Weekly Vulnerabilities Reports > May 6 to 12, 2019

Overview

196 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 92 high severity vulnerabilities. This weekly summary report vulnerabilities in 288 products from 113 vendors including Google, Sierrawireless, Qualcomm, IBM, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "Use After Free".

  • 160 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 64 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 143 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

36 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-10 CVE-2019-1867 Cisco Improper Authentication vulnerability in Cisco Elastic Services Controller

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.

10.0
2019-05-08 CVE-2019-11510 Ivanti Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

10.0
2019-05-10 CVE-2019-11066 Lightopenid Project Server-Side Request Forgery (SSRF) vulnerability in Lightopenid Project Lightopenid 1.3.0/1.3.1

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.

9.8
2019-05-10 CVE-2019-11059 Denx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

9.8
2019-05-10 CVE-2018-7120 HP Unspecified vulnerability in HP Synergy Firmware 5.00.50

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.

9.8
2019-05-10 CVE-2018-7084 Arubanetworks
Siemens
OS Command Injection vulnerability in multiple products

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system.

9.8
2019-05-10 CVE-2017-12795 Openmrs Improper Input Validation vulnerability in Openmrs Openmrs-Module-Htmlformentry 3.3.2

OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).

9.8
2019-05-10 CVE-2015-1006 Opto22 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opto22 products

A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system.

9.8
2019-05-09 CVE-2017-12759 Ynetinteractive SQL Injection vulnerability in Ynetinteractive SOA School Management 3.0

Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection.

9.8
2019-05-09 CVE-2017-12758 Joomlaextensions SQL Injection vulnerability in Joomlaextensions Component Appointment 1.1

https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection.

9.8
2019-05-09 CVE-2017-12757 Ambittechnologies SQL Injection vulnerability in Ambittechnologies products

Certain Ambit Technologies Pvt.

9.8
2019-05-09 CVE-2019-6548 GE Use of Hard-coded Credentials vulnerability in GE Communicator 3.15

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database.

9.8
2019-05-09 CVE-2019-11839 F5 Out-of-bounds Write vulnerability in F5 NJS

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8
2019-05-09 CVE-2019-11838 F5 Out-of-bounds Write vulnerability in F5 NJS

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8
2019-05-09 CVE-2019-11353 Engeniustech OS Command Injection vulnerability in Engeniustech Ews660Ap Firmware 2.0.284

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters.

9.8
2019-05-09 CVE-2019-11835 Cjson Project
Oracle
Out-of-bounds Write vulnerability in multiple products

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

9.8
2019-05-09 CVE-2019-11834 Cjson Project
Oracle
Out-of-bounds Write vulnerability in multiple products

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

9.8
2019-05-09 CVE-2019-11831 Typo3
Debian
Fedoraproject
Drupal
Joomla
Deserialization of Untrusted Data vulnerability in multiple products

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.

9.8
2019-05-09 CVE-2019-11830 Typo3 Deserialization of Untrusted Data vulnerability in Typo3 Pharstreamwrapper

PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.

9.8
2019-05-08 CVE-2019-7442 Cyberark XXE vulnerability in Cyberark Enterprise Password Vault 10.6/10.7

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

9.8
2019-05-08 CVE-2019-5021 Gliderlabs
Opensuse
F5
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user.
9.8
2019-05-08 CVE-2019-2047 Google Type Confusion vulnerability in Google Android

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion.

9.8
2019-05-08 CVE-2019-2046 Google Integer Overflow or Wraparound vulnerability in Google Android

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow.

9.8
2019-05-08 CVE-2019-2045 Google Out-of-bounds Write vulnerability in Google Android

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check.

9.8
2019-05-08 CVE-2019-9505 Printerlogic Unspecified vulnerability in Printerlogic Print Management 18.3.1.96

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files.

9.8
2019-05-08 CVE-2018-5409 Printerlogic Origin Validation Error vulnerability in Printerlogic Print Management 18.3.1.96

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code.

9.8
2019-05-08 CVE-2019-8387 Barni Unspecified vulnerability in Barni Master IP Camera01 Firmware 3.3.4.2103

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.

