Weekly Vulnerabilities Reports > May 20 to 26, 2019

Overview

467 new vulnerabilities reported during this period, including 135 critical vulnerabilities and 55 high severity vulnerabilities. This weekly summary report vulnerabilities in 543 products from 111 vendors including Adobe, Microsoft, Apple, Schneider Electric, and Qualcomm. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Use After Free", "Out-of-bounds Write", "Cross-site Scripting", and "Information Exposure".

  • 438 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 91 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 415 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 206 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 111 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

135 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-24 CVE-2019-7095 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability.

10.0
2019-05-24 CVE-2019-7094 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Photoshop CC

Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability.

10.0
2019-05-24 CVE-2019-7091 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability.

10.0
2019-05-24 CVE-2019-7087 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability.

10.0
2019-05-24 CVE-2019-7086 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability.

10.0
2019-05-24 CVE-2019-7085 Adobe
Apple
Microsoft
Buffer Errors vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability.

10.0
2019-05-24 CVE-2019-7084 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7083 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7082 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7080 Adobe
Apple
Microsoft
Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability.

10.0
2019-05-24 CVE-2019-7076 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-05-24 CVE-2019-7068 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7066 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-05-24 CVE-2019-7062 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7060 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7054 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-05-24 CVE-2019-7052 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7051 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-05-24 CVE-2019-7050 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7046 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-05-24 CVE-2019-7040 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7039 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7037 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7031 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7029 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7816 Adobe Unrestricted Upload of File With Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability.

10.0
2019-05-24 CVE-2019-7027 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7026 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7025 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-7020 Adobe
Apple
Microsoft
Buffer Errors vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability.

10.0
2019-05-24 CVE-2019-7019 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-24 CVE-2019-7018 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

10.0
2019-05-24 CVE-2019-2245 Qualcomm Integer Underflow (Wrap OR Wraparound) vulnerability in Qualcomm products

Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016

10.0
2019-05-24 CVE-2019-2244 Qualcomm Integer Underflow (Wrap OR Wraparound) vulnerability in Qualcomm products

Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

10.0
2019-05-24 CVE-2018-13925 Qualcomm USE After Free vulnerability in Qualcomm products

Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

10.0
2019-05-24 CVE-2018-13887 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130

10.0
2019-05-24 CVE-2018-13886 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130

10.0
2019-05-24 CVE-2018-11953 Qualcomm Out-Of-Bounds Read vulnerability in Qualcomm products

While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, SDX20

10.0
2019-05-24 CVE-2018-11949 Qualcomm Improper Initialization vulnerability in Qualcomm products

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

10.0
2019-05-24 CVE-2018-11940 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130

10.0
2019-05-24 CVE-2018-11937 Qualcomm Out-Of-Bounds Read vulnerability in Qualcomm products

Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150

10.0
2019-05-24 CVE-2018-11936 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access.

10.0
2019-05-24 CVE-2018-11930 Qualcomm Integer Underflow (Wrap OR Wraparound) vulnerability in Qualcomm products

Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

10.0
2019-05-23 CVE-2019-10850 Computrols USE of Hard-Coded Credentials vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 has Default Credentials.

10.0
2019-05-23 CVE-2019-7128 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability.

10.0
2019-05-23 CVE-2019-7124 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-23 CVE-2019-7120 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-23 CVE-2019-7119 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-23 CVE-2019-7118 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-23 CVE-2019-7117 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability.

10.0
2019-05-23 CVE-2019-12289 Vstracam Missing Authentication FOR Critical Function vulnerability in Vstracam C38S Firmware and C7824Wip Firmware

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices.

10.0
2019-05-23 CVE-2019-7113 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability.

10.0
2019-05-23 CVE-2019-7112 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability.

10.0
2019-05-23 CVE-2019-7103 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7102 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7101 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7100 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7099 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7098 Adobe
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-7096 Adobe
Apple
Linux
Microsoft
Google
USE After Free vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability.

10.0
2019-05-23 CVE-2019-7088 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability.

10.0
2019-05-23 CVE-2019-7130 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability.

10.0
2019-05-23 CVE-2019-7107 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Indesign

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability.

10.0
2019-05-23 CVE-2019-7106 Adobe
Apple
Path Traversal vulnerability in Adobe XD 16.0

Adobe XD versions 16.0 and earlier have a path traversal vulnerability.

10.0
2019-05-23 CVE-2019-7105 Adobe
Apple
Path Traversal vulnerability in Adobe XD 16.0

Adobe XD versions 16.0 and earlier have a path traversal vulnerability.

10.0
2019-05-23 CVE-2019-7104 Adobe Out-Of-Bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability.

10.0
2019-05-23 CVE-2019-12301 Percona Unspecified vulnerability in Percona Server 5.6.4485.01

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade.

10.0
2019-05-23 CVE-2019-12042 Pandasecurity Incorrect Permission Assignment FOR Critical Resource vulnerability in Pandasecurity products

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued.

