Weekly Vulnerabilities Reports > May 27 to June 2, 2019

Overview

141 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 147 products from 73 vendors including Synacor, Fedoraproject, Linux, Bosch, and Fortinet. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Path Traversal", "Out-of-bounds Write", and "NULL Pointer Dereference".

  • 110 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 56 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Synacor has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-31 CVE-2019-9653 Nuuo OS Command Injection vulnerability in Nuuo Network Video Recorder Firmware

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.

10.0
2019-05-31 CVE-2019-6725 Zyxel USE of Hard-Coded Credentials vulnerability in Zyxel P-660Hn-T1 Firmware 2.00(Aakk.3)

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices.

10.0
2019-05-31 CVE-2019-9891 Tldp Code Injection vulnerability in Tldp Advanced Bash-Scripting Guide

The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.

10.0
2019-05-31 CVE-2019-9871 Jector Missing Authentication FOR Critical Function vulnerability in Jector Fm-K75 Firmware

Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.

10.0
2019-05-29 CVE-2019-12165 Mitel Unspecified vulnerability in Mitel Micollab and Micollab AWV

MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability.

10.0
2019-05-31 CVE-2019-12502 Mobotix Cross-Site Request Forgery (CSRF) vulnerability in Mobotix S14 Firmware Mxv4.2.1.61

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.

9.3
2019-05-31 CVE-2019-12499 Firejail Project Unspecified vulnerability in Firejail Project Firejail

Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated.

9.3
2019-05-28 CVE-2019-5589 Fortinet Untrusted Search Path vulnerability in Fortinet Forticlient

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

9.3
2019-05-31 CVE-2019-10048 Pydio OS Command Injection vulnerability in Pydio

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server.

9.0
2019-05-30 CVE-2018-8029 Apache Unspecified vulnerability in Apache Hadoop

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

9.0
2019-05-29 CVE-2019-6322 HP Improper Locking vulnerability in HP products

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled.

9.0
2019-05-29 CVE-2019-6321 HP Improper Locking vulnerability in HP products

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled.

9.0
2019-05-29 CVE-2018-16217 Yealink OS Command Injection vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35

The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.

9.0

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-29 CVE-2018-19978 Auerswald Buffer Errors vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589

A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device.

7.7
2019-05-29 CVE-2018-19977 Auerswald OS Command Injection vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.

7.7
2019-05-29 CVE-2018-16221 Yealink Path Traversal vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).

7.7
2019-06-02 CVE-2019-12530 Glpi Dashboard Project Improper Authentication vulnerability in Glpi Dashboard Project Glpi Dashboard

Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.

7.5
2019-05-31 CVE-2019-9106 Saet Path Traversal vulnerability in Saet Tebe Small Firmware and Webapp

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

7.5
2019-05-31 CVE-2019-10123 AIS SQL Injection vulnerability in AIS Logistic Software

SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database.

7.5
2019-05-31 CVE-2019-10069 Godotengine Deserialization of Untrusted Data vulnerability in Godotengine Godot

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

7.5
2019-05-31 CVE-2018-20815 Qemu Buffer Errors vulnerability in Qemu 3.1.0

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

7.5
2019-05-31 CVE-2019-9874 Sitecore Deserialization of Untrusted Data vulnerability in Sitecore CMS and Experience Platform

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

7.5
2019-05-30 CVE-2019-8457 Sqlite
Canonical
Fedoraproject
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

7.5
2019-05-29 CVE-2019-9670 Synacor XXE vulnerability in Synacor Zimbra Collaboration Suite

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.

7.5
2019-05-29 CVE-2019-6980 Synacor Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.

7.5
2019-05-29 CVE-2018-20160 Synacor XXE vulnerability in Synacor Zimbra Collaboration Suite

ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.

7.5
2019-05-29 CVE-2019-6957 Bosch Out-Of-Bounds Write vulnerability in Bosch products

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK).

7.5
2019-05-29 CVE-2019-9732 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-05-29 CVE-2019-9485 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-05-29 CVE-2019-12450 Gnome Race Condition vulnerability in Gnome Glib

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.

7.5
2019-05-29 CVE-2019-9218 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

7.5
2019-05-29 CVE-2019-12440 Sitecore Improper Authentication vulnerability in Sitecore Rocks

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

7.5
2019-05-28 CVE-2018-17198 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Roller

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability.

7.5
2019-05-30 CVE-2018-4048 GOG Exposure of Resource TO Wrong Sphere vulnerability in GOG Galaxy 1.2.48.36

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer).

7.2
2019-05-30 CVE-2019-12456 Linux Unspecified vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5.

7.2
2019-05-30 CVE-2019-12454 Linux Unspecified vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5.