9.8
2019-05-07 CVE-2019-10712 Wago Use of Hard-coded Credentials vulnerability in Wago products

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.

9.8
2019-05-07 CVE-2018-6634 Parsecgaming Insufficient Session Expiration vulnerability in Parsecgaming Parsec 1420/1421

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.

9.8
2019-05-07 CVE-2019-7745 JIO Unspecified vulnerability in JIO Jmr1140 Firmware Amteljmr1140R12.07

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.

9.8
2019-05-07 CVE-2019-7564 Coship Missing Authentication for Critical Function vulnerability in Coship products

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices.

9.8
2019-05-07 CVE-2018-14485 Blogengine XXE vulnerability in Blogengine Blogengine.Net 3.3

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

9.8
2019-05-07 CVE-2018-13992 Phoenixcontact Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

9.8
2019-05-07 CVE-2019-11560 Hisilicon Out-of-bounds Write vulnerability in Hisilicon Hi3516 Firmware

A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet.

9.8
2019-05-06 CVE-2018-13990 Phoenixcontact Improper Authentication vulnerability in Phoenixcontact products

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

9.8
2019-05-06 CVE-2019-5434 Revive SAS Deserialization of Untrusted Data vulnerability in Revive-Sas Revive Adserver

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method.

9.8

92 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-10 CVE-2018-1790 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2019-05-10 CVE-2017-12789 Metinfo Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18

Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF).

8.8
2019-05-09 CVE-2017-12760 Ynetinteractive SQL Injection vulnerability in Ynetinteractive Mobiketa 3.5

Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection.

8.8
2019-05-09 CVE-2019-4071 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents.

8.8
2019-05-08 CVE-2019-8285 Kaspersky Out-of-bounds Write vulnerability in Kaspersky Antivirus Engine

Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution

8.8
2019-05-08 CVE-2019-2044 Google Out-of-bounds Write vulnerability in Google Android

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check.

8.8
2019-05-08 CVE-2019-11642 Oneshield Code Injection vulnerability in Oneshield Policy

A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10.

8.8
2019-05-07 CVE-2018-2001 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management

IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2019-05-07 CVE-2018-13993 Phoenixcontact Cross-Site Request Forgery (CSRF) vulnerability in Phoenixcontact products

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

8.8
2019-05-06 CVE-2019-11569 Veeam Cross-Site Request Forgery (CSRF) vulnerability in Veeam ONE Reporter 9.5.0.3201

Veeam ONE Reporter 9.5.0.3201 allows CSRF.

8.8
2019-05-06 CVE-2019-10999 Dlink Out-of-bounds Write vulnerability in Dlink products

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server.

8.8
2019-05-06 CVE-2018-4073 Sierrawireless Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4072 Sierrawireless Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4071 Sierrawireless Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4070 Sierrawireless Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4066 Sierrawireless Cross-Site Request Forgery (CSRF) vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4063 Sierrawireless Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2018-4061 Sierrawireless OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

8.8
2019-05-06 CVE-2019-5430 UI Cross-Site Request Forgery (CSRF) vulnerability in UI Unifi Video

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

8.8
2019-05-09 CVE-2017-12839 Mpg123 Out-of-bounds Read vulnerability in Mpg123

A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.

8.3
2019-05-10 CVE-2019-5018 Sqlite
Canonical
Use After Free vulnerability in multiple products

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0.

8.1
2019-05-08 CVE-2019-11815 Linux
Canonical
Debian
Opensuse
Netapp
Use After Free vulnerability in multiple products

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.

8.1
2019-05-07 CVE-2019-7746 JIO Cross-Site Request Forgery (CSRF) vulnerability in JIO Jmr1140 Firmware Amteljmr1140R12.07

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field.

8.1
2019-05-07 CVE-2019-7443 KDE
Opensuse
Fedoraproject
Improper Input Validation vulnerability in multiple products

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp.

8.1
2019-05-07 CVE-2019-10869 Ninjaforms Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated).

8.1
2019-05-07 CVE-2018-20836 Linux
Canonical
Debian
F5
Netapp
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 4.20.

8.1
2019-05-06 CVE-2018-4062 Sierrawireless Use of Hard-coded Credentials vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3.