10.0
2019-05-22 CVE-2019-7835 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7834 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7833 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7832 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

10.0
2019-05-22 CVE-2019-11536 Kalkitech Unspecified vulnerability in Kalkitech Sync3000 Firmware

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561.

10.0
2019-05-22 CVE-2019-7808 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7807 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7806 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7805 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7804 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

10.0
2019-05-22 CVE-2019-7792 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7791 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7788 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7784 Adobe
Apple
Microsoft
Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability.

10.0
2019-05-22 CVE-2019-7783 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7782 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7781 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7779 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a security bypass vulnerability.

10.0
2019-05-22 CVE-2019-7772 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7768 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7767 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7766 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7765 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7764 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7763 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-22 CVE-2019-7762 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

10.0
2019-05-24 CVE-2019-7079 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-24 CVE-2019-7078 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7077 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7072 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7070 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7069 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability.

9.3
2019-05-24 CVE-2019-7048 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7044 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7043 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

9.3
2019-05-24 CVE-2019-7042 Adobe
Apple
Microsoft
Null Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability.

9.3
2019-05-23 CVE-2019-5789 Google USE After Free vulnerability in Google Chrome

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3
2019-05-23 CVE-2019-5788 Google USE After Free vulnerability in Google Chrome

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3
2019-05-23 CVE-2019-5787 Google USE After Free vulnerability in Google Chrome

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3
2019-05-23 CVE-2019-7111 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-23 CVE-2019-7125 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability.

9.3
2019-05-23 CVE-2019-7132 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7837 Adobe
Apple
Linux
Microsoft
Google
Redhat
USE After Free vulnerability in multiple products

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7831 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7830 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7829 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7828 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability.

9.3
2019-05-22 CVE-2019-7827 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability.

9.3
2019-05-22 CVE-2019-7825 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7824 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a buffer error vulnerability.

9.3
2019-05-22 CVE-2019-7822 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7818 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7820 Adobe
Apple
Microsoft
Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a type confusion vulnerability.

9.3
2019-05-22 CVE-2019-7817 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7814 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7800 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability.

9.3
2019-05-22 CVE-2019-7797 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7796 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an use after free vulnerability.

9.3
2019-05-22 CVE-2019-7786 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7761 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7760 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-22 CVE-2019-7759 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

9.3
2019-05-23 CVE-2019-10854 Computrols Command Injection vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Authenticated Command Injection.

9.0
2019-05-23 CVE-2019-9949 Westerndigital Link Following vulnerability in Westerndigital products

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability.

9.0
2019-05-22 CVE-2018-7829 Schneider Electric Improper Neutralization of Special Elements in Data Query Logic vulnerability in Schneider-Electric products

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen.

9.0
2019-05-22 CVE-2018-14729 Comsenz Improper Input Validation vulnerability in Comsenz Discuz!

The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.

9.0
2019-05-20 CVE-2019-12185 Elabftw Unrestricted Upload of File With Dangerous Type vulnerability in Elabftw 1.8.5

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component.

9.0

55 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-23 CVE-2019-10853 Computrols Unspecified vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Authentication Bypass.

8.3
2019-05-24 CVE-2019-7089 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability.

7.8
2019-05-24 CVE-2019-7815 Adobe
Apple
Microsoft
Information Exposure vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerability.

7.8
2019-05-23 CVE-2019-10977 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric Qj71E71-100 Firmware

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.

7.8
2019-05-24 CVE-2018-17843 Mlmsoftwarez SQL Injection vulnerability in Mlmsoftwarez products

SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.

7.5
2019-05-24 CVE-2016-10759 Precurio Path Traversal vulnerability in Precurio 2.1

The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.

7.5
2019-05-24 CVE-2016-10752 S9Y Unrestricted Upload of File With Dangerous Type vulnerability in S9Y Serendipity 2.0.3

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

7.5
2019-05-24 CVE-2018-11271 Qualcomm Improper Authentication vulnerability in Qualcomm products

Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130

7.5
2019-05-24 CVE-2016-8900 Exponentcms Injection vulnerability in Exponentcms Exponent CMS 2.3.9

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.

7.5
2019-05-24 CVE-2016-8898 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

7.5
2019-05-24 CVE-2019-12150 Karamasoft Unrestricted Upload of File With Dangerous Type vulnerability in Karamasoft Ultimateeditor 1.0

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted).

7.5
2019-05-24 CVE-2019-12314 Deltek Path Traversal vulnerability in Deltek Maconomy 2.2.5

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.

7.5
2019-05-23 CVE-2019-10866 10Web SQL Injection vulnerability in 10Web Form Maker

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.

7.5
2019-05-23 CVE-2016-8899 Exponentcms Injection vulnerability in Exponentcms Exponent CMS 2.3.9

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.

7.5
2019-05-23 CVE-2016-8897 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.

7.5
2019-05-23 CVE-2019-12288 Vstracm Missing Authentication FOR Critical Function vulnerability in Vstracm C38S Firmware and C7824Iwp Firmware

An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices.

7.5
2019-05-23 CVE-2017-11365 Sensiolabs Improper Access Control vulnerability in Sensiolabs Symfony

Certain Symfony products are affected by: Incorrect Access Control.