7.2
2019-05-29 CVE-2019-11895 Bosch Improper Access Control vulnerability in Bosch Smart Home Controller Firmware

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators.

7.1

91 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-30 CVE-2019-12483 Gpac Out-Of-Bounds Write vulnerability in Gpac 0.7.1

An issue was discovered in GPAC 0.7.1.

6.8
2019-05-29 CVE-2019-11896 Bosch Permission Issues vulnerability in Bosch Smart Home Controller Firmware

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions.

6.8
2019-05-29 CVE-2019-11892 Bosch Improper Access Control vulnerability in Bosch Smart Home Controller Firmware

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups.

6.8
2019-05-29 CVE-2019-11872 Incsub Unspecified vulnerability in Incsub Hustle 6.0.7

The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window.

6.8
2019-05-29 CVE-2018-16218 Yealink Cross-Site Request Forgery (CSRF) vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

6.8
2019-05-29 CVE-2019-9865 Windriver Integer Overflow OR Wraparound vulnerability in Windriver Vxworks

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy.

6.8
2019-05-29 CVE-2019-12448 Gnome Race Condition vulnerability in Gnome Gvfs

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.

6.8
2019-05-28 CVE-2019-5440 Revive Adserver USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Revive-Adserver Revive Adserver

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality.

6.8
2019-06-02 CVE-2017-18376 Thehive Project Permissions, Privileges, and Access Controls vulnerability in Thehive-Project Thehive

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges.

6.5
2019-05-31 CVE-2019-9875 Sitecore Deserialization of Untrusted Data vulnerability in Sitecore CMS

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.

6.5
2019-05-31 CVE-2019-10328 Jenkins Protection Mechanism Failure vulnerability in Jenkins Pipeline Remote Loader

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

6.5
2019-05-29 CVE-2019-9858 Horde Code Injection vulnerability in Horde Groupware 5.2.17/5.2.22

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17.

6.5
2019-05-28 CVE-2019-10967 Emerson Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Emerson Ovation Ocr400 Firmware

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.

6.5
2019-05-28 CVE-2019-10965 Emerson Out-Of-Bounds Write vulnerability in Emerson Ovation Ocr400 Firmware

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.

6.5
2019-05-28 CVE-2019-7394 CA Permissions, Privileges, and Access Controls vulnerability in CA Risk Authentication and Strong Authentication

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.

6.5
2019-05-31 CVE-2019-10045 Pydio Session Fixation vulnerability in Pydio

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value.

6.4
2019-05-29 CVE-2019-6958 Bosch Missing Authentication FOR Critical Function vulnerability in Bosch products

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK).

6.4
2019-06-02 CVE-2019-12515 Glyphandcog Out-Of-Bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01.

5.8
2019-05-31 CVE-2019-12493 Glyphandcog Out-Of-Bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions.

5.8
2019-05-27 CVE-2019-12360 Glyphandcog Out-Of-Bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01.

5.8
2019-05-31 CVE-2019-10327 Jenkins XXE vulnerability in Jenkins Pipeline Maven Integration

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

5.5
2019-05-30 CVE-2019-9723 Logicaldoc Path Traversal vulnerability in Logicaldoc 8.0/8.1/8.1.1

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.

5.5
2019-05-29 CVE-2019-11891 Bosch Permissions, Privileges, and Access Controls vulnerability in Bosch Smart Home Controller Firmware

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing.

5.4
2019-05-31 CVE-2019-9105 Saet Information Exposure vulnerability in Saet Tebe Small Firmware and Webapp

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.

5.0
2019-05-31 CVE-2019-10046 Pydio Missing Authentication FOR Critical Function vulnerability in Pydio 8.2.2

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.

5.0
2019-05-31 CVE-2019-10330 Gitea Improper Access Control vulnerability in Gitea

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

5.0
2019-05-31 CVE-2019-12496 Hybridgroup Improper Certificate Validation vulnerability in Hybridgroup Gobot

An issue was discovered in Hybrid Group Gobot before 1.13.0.

5.0
2019-05-30 CVE-2019-12482 Gpac Null Pointer Dereference vulnerability in Gpac 0.7.1

An issue was discovered in GPAC 0.7.1.

5.0
2019-05-30 CVE-2019-12480 Bacnet Protocol Stack Project Out-Of-Bounds Read vulnerability in Bacnet Protocol Stack Project Bacnet Protocol Stack

BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services.

5.0
2019-05-30 CVE-2018-20840 Google Improper Check FOR Unusual OR Exceptional Conditions vulnerability in Google API C++ Client

An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10.

5.0
2019-05-30 CVE-2018-15131 Synacor Information Exposure vulnerability in Synacor Zimbra Collaboration Suite

An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3.