8.1
2019-05-06 CVE-2019-10249 Eclipse Improper Encoding or Escaping of Output vulnerability in Eclipse Xtend and Xtext

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

8.1
2019-05-10 CVE-2019-5675 Nvidia Improper Synchronization vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

7.8
2019-05-09 CVE-2019-6566 GE Unspecified vulnerability in GE Communicator 3.15

GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.

7.8
2019-05-09 CVE-2019-6564 GE Uncontrolled Search Path Element vulnerability in GE Communicator 3.15

GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

7.8
2019-05-09 CVE-2019-6546 GE Uncontrolled Search Path Element vulnerability in GE Communicator 3.15

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

7.8
2019-05-09 CVE-2019-9847 Libreoffice Improper Input Validation vulnerability in Libreoffice

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system.

7.8
2019-05-08 CVE-2019-2054 Google
Canonical
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace.
7.8
2019-05-08 CVE-2019-2050 Google Improper Locking vulnerability in Google Android 8.0/8.1/9.0

In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking.

7.8
2019-05-08 CVE-2019-2049 Google Use After Free vulnerability in Google Android 9.0

In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free.

7.8
2019-05-08 CVE-2019-11819 Alkacon Improper Neutralization of Formula Elements in a CSV File vulnerability in Alkacon Opencms

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

7.8
2019-05-07 CVE-2018-6243 Google Improper Input Validation vulnerability in Google Android

NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges.

7.8
2019-05-06 CVE-2017-18279 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.

7.8
2019-05-06 CVE-2017-18278 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

7.8
2019-05-06 CVE-2017-18276 Qualcomm Unspecified vulnerability in Qualcomm products

Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850

7.8
2019-05-06 CVE-2017-18274 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835

7.8
2019-05-06 CVE-2017-18173 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

7.8
2019-05-06 CVE-2017-18157 Qualcomm Use After Free vulnerability in Qualcomm products

A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

7.8
2019-05-06 CVE-2017-18156 Qualcomm Use After Free vulnerability in Qualcomm products

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

7.8
2019-05-06 CVE-2017-18131 Qualcomm Improper Initialization vulnerability in Qualcomm products

In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

7.8
2019-05-09 CVE-2019-7652 Thehive Project Server-Side Request Forgery (SSRF) vulnerability in Thehive-Project Cortex-Analyzers

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF.

7.7
2019-05-10 CVE-2019-5496 Netapp Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Insight

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

7.5
2019-05-10 CVE-2019-5495 Netapp 7PK - Security Features vulnerability in Netapp Oncommand Unified Manager

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

7.5
2019-05-10 CVE-2019-5494 Netapp Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Unified Manager

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

7.5
2019-05-10 CVE-2018-7083 Arubanetworks
Siemens
Information Exposure vulnerability in multiple products

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed.

7.5
2019-05-10 CVE-2019-11082 Dkpro Core Project Path Traversal vulnerability in Dkpro-Core Project Dkpro-Core

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive.

7.5
2019-05-10 CVE-2017-12884 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.

7.5
2019-05-09 CVE-2016-1600 Microfocus Information Exposure vulnerability in Microfocus Identity Manager

The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.

7.5
2019-05-09 CVE-2019-11842 Matrix Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1.

7.5
2019-05-09 CVE-2017-12761 Webfile Explorer Project SQL Injection vulnerability in Webfile Explorer Project Webfile Explorer 1.0

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection.

7.5
2019-05-09 CVE-2017-12806 Imagemagick Resource Exhaustion vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.

7.5
2019-05-09 CVE-2017-12805 Imagemagick Resource Exhaustion vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.

7.5
2019-05-09 CVE-2019-7181 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap Myqnapcloud 1.0.52/1.3.3.0925

Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program.

7.5
2019-05-09 CVE-2019-11837 F5 Numeric Errors vulnerability in F5 NJS

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

7.5
2019-05-09 CVE-2019-11832 Typo3 Improper Input Validation vulnerability in Typo3

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

7.5
2019-05-08 CVE-2019-11494 Dovecot
Fedoraproject
Opensuse
NULL Pointer Dereference vulnerability in multiple products

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

7.5
2019-05-08 CVE-2019-11458 Cakefoundation Deserialization of Untrusted Data vulnerability in Cakefoundation Cakephp 3.7.6

An issue was discovered in SmtpTransport in CakePHP 3.7.6.