7.5
2019-05-23 CVE-2016-8901 B2Evolution Injection vulnerability in B2Evolution 6.7.6

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.

7.5
2019-05-23 CVE-2019-12272 Openwrt OS Command Injection vulnerability in Openwrt Luci

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

7.5
2019-05-23 CVE-2017-5212 Open Xchange Improper Access Control vulnerability in Open-Xchange Appsuite 7.8.3

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

7.5
2019-05-23 CVE-2017-17060 Open Xchange Permission Issues vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

7.5
2019-05-23 CVE-2019-12297 Motorola USE of Externally-Controlled Format String vulnerability in Motorola CX2 Firmware and M2 Firmware

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01.

7.5
2019-05-23 CVE-2019-11873 Wolfssl Buffer Errors vulnerability in Wolfssl 4.0

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size.

7.5
2019-05-22 CVE-2019-6808 Schneider Electric Missing Authentication FOR Critical Function vulnerability in Schneider-Electric products

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

7.5
2019-05-22 CVE-2019-6814 Schneider Electric Improper Authentication vulnerability in Schneider-Electric products

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

7.5
2019-05-22 CVE-2018-7847 Schneider Electric Improper Access Control vulnerability in Schneider-Electric products

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

7.5
2019-05-22 CVE-2018-7842 Schneider Electric Authentication Bypass BY Spoofing vulnerability in Schneider-Electric products

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

7.5
2019-05-22 CVE-2018-7841 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.3.4

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

7.5
2019-05-22 CVE-2017-5863 Open Xchange Improper Access Control vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

7.5
2019-05-22 CVE-2019-11634 Citrix Unspecified vulnerability in Citrix Receiver and Workspace

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

7.5
2019-05-22 CVE-2019-12279 Nagios SQL Injection vulnerability in Nagios XI 5.6.1

** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).

7.5
2019-05-22 CVE-2019-12046 Lemonldap NG
Debian
Insufficiently Protected Credentials vulnerability in multiple products

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

7.5
2019-05-22 CVE-2019-12277 Blogifier Path Traversal vulnerability in Blogifier 2.3

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for ..

7.5
2019-05-20 CVE-2019-12241 Carts Guru Deserialization of Untrusted Data vulnerability in Carts.Guru Carts Guru 1.4.5

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.

7.5
2019-05-20 CVE-2019-12240 Virim Project Deserialization of Untrusted Data vulnerability in Virim Project Virim 0.4

The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.

7.5
2019-05-20 CVE-2019-8352 BMC Cryptographic Issues vulnerability in BMC Patrol Agent

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services.

7.5
2019-05-20 CVE-2019-12208 Nginx Out-Of-Bounds Write vulnerability in Nginx NJS

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.

7.5
2019-05-20 CVE-2019-12207 Nginx Out-Of-Bounds Read vulnerability in Nginx NJS

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

7.5
2019-05-20 CVE-2019-12206 Nginx Out-Of-Bounds Write vulnerability in Nginx NJS

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

7.5
2019-05-24 CVE-2019-2250 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130

7.2
2019-05-24 CVE-2018-13920 Qualcomm USE After Free vulnerability in Qualcomm products

Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24

7.2
2019-05-24 CVE-2018-13899 Qualcomm USE After Free vulnerability in Qualcomm products

Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

7.2
2019-05-24 CVE-2018-13895 Qualcomm Improper Access Control vulnerability in Qualcomm products

Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

7.2
2019-05-24 CVE-2018-12013 Qualcomm Improper Authentication vulnerability in Qualcomm products

Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130

7.2
2019-05-24 CVE-2018-12012 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SXR1130

7.2
2019-05-24 CVE-2018-11968 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

7.2
2019-05-24 CVE-2018-11967 Qualcomm Unspecified vulnerability in Qualcomm products

Signature verification of the skel library could potentially be disabled as the memory region on the remote subsystem in which the library is loaded is allocated from userspace currently in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

7.2
2019-05-24 CVE-2018-11928 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Lack of check on length parameter may cause buffer overflow while processing WMI commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, SXR1130

7.2
2019-05-24 CVE-2018-11927 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find event from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 625, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24, SM7150

7.2
2019-05-24 CVE-2018-11925 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Data length received from firmware is not validated against the max allowed size which can result in buffer overflow.

7.2
2019-05-23 CVE-2019-4078 IBM Incorrect Permission Assignment FOR Critical Resource vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories.

7.2
2019-05-24 CVE-2019-7075 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability.

7.1
2019-05-22 CVE-2019-7823 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

7.1
2019-05-22 CVE-2019-7821 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

7.1
2019-05-22 CVE-2019-7809 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

7.1

258 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-24 CVE-2019-10143 Freeradius
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.

6.9
2019-05-24 CVE-2019-7093 Adobe
Microsoft
Untrusted Search Path vulnerability in Adobe Creative Cloud

Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability.

6.8
2019-05-24 CVE-2019-7041 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability.