5.0
2019-05-30 CVE-2019-12459 Afian Path Traversal vulnerability in Afian Filerun 2019.05.21

FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing.

5.0
2019-05-30 CVE-2019-12458 Afian Path Traversal vulnerability in Afian Filerun 2019.05.21

FileRun 2019.05.21 allows css/ext-ux Directory Listing.

5.0
2019-05-30 CVE-2019-12457 Afian Path Traversal vulnerability in Afian Filerun 2019.05.21

FileRun 2019.05.21 allows images/extjs Directory Listing.

5.0
2019-05-29 CVE-2018-13365 Fortinet Information Exposure vulnerability in Fortinet Fortios

An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.

5.0
2019-05-29 CVE-2019-4256 IBM Inadequate Encryption Strength vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2019-05-28 CVE-2019-0188 Apache
Oracle
XXE vulnerability in multiple products

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library.

5.0
2019-05-28 CVE-2019-12395 Dynmap Project
Getbukkit
Improper Authentication vulnerability in multiple products

In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.

5.0
2019-05-31 CVE-2019-10049 Pydio Cross-Site Scripting vulnerability in Pydio

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).

4.9
2019-05-30 CVE-2019-12455 Linux Null Pointer Dereference vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5.

4.9
2019-05-29 CVE-2019-11893 Bosch Permission Issues vulnerability in Bosch Smart Home Controller Firmware

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions.

4.9
2019-05-29 CVE-2019-12447 Gnome
Canonical
Fedoraproject
Opensuse
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
4.9
2019-05-28 CVE-2019-12382 Linux Null Pointer Dereference vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5.

4.9
2019-05-28 CVE-2019-12381 Linux Null Pointer Dereference vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5.

4.9
2019-05-28 CVE-2019-12379 Linux Memory Leak vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5.

4.9
2019-05-28 CVE-2019-12378 Linux Null Pointer Dereference vulnerability in Linux Kernel

** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5.

4.9
2019-05-30 CVE-2019-11091 Intel
Fedoraproject
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
4.7
2019-05-30 CVE-2018-12130 Intel
Fedoraproject
Information Exposure vulnerability in multiple products

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

4.7
2019-05-30 CVE-2018-12127 Intel
Fedoraproject
Information Exposure vulnerability in multiple products

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

4.7
2019-05-30 CVE-2018-12126 Intel
Fedoraproject
Information Exposure vulnerability in multiple products

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

4.7
2019-05-31 CVE-2019-5678 Nvidia
Microsoft
Improper Input Validation vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated.

4.6
2019-05-30 CVE-2018-9193 Fortinet Unspecified vulnerability in Fortinet Forticlient

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file.

4.6
2019-05-30 CVE-2018-9191 Fortinet Unspecified vulnerability in Fortinet Forticlient

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.

4.6
2019-05-30 CVE-2018-13368 Fortinet Unspecified vulnerability in Fortinet Forticlient

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.

4.6
2019-05-29 CVE-2019-12439 Projectatomic Improper Input Validation vulnerability in Projectatomic Bubblewrap

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point.

4.6
2019-05-28 CVE-2019-5436 Haxx
Opensuse
Fedoraproject
Debian
F5
Netapp
Oracle
Out-Of-Bounds Write vulnerability in multiple products

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

4.6
2019-05-28 CVE-2019-12372 Petraware SQL Injection vulnerability in Petraware Ptransformer ADC

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

4.6
2019-05-31 CVE-2019-10038 Evernote Path Traversal vulnerability in Evernote 7.9

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

4.4
2019-05-31 CVE-2019-10326 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings Next Generation 5.0.0

A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.

4.3
2019-05-31 CVE-2019-10324 Jfrog Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

4.3
2019-05-31 CVE-2019-10321 Jfrog Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2019-05-31 CVE-2019-12507 Phprelativepath Project Cross-Site Scripting vulnerability in PHPrelativepath Project PHPrelativepath 1.0.1/1.0.2

An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.

4.3
2019-05-31 CVE-2019-12495 Tinycc Out-Of-Bounds Write vulnerability in Tinycc 0.9.27

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27.

4.3
2019-05-30 CVE-2019-12481 Gpac Null Pointer Dereference vulnerability in Gpac 0.7.1

An issue was discovered in GPAC 0.7.1.

4.3
2019-05-30 CVE-2015-7609 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.6.0

Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.

4.3
2019-05-30 CVE-2015-2230 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Server

Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.

4.3
2019-05-30 CVE-2018-14425 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.

4.3
2019-05-30 CVE-2019-12461 Webport Cross-Site Scripting vulnerability in Webport web Port 1.19.1

Web Port 1.19.1 allows XSS via the /log type parameter.