7.5
2019-05-08 CVE-2019-2052 Google Type Confusion vulnerability in Google Android

In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion.

7.5
2019-05-08 CVE-2019-2051 Google Out-of-bounds Read vulnerability in Google Android

In heap of spaces.h, there is a possible out of bounds read due to improper input validation.

7.5
2019-05-08 CVE-2019-11499 Dovecot
Fedoraproject
Opensuse
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
7.5
2019-05-07 CVE-2019-10742 Axios Improper Handling of Exceptional Conditions vulnerability in Axios

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

7.5
2019-05-07 CVE-2018-19456 Wplaunchpad
Opensuse
Information Exposure vulnerability in multiple products

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.

7.5
2019-05-07 CVE-2018-13994 Phoenixcontact Resource Exhaustion vulnerability in Phoenixcontact products

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

7.5
2019-05-07 CVE-2019-11810 Linux
Canonical
Debian
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.0.7.

7.5
2019-05-06 CVE-2018-18977 Ascensia Information Exposure vulnerability in Ascensia Contour Diabetes

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15.

7.5
2019-05-06 CVE-2018-18975 Ascensia Information Exposure vulnerability in Ascensia Contour Diabetes

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15.

7.5
2019-05-06 CVE-2019-11807 Visser Unrestricted Upload of File with Dangerous Type vulnerability in Visser Woocommerce Checkout Manager

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

7.5
2019-05-06 CVE-2018-4069 Sierrawireless Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

7.5
2019-05-06 CVE-2018-17202 Apache Infinite Loop vulnerability in Apache Commons Imaging 0.97

Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack.

7.5
2019-05-06 CVE-2018-17201 Apache Unspecified vulnerability in Apache Commons Imaging 0.97

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack.

7.5
2019-05-06 CVE-2019-5432 Mqtt Packet Project Out-of-bounds Read vulnerability in Mqtt-Packet Project Mqtt-Packet

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.

7.5
2019-05-06 CVE-2019-3565 Facebook Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type.

7.5
2019-05-06 CVE-2019-3564 Facebook Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type.

7.5
2019-05-06 CVE-2019-3559 Facebook Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type.

7.5
2019-05-06 CVE-2019-3558 Facebook Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type.

7.5
2019-05-06 CVE-2019-3552 Facebook Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type.

7.5
2019-05-08 CVE-2018-5408 Printerlogic Improper Certificate Validation vulnerability in Printerlogic Print Management 18.3.1.96

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate.

7.4
2019-05-06 CVE-2018-18979 Ascensia Use of Hard-coded Credentials vulnerability in Ascensia Contour Diabetes

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15.

7.4
2019-05-06 CVE-2018-18978 Ascensia Use of Hard-coded Credentials vulnerability in Ascensia Contour Diabetes

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15.

7.4
2019-05-08 CVE-2019-2043 Google Insecure Default Initialization of Resource vulnerability in Google Android

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack.

7.3
2019-05-10 CVE-2018-7082 Arubanetworks
Siemens
OS Command Injection vulnerability in multiple products

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system.

7.2
2019-05-08 CVE-2019-11508 Pulsesecure
Ivanti
Path Traversal vulnerability in multiple products

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

7.2
2019-05-09 CVE-2017-12778 Qbittorrent Improper Authentication vulnerability in Qbittorrent 3.3.15

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname.

7.1
2019-05-07 CVE-2019-4208 IBM XXE vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

7.1
2019-05-10 CVE-2018-7119 HP Unspecified vulnerability in HP products

A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series.

7.0
2019-05-07 CVE-2019-11811 Linux
Redhat
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.0.4.

7.0

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-12 CVE-2019-11885 EYE Disk Insufficiently Protected Credentials vulnerability in Eye-Disk Eyedisk

eyeDisk implements the unlock feature by sending a cleartext password.

6.8
2019-05-10 CVE-2019-5676 Nvidia Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Display Driver

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

6.7
2019-05-10 CVE-2019-11000 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7.