6.8
2019-05-24 CVE-2016-10757 Readaxo Cross-Site Request Forgery (CSRF) vulnerability in Readaxo 5.2.0

In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.

6.8
2019-05-24 CVE-2016-10756 Kliqqi Cross-Site Request Forgery (CSRF) vulnerability in Kliqqi CMS 3.0.0.5

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.

6.8
2019-05-24 CVE-2019-10847 Computrols Cross-Site Request Forgery (CSRF) vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.

6.8
2019-05-23 CVE-2019-5795 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

6.8
2019-05-23 CVE-2019-5792 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

6.8
2019-05-23 CVE-2019-5791 Google Type Confusion vulnerability in Google Chrome

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8
2019-05-23 CVE-2019-5790 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

6.8
2019-05-23 CVE-2017-11740 Zohocorp Improper Input Validation vulnerability in Zohocorp Manageengine Applications Manager 13.1

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm.

6.8
2019-05-23 CVE-2017-11738 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.1

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

6.8
2019-05-23 CVE-2019-12293 Freedesktop Out-Of-Bounds Read vulnerability in Freedesktop Poppler

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

6.8
2019-05-22 CVE-2018-7201 Projectsend Unspecified vulnerability in Projectsend

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.

6.8
2019-05-22 CVE-2018-7851 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

6.8
2019-05-22 CVE-2018-7840 Pelco Uncontrolled Search Path Element vulnerability in Pelco Videoxpert Opscenter

A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.

6.8
2019-05-22 CVE-2018-7828 Schneider Electric Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen.

6.8
2019-05-22 CVE-2018-7824 Schneider Electric
Microsoft
Resource Exhaustion vulnerability in Schneider-Electric Driver Suite and Modbus Serial Driver

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.

6.8
2019-05-22 CVE-2019-7842 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Media Encoder 13.0.2

Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability.

6.8
2019-05-22 CVE-2018-12886 GNU Information Exposure Through AN Error Message vulnerability in GNU GCC

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

6.8
2019-05-22 CVE-2019-8443 Atlassian Improper Authentication vulnerability in Atlassian Jira

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

6.8
2019-05-22 CVE-2019-7826 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

6.8
2019-05-22 CVE-2019-7798 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

6.8
2019-05-22 CVE-2019-7143 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

6.8
2019-05-22 CVE-2016-10750 Hazelcast Deserialization of Untrusted Data vulnerability in Hazelcast

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization.

6.8
2019-05-21 CVE-2019-12270 Opentext
Microsoft
Incorrect Permission Assignment FOR Critical Resource vulnerability in Opentext Brava! 16.3/16.4/7.5

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows.

6.8
2019-05-20 CVE-2019-12219 Libsdl Double Free vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

6.8
2019-05-24 CVE-2017-18375 Ampache Deserialization of Untrusted Data vulnerability in Ampache 3.8.3

Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.

6.5
2019-05-24 CVE-2016-10758 Phpkit Unrestricted Upload of File With Dangerous Type vulnerability in PHPkit 1.6.6

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.

6.5
2019-05-24 CVE-2016-10754 Vtiger SQL Injection vulnerability in Vtiger CRM 6.5.0

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.

6.5
2019-05-24 CVE-2016-10753 E107 Deserialization of Untrusted Data vulnerability in E107 2.1.2

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

6.5
2019-05-24 CVE-2016-10751 Osclass Path Traversal vulnerability in Osclass 3.6.1

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter.

6.5
2019-05-24 CVE-2018-19612 Westermo Unrestricted Upload of File With Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.

6.5
2019-05-24 CVE-2019-11875 Blueprism Incorrect Resource Transfer Between Spheres vulnerability in Blueprism Robotic Process Automation 6.4.0.8445

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges.

6.5
2019-05-23 CVE-2019-10852 Computrols SQL Injection vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.

6.5
2019-05-23 CVE-2017-13667 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

6.5
2019-05-22 CVE-2018-7826 Schneider Electric Command Injection vulnerability in Schneider-Electric products

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

6.5
2019-05-22 CVE-2018-7825 Schneider Electric Command Injection vulnerability in Schneider-Electric products

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

6.5
2019-05-22 CVE-2017-8777 Open Xchange Improper Authorization vulnerability in Open-Xchange OX Cloud

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

6.5
2019-05-22 CVE-2017-8340 Open Xchange Improper Access Control vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

6.5
2019-05-22 CVE-2017-6912 Open Xchange Improper Access Control vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

6.5
2019-05-22 CVE-2019-10132 Redhat
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units.

6.5
2019-05-21 CVE-2019-12251 Ucms Project SQL Injection vulnerability in Ucms Project Ucms 1.4.7

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.

6.5
2019-05-20 CVE-2019-11816 Netgate
Opnsense
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
6.5
2019-05-20 CVE-2019-12239 Wpbookingsystem Cross-Site Request Forgery (CSRF) vulnerability in Wpbookingsystem WP Booking System 1.5.1

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.

