE-2019-1792 Cisco Cross-site Scripting vulnerability in Cisco Umbrella

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella.

4.3
2019-04-18 CVE-2019-1722 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.

4.3
2019-04-17 CVE-2019-9219 Gitlab Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

4.3
2019-04-17 CVE-2019-9179 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

4.3
2019-04-17 CVE-2019-9172 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

4.3
2019-04-17 CVE-2019-9171 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

4.3
2019-04-17 CVE-2019-10949 Deltaww Out-of-bounds Read vulnerability in Deltaww Cncsoft Screeneditor 1.00.88

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior.

4.3
2019-04-17 CVE-2019-9495 W1 FI
Fedoraproject
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.

4.3
2019-04-17 CVE-2019-9494 W1 FI
Fedoraproject
Information Exposure vulnerability in multiple products

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.

4.3
2019-04-17 CVE-2018-13810 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions).

4.3
2019-04-17 CVE-2018-13809 Siemens Cross-site Scripting vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions).

4.3
2019-04-15 CVE-2018-18019 Tribulant Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

4.3
2019-04-15 CVE-2018-18017 Tribulant Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

4.3
2019-04-15 CVE-2018-16967 File Manager Project Cross-site Scripting vulnerability in File Manager Project File Manager 3.0

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

4.3
2019-04-15 CVE-2018-17586 Wpfastestcache Cross-site Scripting vulnerability in Wpfastestcache WP Fastest Cache 0.8.8.5

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.

4.3
2019-04-15 CVE-2018-17585 Wpfastestcache Cross-site Scripting vulnerability in Wpfastestcache WP Fastest Cache 0.8.8.5

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.

4.3
2019-04-15 CVE-2018-17583 Wpfastestcache Cross-site Scripting vulnerability in Wpfastestcache WP Fastest Cache 0.8.8.5

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.

4.3
2019-04-15 CVE-2019-5520 Vmware Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability.

4.3
2019-04-15 CVE-2019-11236 Python CRLF Injection vulnerability in Python Urllib3

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

4.3
2019-04-15 CVE-2018-1925 IBM Inadequate Encryption Strength vulnerability in IBM Websphere MQ 9.1.0.0/9.1.0.1/9.1.1

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

4.3
2019-04-15 CVE-2018-18261 Bijiadao Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.

4.3
2019-04-18 CVE-2018-17289 Kofax XXE vulnerability in Kofax Front Office Server 4.1.1.11.0.5212

An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

4.0
2019-04-18 CVE-2018-17287 Kofax Insufficient Verification of Data Authenticity vulnerability in Kofax Front Office Server 4.1.1.11.0.5212

In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation.

4.0
2019-04-18 CVE-2019-10305 Jenkins Permissions, Privileges, and Access Controls vulnerability in Jenkins Xebialabs XL Deploy

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

4.0
2019-04-18 CVE-2019-10303 Jenkins Credentials Management vulnerability in Jenkins Azure Publishersettings Credentials 1.0/1.1/1.2

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

4.0
2019-04-18 CVE-2019-10302 Jenkins Credentials Management vulnerability in Jenkins Jira-Ext

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

4.0
2019-04-18 CVE-2019-10301 Jenkins Credentials Management vulnerability in Jenkins Gitlab

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2019-04-17 CVE-2018-20028 Contao Unspecified vulnerability in Contao CMS

Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.

4.0
2019-04-17 CVE-2018-13378 Fortinet Information Exposure vulnerability in Fortinet Fortisiem

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.

4.0
2019-04-16 CVE-2019-7155 Gitlab Improper Privilege Management vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-04-18 CVE-2019-1794 Cisco Uncontrolled Search Path Element vulnerability in Cisco Meeting Server 2.2

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing.

3.6
2019-04-18 CVE-2019-1725 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System 4.0(1B)A

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk.

3.6
2019-04-17 CVE-2019-8455 Checkpoint Link Following vulnerability in Checkpoint Zonealarm

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file.

3.6
2019-04-18 CVE-2019-10893 Centos Webpanel Cross-site Scripting vulnerability in Centos-Webpanel Centos web Panel 0.9.8.753/0.9.8.793

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen.

3.5
2019-04-18 CVE-2019-11017 Dlink Cross-site Scripting vulnerability in Dlink Di-524 Firmware 2.06Ru

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.

3.5
2019-04-18 CVE-2018-17288 Kofax Cross-site Scripting vulnerability in Kofax Front Office Server 4.1.1.11.0.5212

Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).

3.5
2019-04-18 CVE-2019-10300 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

3.5
2019-04-18 CVE-2019-1802 Cisco Cross-site Scripting vulnerability in Cisco Firepower Management Center 6.2.3/6.3.0/6.4.0

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

3.5
2019-04-18 CVE-2019-1777 Cisco Cross-site Scripting vulnerability in Cisco Registered Envelope Service 5.3.4027

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service.

3.5
2019-04-18 CVE-2019-1719 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.474)

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2019-04-18 CVE-2019-1834 Cisco Improper Input Validation vulnerability in Cisco Aironet Access Point Firmware 8.5(131.0)

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured.

3.3
2019-04-18 CVE-2019-1805 Cisco Improper Access Control vulnerability in Cisco Wireless LAN Controller Software 8.3(141.0)

A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device.

3.3
2019-04-18 CVE-2019-11015 Miui Improper Authentication vulnerability in Miui 10.1.3.0

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially).

2.1
2019-04-18 CVE-2018-16878 Clusterlabs
Canonical
Fedoraproject
Resource Exhaustion vulnerability in multiple products

A flaw was found in pacemaker up to and including version 2.0.1.

2.1
2019-04-18 CVE-2019-1835 Cisco Path Traversal vulnerability in Cisco Aironet Access Point Firmware 8.8/8.9

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP.

2.1
2019-04-17 CVE-2019-0162 Intel Unspecified vulnerability in Intel -

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2019-04-17 CVE-2019-8453 Checkpoint Untrusted Search Path vulnerability in Checkpoint Zonealarm

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions.

2.1
2019-04-15 CVE-2019-3891 Redhat Information Exposure Through Log Files vulnerability in Redhat Satellite 6.4

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database.

2.1