6.5
2019-05-10 CVE-2019-11878 Xiongmaitech Integer Overflow or Wraparound vulnerability in Xiongmaitech Besder Ip20H1 Firmware 4.02.R12.00035520.12012.047500.00200

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras.

6.5
2019-05-09 CVE-2017-12790 Metinfo Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 5.3.18

Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF).

6.5
2019-05-09 CVE-2017-12804 Entropymine Resource Exhaustion vulnerability in Entropymine Imageworsener 1.3.2

The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.

6.5
2019-05-08 CVE-2019-5014 Wincofireworks Missing Authentication for Critical Function vulnerability in Wincofireworks Fw-1007 Firmware 2.0

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0.

6.5
2019-05-06 CVE-2018-4067 Sierrawireless Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

6.5
2019-05-06 CVE-2019-3799 Vmware
Oracle
Path Traversal vulnerability in multiple products

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.

6.5
2019-05-09 CVE-2019-4072 IBM Insufficient Session Expiration vulnerability in IBM products

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out.

6.3
2019-05-10 CVE-2018-7064 Arubanetworks
Siemens
Cross-site Scripting vulnerability in multiple products

A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface.

6.1
2019-05-10 CVE-2017-12885 Open Xchange Cross-site Scripting vulnerability in Open-Xchange Appsuite

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

6.1
2019-05-09 CVE-2019-11870 S9Y Cross-site Scripting vulnerability in S9Y Serendipity

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

6.1
2019-05-09 CVE-2019-11869 Yuzopro Cross-site Scripting vulnerability in Yuzopro Yuzo 5.12.94

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page).

6.1
2019-05-09 CVE-2019-1568 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Demisto 4.5

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.

6.1
2019-05-09 CVE-2017-12788 Metinfo Cross-site Scripting vulnerability in Metinfo 5.3.18

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.

6.1
2019-05-08 CVE-2019-11406 Intelliants Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

6.1
2019-05-08 CVE-2019-11398 Ulicms Cross-site Scripting vulnerability in Ulicms 2019.1/2019.2

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.

6.1
2019-05-08 CVE-2019-11507 Ivanti Cross-site Scripting vulnerability in Ivanti Connect Secure 8.3/9.0

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

6.1
2019-05-08 CVE-2019-11818 Alkacon Cross-site Scripting vulnerability in Alkacon Opencms

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp).

6.1
2019-05-08 CVE-2019-11643 Oneshield Cross-site Scripting vulnerability in Oneshield Policy

Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10.

6.1
2019-05-08 CVE-2019-11564 Humhub Cross-site Scripting vulnerability in Humhub 1.3.12

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.

6.1
2019-05-08 CVE-2019-8349 Htmly Cross-site Scripting vulnerability in Htmly 2.7.4

Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.

6.1
2019-05-08 CVE-2019-11814 Misp Cross-site Scripting vulnerability in Misp

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.

6.1
2019-05-08 CVE-2019-11813 Misp Cross-site Scripting vulnerability in Misp

An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.

6.1
2019-05-08 CVE-2019-11812 Misp Cross-site Scripting vulnerability in Misp

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.

6.1
2019-05-07 CVE-2019-7687 JIO Cross-site Scripting vulnerability in JIO Jmr1140 Firmware Amteljmr1140R12.07

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter.

6.1
2019-05-07 CVE-2019-7541 Rukovoditel Cross-site Scripting vulnerability in Rukovoditel

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.

6.1
2019-05-07 CVE-2019-7427 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.

6.1
2019-05-07 CVE-2019-7426 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.

6.1
2019-05-07 CVE-2018-20503 Alliedtelesis Cross-site Scripting vulnerability in Alliedtelesis 8100L/8 Firmware

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.

6.1
2019-05-07 CVE-2019-11629 Sonatype Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.

6.1
2019-05-07 CVE-2018-14478 Coppermine Gallery Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.46

ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.

6.1
2019-05-06 CVE-2018-4065 Sierrawireless Cross-site Scripting vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

6.1
2019-05-06 CVE-2018-13983 Impresscms Cross-site Scripting vulnerability in Impresscms 1.3.10

ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.

6.1
2019-05-10 CVE-2019-3566 Whatsapp Unspecified vulnerability in Whatsapp and Whatsapp Business

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages.