6.5
2019-05-22 CVE-2019-6820 Schneider Electric Missing Authentication FOR Critical Function vulnerability in Schneider-Electric products

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

6.4
2019-05-22 CVE-2019-6816 Schneider Electric Code Injection vulnerability in Schneider-Electric Modicon Quantum Firmware

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

6.4
2019-05-22 CVE-2019-6815 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon Quantum Firmware

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.

6.4
2019-05-22 CVE-2019-12102 Kentico Incorrect Permission Assignment FOR Critical Resource vulnerability in Kentico

** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI.

6.4
2019-05-24 CVE-2019-2726 Oracle Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.3.3

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration).

6.3
2019-05-23 CVE-2018-15664 Docker Race Condition vulnerability in Docker

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

6.2
2019-05-22 CVE-2017-5871 Odoo Open Redirect vulnerability in Odoo 10.0/8.0/9.0

Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection.

5.8
2019-05-21 CVE-2019-12253 Mylittleforum Cross-Site Request Forgery (CSRF) vulnerability in Mylittleforum MY Little Forum

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.

5.8
2019-05-20 CVE-2018-12270 Valvesoftware Improper Input Validation vulnerability in Valvesoftware Steam 1528829181

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.

5.8
2019-05-22 CVE-2018-7816 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.

5.5
2019-05-21 CVE-2019-6513 Wso2 Unrestricted Upload of File With Dangerous Type vulnerability in Wso2 API Manager 2.6.0

An issue was discovered in WSO2 API Manager 2.6.0.

5.5
2019-05-23 CVE-2019-5796 Google Race Condition vulnerability in Google Chrome

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

5.1
2019-05-23 CVE-2016-9969 Webmproject Double Free vulnerability in Webmproject Libwebp 0.5.1

In libwebp 0.5.1, there is a double free bug in libwebpmux.

5.1
2019-05-24 CVE-2019-7081 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7067 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7065 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7064 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7063 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7059 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7058 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7057 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7056 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7055 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7053 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7047 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7038 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7036 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7035 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7034 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7033 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7032 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7030 Adobe
Apple
Microsoft
Integer Overflow OR Wraparound vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an integer overflow vulnerability.

5.0
2019-05-24 CVE-2019-7028 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7024 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7023 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7022 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-7021 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-24 CVE-2019-10848 Computrols Information Exposure Through Discrepancy vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Username Enumeration.

5.0
2019-05-24 CVE-2019-12155 Qemu Null Pointer Dereference vulnerability in Qemu 4.0.0

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

5.0
2019-05-24 CVE-2019-12312 Libreswan Reachable Assertion vulnerability in Libreswan

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart.

5.0
2019-05-23 CVE-2019-10849 Computrols Missing Authorization vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.

5.0
2019-05-23 CVE-2019-10855 Computrols Inadequate Encryption Strength vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 mishandles password hashes.

5.0
2019-05-23 CVE-2016-7550 Digium Null Pointer Dereference vulnerability in Digium Asterisk 13.10.0

asterisk 13.10.0 is affected by: denial of service issues in asterisk.

5.0
2019-05-23 CVE-2019-7123 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7122 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7121 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7116 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7115 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7114 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7061 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2017-11559 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.2

An issue was discovered in ZOHO ManageEngine OpManager 12.2.

5.0
2019-05-23 CVE-2017-11557 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.3

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3.

5.0
2019-05-23 CVE-2019-7108 Adobe
Apple
Linux
Microsoft
Google
Out-Of-Bounds Read vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-23 CVE-2019-7097 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Dreamweaver

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability.

5.0
2019-05-23 CVE-2019-12300 Buildbot Improper Authentication vulnerability in Buildbot

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user.

5.0
2019-05-23 CVE-2017-5211 Open Xchange Improper Input Validation vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

5.0
2019-05-23 CVE-2017-5210 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.

5.0
2019-05-23 CVE-2019-12295 Wireshark Code Injection vulnerability in Wireshark

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash.

5.0
2019-05-22 CVE-2019-6807 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.

5.0
2019-05-22 CVE-2019-6806 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.

5.0
2019-05-22 CVE-2018-7857 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

5.0
2019-05-22 CVE-2018-7856 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

5.0
2019-05-22 CVE-2018-7855 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

5.0
2019-05-22 CVE-2018-7854 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

5.0
2019-05-22 CVE-2018-7853 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

5.0
2019-05-22 CVE-2018-7844 Schneider Electric Information Exposure vulnerability in Schneider-Electric products

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

5.0
2019-05-22 CVE-2019-6821 Schneider Electric USE of Insufficiently Random Values vulnerability in Schneider-Electric products

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

5.0
2019-05-22 CVE-2019-6819 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

5.0
2019-05-22 CVE-2018-7852 Schneider Electric Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

5.0
2019-05-22 CVE-2018-7850 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.

5.0
2019-05-22 CVE-2018-7849 Schneider Electric Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

5.0
2019-05-22 CVE-2018-7848 Schneider Electric Information Exposure vulnerability in Schneider-Electric products

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus

5.0
2019-05-22 CVE-2018-7846 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

5.0
2019-05-22 CVE-2018-7845 Schneider Electric Out-Of-Bounds Read vulnerability in Schneider-Electric products

A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.