4.3
2019-05-30 CVE-2019-12460 Webport Cross-Site Scripting vulnerability in Webport web Port 1.19.1

Web Port 1.19.1 allows XSS via the /access/setup type parameter.

4.3
2019-05-29 CVE-2018-18631 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.

4.3
2019-05-29 CVE-2018-14013 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.

4.3
2019-05-29 CVE-2019-12347 Netgate Cross-Site Scripting vulnerability in Netgate Pfsense 2.4.4

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action.

4.3
2019-05-29 CVE-2019-7129 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager Forms 6.2/6.3/6.4

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability.

4.3
2019-05-29 CVE-2018-13383 Fortinet Out-Of-Bounds Write vulnerability in Fortinet Fortios and Fortiproxy

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

4.3
2019-05-29 CVE-2019-4264 IBM Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate.

4.3
2019-05-29 CVE-2019-4138 IBM Insufficiently Protected Credentials vulnerability in IBM Spectrum Control

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2019-05-29 CVE-2019-4137 IBM Cross-Site Scripting vulnerability in IBM Spectrum Control

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting.

4.3
2019-05-28 CVE-2019-0221 Apache Cross-Site Scripting vulnerability in Apache Tomcat

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS.

4.3
2019-05-28 CVE-2019-5435 Haxx Integer Overflow OR Wraparound vulnerability in Haxx Curl

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

4.3
2019-05-28 CVE-2018-13375 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter.

4.3
2019-05-28 CVE-2019-12383 Torproject Information Exposure Through Discrepancy vulnerability in Torproject TOR Browser

Tor Browser before 8.0.1 has an information exposure vulnerability.

4.3
2019-05-27 CVE-2019-12362 Phome Cross-Site Scripting vulnerability in Phome Empirecms 7.5.0

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.

4.3
2019-05-27 CVE-2019-12361 Phome Cross-Site Request Forgery (CSRF) vulnerability in Phome Empirecms 7.5.0

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template.

4.3
2019-05-27 CVE-2019-12345 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Hostel

XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.

4.3
2019-05-31 CVE-2019-10329 Eficode Credentials Management vulnerability in Eficode Influxdb

Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

4.0
2019-05-31 CVE-2019-10323 Jfrog Permission Issues vulnerability in Jfrog Artifactory

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

4.0
2019-05-31 CVE-2019-10322 Jfrog Permission Issues vulnerability in Jfrog Artifactory

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2019-05-29 CVE-2019-6981 Synacor Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite

Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.

4.0
2019-05-29 CVE-2019-9866 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3.

4.0
2019-05-29 CVE-2019-7549 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3.

4.0
2019-05-28 CVE-2019-7393 CA Information Exposure vulnerability in CA Risk Authentication and Strong Authentication

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-05-31 CVE-2019-10047 Pydio Cross-Site Scripting vulnerability in Pydio

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application.

3.5
2019-05-31 CVE-2019-10325 Jenkins Cross-Site Scripting vulnerability in Jenkins Warnings Next Generation

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.

3.5
2019-05-30 CVE-2018-10948 Synacor Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.

3.5
2019-05-29 CVE-2019-12452 Containous Insufficiently Protected Credentials vulnerability in Containous Traefik

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section.

3.5
2019-05-29 CVE-2019-12449 Gnome
Canonical
Fedoraproject
Opensuse
Improper Handling of Exceptional Conditions vulnerability in multiple products

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.

3.5
2019-05-29 CVE-2019-4184 IBM Cross-Site Scripting vulnerability in IBM Jazz Reporting Service

IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting.

3.5
2019-05-29 CVE-2019-4139 IBM Cross-Site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting.

3.5
2019-05-31 CVE-2019-12500 MI Missing Authentication FOR Critical Function vulnerability in MI M365 Firmware

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands.

3.3
2019-05-29 CVE-2019-11894 Bosch Improper Access Control vulnerability in Bosch Smart Home Controller Firmware

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup.

2.9
2019-05-31 CVE-2019-10981 Schneider Electric Credentials Management vulnerability in Schneider-Electric Citectscada and Scada Expert Vijeo Citect

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials.

2.1
2019-05-29 CVE-2019-9221 Gitlab Improper Input Validation vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.

2.1
2019-05-28 CVE-2018-20008 Iball Cleartext Storage of Sensitive Information vulnerability in Iball 300M 2-Port Wireless-N Broadband Router Firmware Ibwrb302N20122017

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

2.1
2019-05-28 CVE-2019-12380 Linux 7PK - Errors vulnerability in Linux Kernel

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5.

2.1