5.9
2019-05-09 CVE-2019-11840 Golang
Debian
Use of Insufficiently Random Values vulnerability in multiple products

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576.

5.9
2019-05-09 CVE-2019-11323 Haproxy Use of Uninitialized Resource vulnerability in Haproxy

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys.

5.9
2019-05-08 CVE-2019-11550 Citrix Improper Certificate Validation vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.

5.9
2019-05-08 CVE-2019-11561 Chuango Unspecified vulnerability in Chuango products

The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack.

5.9
2019-05-09 CVE-2019-6544 GE Unspecified vulnerability in GE Communicator 3.15

GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges.

5.6
2019-05-10 CVE-2019-5677 Nvidia Out-of-bounds Read vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.

5.5
2019-05-10 CVE-2019-11879 Ruby Lang Link Following vulnerability in Ruby-Lang Webrick 1.4.2

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory.

5.5
2019-05-09 CVE-2019-11820 Synology Insufficiently Protected Credentials vulnerability in Synology Calendar

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.

5.5
2019-05-08 CVE-2019-9698 Symantec Unspecified vulnerability in Symantec Antivirus Engine

Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.

5.5
2019-05-08 CVE-2019-2053 Google Out-of-bounds Read vulnerability in Google Android

In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check.

5.5
2019-05-06 CVE-2017-18275 Qualcomm Unspecified vulnerability in Qualcomm products

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.

5.5
2019-05-06 CVE-2017-15841 Qualcomm Unspecified vulnerability in Qualcomm products

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.

5.5
2019-05-10 CVE-2019-4204 IBM Cross-site Scripting vulnerability in IBM products

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting.

5.4
2019-05-10 CVE-2019-11871 Custom Field Suite Project Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.

5.4
2019-05-07 CVE-2019-9709 Mahara Cross-site Scripting vulnerability in Mahara

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1.

5.4
2019-05-06 CVE-2019-5433 Revive Adserver Open Redirect vulnerability in Revive-Adserver Revive Adserver

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks.

5.4
2019-05-06 CVE-2019-5431 Twitter Insufficient Verification of Data Authenticity vulnerability in Twitter KIT

This vulnerability was caused by an incomplete fix to CVE-2017-0911.

5.4
2019-05-10 CVE-2019-5438 Harpjs Link Following vulnerability in Harpjs Harp

Path traversal using symlink in npm harp module versions <= 0.29.0.

5.3
2019-05-10 CVE-2019-5437 Harpjs Information Exposure vulnerability in Harpjs Harp

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

5.3
2019-05-10 CVE-2018-1990 IBM Information Exposure vulnerability in IBM Cloud APP Management 2018.2.0/2018.4.0/2018.4.1

IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request.

5.3
2019-05-07 CVE-2018-13991 Phoenixcontact Information Exposure vulnerability in Phoenixcontact products

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

5.3
2019-05-06 CVE-2018-18976 Ascensia Authorization Bypass Through User-Controlled Key vulnerability in Ascensia Contour Diabetes

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15.

5.3
2019-05-06 CVE-2018-4068 Sierrawireless Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3

An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.

5.3
2019-05-06 CVE-2019-3797 Pivotal Software Information Exposure vulnerability in Pivotal Software Spring Data Java Persistence API

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19.

5.3
2019-05-09 CVE-2019-0226 Apache Path Traversal vulnerability in Apache Karaf

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file.

4.9
2019-05-07 CVE-2019-9708 Mahara Unspecified vulnerability in Mahara

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1.

4.9
2019-05-09 CVE-2018-20837 Typesettercms Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.

4.8
2019-05-09 CVE-2019-11836 Rediff Missing Encryption of Sensitive Data vulnerability in Rediff Rediffmail 2.2.6

The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout.

4.6
2019-05-07 CVE-2018-2008 IBM Information Exposure vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-07 CVE-2019-11808 Ratpack Project Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ratpack Project Ratpack

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom.

3.7
2019-05-10 CVE-2019-11884 Linux
Fedoraproject
Debian
Canonical
Redhat
Opensuse
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
3.3
2019-05-07 CVE-2019-4207 IBM Unspecified vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system.

3.3