5.0
2019-05-22 CVE-2018-7843 Schneider Electric Out-Of-Bounds Read vulnerability in Schneider-Electric products

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

5.0
2019-05-22 CVE-2018-7823 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic

A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.

5.0
2019-05-22 CVE-2018-7821 Schneider Electric Allocation of Resources Without Limits OR Throttling vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

5.0
2019-05-22 CVE-2017-8341 Open Xchange Improper Input Validation vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

5.0
2019-05-22 CVE-2019-7841 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7836 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2017-9809 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.

5.0
2019-05-22 CVE-2019-8442 Atlassian Unspecified vulnerability in Atlassian Jira

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

5.0
2019-05-22 CVE-2019-3403 Atlassian Incorrect Authorization vulnerability in Atlassian Jira

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

5.0
2019-05-22 CVE-2019-3401 Atlassian Information Exposure vulnerability in Atlassian Jira

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

5.0
2019-05-22 CVE-2019-11231 GET Simple Path Traversal vulnerability in Get-Simple Getsimple CMS

An issue was discovered in GetSimple CMS through 3.3.15.

5.0
2019-05-22 CVE-2017-6514 Wordpress Information Exposure vulnerability in Wordpress 4.7.2

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.

5.0
2019-05-22 CVE-2019-7813 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7812 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7811 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-12044 Citrix Buffer Errors vulnerability in Citrix products

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

5.0
2019-05-22 CVE-2019-11880 Commsy SQL Injection vulnerability in Commsy

CommSy through 8.6.5 has SQL Injection via the cid parameter.

5.0
2019-05-22 CVE-2019-7795 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7793 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-12247 Qemu Integer Overflow OR Wraparound vulnerability in Qemu 3.0.0

** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.

5.0
2019-05-22 CVE-2019-7790 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7789 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7780 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7778 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7777 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7776 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7775 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7774 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7773 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7771 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7770 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7769 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-22 CVE-2019-7142 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

5.0
2019-05-21 CVE-2019-12269 Enigmail Improper Verification of Cryptographic Signature vulnerability in Enigmail

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.

5.0
2019-05-20 CVE-2019-4293 IBM Unspecified vulnerability in IBM Storwize Unified V7000 Software 1.6.1/1.6.2

IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system.

5.0
2019-05-20 CVE-2019-12214 Freeimage Project Out-Of-Bounds Read vulnerability in Freeimage Project Freeimage 3.18.0

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c.

5.0
2019-05-20 CVE-2019-12212 Freeimage Project Uncontrolled Recursion vulnerability in Freeimage Project Freeimage 3.18.0

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion.

5.0
2019-05-20 CVE-2019-12211 Freeimage Project Out-Of-Bounds Write vulnerability in Freeimage Project Freeimage 3.18.0

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

5.0
2019-05-20 CVE-2019-12198 Gohttp Project Out-Of-Bounds Read vulnerability in Gohttp Project Gohttp

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.

5.0
2019-05-24 CVE-2018-13885 Qualcomm Information Exposure vulnerability in Qualcomm products

Possible memory overread may be lead to access of sensitive data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130

4.9
2019-05-24 CVE-2018-12005 Qualcomm USE After Free vulnerability in Qualcomm products

An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

4.9
2019-05-24 CVE-2018-12004 Qualcomm Information Exposure vulnerability in Qualcomm products

Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130

4.9
2019-05-24 CVE-2018-11976 Qualcomm Information Exposure vulnerability in Qualcomm products

ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

4.9
2019-05-24 CVE-2019-2248 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 820, SD 820A, SD 845 / SD 850, SDM439, SDM660, SDX20

4.6
2019-05-24 CVE-2019-2247 Qualcomm Double Free vulnerability in Qualcomm products

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

4.6
2019-05-24 CVE-2018-11924 Qualcomm Integer Overflow OR Wraparound vulnerability in Qualcomm products

Improper buffer length validation in WLAN function can lead to a potential integer oveflow issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150

4.6
2019-05-24 CVE-2018-11923 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

Improper buffer length check before copying can lead to integer overflow and then a buffer overflow in WMA event handler in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

4.6
2019-05-24 CVE-2019-7092 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability.

4.3
2019-05-24 CVE-2019-7090 Adobe
Apple
Google
Linux
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-7074 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-7073 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-7071 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-7049 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-7045 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-24 CVE-2019-10685 Heidelberg Cross-Site Scripting vulnerability in Heidelberg Prinect Archiver 2013

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.

4.3
2019-05-24 CVE-2018-12624 Eventum Project Cross-Site Scripting vulnerability in Eventum Project Eventum 3.5.0

An issue was discovered in Eventum 3.5.0.

4.3
2019-05-24 CVE-2019-8346 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf.

4.3
2019-05-24 CVE-2019-11604 Quest Cross-Site Scripting vulnerability in Quest Kace Systems Management Appliance

An issue was discovered in Quest KACE Systems Management Appliance before 9.1.

4.3
2019-05-24 CVE-2018-19613 Westermo Cross-Site Request Forgery (CSRF) vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware

Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.

4.3
2019-05-24 CVE-2016-10245 Doxygen Cross-Site Scripting vulnerability in Doxygen

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

4.3
2019-05-24 CVE-2019-12315 Samsung Cross-Site Scripting vulnerability in Samsung Scx-824 Firmware

Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter.

4.3
2019-05-24 CVE-2019-11876 Prestashop
Drupal
Cross-Site Scripting vulnerability in multiple products

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.

4.3
2019-05-24 CVE-2019-12313 Dollarshaveclub Cross-Site Scripting vulnerability in Dollarshaveclub Shave

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.

4.3
2019-05-23 CVE-2019-5803 Google Improper Input Validation vulnerability in Google Chrome

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5802 Google Improper Input Validation vulnerability in Google Chrome

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5801 Google
Apple
Improper Input Validation vulnerability in Google Chrome

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5800 Google Improper Input Validation vulnerability in Google Chrome

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5799 Google Improper Input Validation vulnerability in Google Chrome

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5798 Google
Debian
Out-Of-Bounds Read vulnerability in Google Chrome

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5794 Google Improper Input Validation vulnerability in Google Chrome

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3
2019-05-23 CVE-2019-5793 Google Improper Input Validation vulnerability in Google Chrome

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

4.3
2019-05-23 CVE-2019-10846 Computrols Cross-Site Scripting vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.

4.3
2019-05-23 CVE-2018-19614 Westermo Cross-Site Scripting vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.

4.3
2019-05-23 CVE-2019-7127 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7110 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7109 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7138 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7137 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability.

4.3
2019-05-23 CVE-2019-7136 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an use after free vulnerability.

4.3
2019-05-23 CVE-2019-7135 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7134 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2019-7133 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Bridge CC 9.0.2

Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability.

4.3
2019-05-23 CVE-2017-11739 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Applications Manager 13.1

In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard.

4.3
2019-05-23 CVE-2017-5213 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).

4.3
2019-05-23 CVE-2017-15652 Artifex Information Exposure vulnerability in Artifex Ghostscript 9.22

Artifex Ghostscript 9.22 is affected by: Obtain Information.

4.3
2019-05-23 CVE-2017-15030 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

4.3
2019-05-23 CVE-2019-12298 Leanify Project Out-Of-Bounds Write vulnerability in Leanify Project Leanify 0.4.3

Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file.

4.3
2019-05-23 CVE-2019-0201 Apache
Debian
Missing Authorization vulnerability in multiple products

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.

4.3
2019-05-22 CVE-2018-7803 Schneider Electric Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Schneider-Electric Triconex Tristation Emulator 1.2.0

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet.

4.3
2019-05-22 CVE-2018-7834 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric Tsxetg100 Firmware

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.

4.3
2019-05-22 CVE-2017-9808 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

4.3
2019-05-22 CVE-2017-5984 Libav Out-Of-Bounds Read vulnerability in Libav 9.21

In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.

4.3
2019-05-22 CVE-2017-5864 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).

4.3
2019-05-22 CVE-2019-7844 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Media Encoder 13.0.2

Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-3402 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

4.3
2019-05-22 CVE-2019-12167 Emerson Cross-Site Scripting vulnerability in Emerson Liebert Challenger Firmware 5.1E0.5

httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

4.3
2019-05-22 CVE-2018-7202 Projectsend Cross-Site Scripting vulnerability in Projectsend

An issue was discovered in ProjectSend before r1053.

4.3
2019-05-22 CVE-2019-11841 Golang Cryptographic Issues vulnerability in Golang Crypto 20190325

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25.

4.3
2019-05-22 CVE-2019-7810 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7803 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7802 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7801 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7799 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7794 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7787 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7785 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability.

4.3
2019-05-22 CVE-2019-7758 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7145 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7144 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7141 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-22 CVE-2019-7140 Adobe
Apple
Microsoft
Out-Of-Bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability.

4.3
2019-05-21 CVE-2019-12189 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

4.3
2019-05-21 CVE-2019-12250 Identityserver Cross-Site Scripting vulnerability in Identityserver Identityserver4

** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.

4.3
2019-05-20 CVE-2019-10078 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

4.3
2019-05-20 CVE-2019-10077 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

4.3
2019-05-20 CVE-2019-10076 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

4.3
2019-05-20 CVE-2019-12222 Libsdl Out-Of-Bounds Read vulnerability in Libsdl Simple Directmedia Layer 2.0.9

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9.

4.3
2019-05-20 CVE-2019-12221 Libsdl Buffer Errors vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

4.3
2019-05-20 CVE-2019-12220 Libsdl Out-Of-Bounds Read vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

4.3
2019-05-20 CVE-2019-12218 Libsdl Null Pointer Dereference vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

4.3
2019-05-20 CVE-2019-12217 Libsdl Null Pointer Dereference vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

4.3
2019-05-20 CVE-2019-12216 Libsdl Out-Of-Bounds Write vulnerability in Libsdl Sdl2 Image and Simple Directmedia Layer

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.

4.3
2019-05-20 CVE-2019-12213 Freeimage Project Uncontrolled Recursion vulnerability in Freeimage Project Freeimage 3.18.0

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

4.3
2019-05-20 CVE-2019-11809 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.6.

4.3
2019-05-24 CVE-2016-10755 Abantecart SQL Injection vulnerability in Abantecart 1.2.8

AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.

4.0
2019-05-24 CVE-2018-10815 Cloudera Information Exposure vulnerability in Cloudera Manager

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1.

4.0
2019-05-23 CVE-2019-12309 Dotcms Path Traversal vulnerability in Dotcms

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files.

4.0
2019-05-23 CVE-2019-10851 Computrols KEY Management Errors vulnerability in Computrols Building Automation Software

Computrols CBAS 18.0.0 has hard-coded encryption keys.

4.0
2019-05-23 CVE-2017-11561 Zohocorp Unrestricted Upload of File With Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2

An issue was discovered in ZOHO ManageEngine OpManager 12.2.

4.0
2019-05-23 CVE-2017-15029 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

4.0
2019-05-22 CVE-2019-6812 Schneider Electric USE of Hard-Coded Credentials vulnerability in Schneider-Electric Bmx-Nor-0200H Firmware 1.7

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.

4.0
2019-05-22 CVE-2018-7788 Schneider Electric Credentials Management vulnerability in Schneider-Electric Modicon Quantum Firmware

A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40.

4.0
2019-05-22 CVE-2018-1991 IBM Information Exposure vulnerability in IBM API Connect

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers.

4.0
2019-05-22 CVE-2019-9892 Otrs
Debian
XML Injection (Aka Blind Xpath Injection) vulnerability in multiple products

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6.

4.0
2019-05-21 CVE-2019-12252 Zohocorp Authorization Bypass Through User-Controlled KEY vulnerability in Zohocorp Manageengine Servicedesk Plus

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.

4.0
2019-05-21 CVE-2019-10320 Jenkins File and Directory Information Exposure vulnerability in Jenkins Credentials

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

4.0
2019-05-21 CVE-2019-10319 Jenkins Permission Issues vulnerability in Jenkins Pluggable Authentication Module

A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.

4.0
2019-05-20 CVE-2019-4058 IBM Improper Restriction of Rendered UI Layers OR Frames vulnerability in IBM Bigfix Platform

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators.

4.0
2019-05-20 CVE-2019-12215 Matomo Information Exposure Through AN Error Message vulnerability in Matomo 3.9.1

** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig.

4.0

19 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-22 CVE-2019-5625 Eaton Insufficiently Protected Credentials vulnerability in Eaton Halo Home 1.9.0

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file.

3.6
2019-05-24 CVE-2019-12195 TP Link Cross-Site Scripting vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.13.16

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name.

3.5
2019-05-23 CVE-2017-11560 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2

An issue was discovered in ZOHO ManageEngine OpManager 12.2.

3.5
2019-05-23 CVE-2017-13668 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

3.5
2019-05-23 CVE-2017-17061 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

3.5
2019-05-22 CVE-2018-7827 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric products

A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen.

3.5
2019-05-22 CVE-2019-10067 Otrs Cross-Site Scripting vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17.

3.5
2019-05-22 CVE-2019-10066 Otrs Cross-Site Scripting vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12.

3.5
2019-05-21 CVE-2019-12190 Centos Webpanel Cross-Site Scripting vulnerability in Centos-Webpanel Centos web Panel

XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.

3.5
2019-05-20 CVE-2019-4011 IBM Cross-Site Scripting vulnerability in IBM Bigfix Platform

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting.

3.5
2019-05-24 CVE-2018-18060 Bitdefender Out-Of-Bounds Read vulnerability in Bitdefender Scan Engines 7.76662/7.76675

An issue was discovered in Bitdefender Engines before 7.76808.

2.6
2019-05-24 CVE-2018-18059 Bitdefender Out-Of-Bounds Read vulnerability in Bitdefender Scan Engines 7.76662

An issue was discovered in Bitdefender Engines before 7.76675.

2.6
2019-05-24 CVE-2018-18058 Bitdefender Divide BY Zero vulnerability in Bitdefender Scan Engines

An issue was discovered in Bitdefender Engines before 7.76662.

2.6
2019-05-23 CVE-2019-5804 Google
Microsoft
Argument Injection OR Modification vulnerability in Google Chrome

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

2.1
2019-05-23 CVE-2019-4039 IBM Information Exposure Through LOG Files vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system.

2.1
2019-05-22 CVE-2018-7822 Schneider Electric Incorrect Default Permissions vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic

An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.

2.1
2019-05-22 CVE-2019-5627 Bluecats Insufficiently Protected Credentials vulnerability in Bluecats BC Reveal

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e.

2.1
2019-05-22 CVE-2019-5626 Bluecats Insufficiently Protected Credentials vulnerability in Bluecats Reveal 3.0.18

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file.

2.1
2019-05-20 CVE-2018-2005 IBM Information Exposure vulnerability in IBM Bigfix Platform

IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions.

2.1