Weekly Vulnerabilities Reports > June 3 to 9, 2019

Overview

403 new vulnerabilities reported during this period, including 122 critical vulnerabilities and 58 high severity vulnerabilities. This weekly summary report vulnerabilities in 609 products from 133 vendors including HP, Foxitsoftware, Huawei, IBM, and Moxa. Vulnerabilities are notably categorized as "Expression Language Injection", "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", and "Use After Free".

  • 345 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 178 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 260 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 107 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 97 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

122 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-07 CVE-2019-2097 Google Incorrect Type Conversion OR Cast vulnerability in Google Android

In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion.

10.0
2019-06-07 CVE-2018-10698 Moxa Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

10.0
2019-06-07 CVE-2019-12776 Enttec USE of Hard-Coded Credentials vulnerability in Enttec products

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482.

10.0
2019-06-05 CVE-2018-10171 Kromtech Incorrect Permission Assignment FOR Critical Resource vulnerability in Kromtech Mackeeper 3.20.4

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component.

10.0
2019-06-05 CVE-2019-11949 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5391 HP Out-Of-Bounds Write vulnerability in HP Intelligent Management Center

A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5390 HP Command Injection vulnerability in HP Intelligent Management Center

A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5387 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5367 HP Insecure Default Initialization of Resource vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5358 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5356 HP Path Traversal vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5352 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-5347 HP Unspecified vulnerability in HP Intelligent Management Center

A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-11945 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2019-11944 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2018-7124 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-05 CVE-2018-7121 HP Improper Authentication vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

10.0
2019-06-03 CVE-2019-10883 Citrix OS Command Injection vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

10.0
2019-06-03 CVE-2017-14853 Orpak Code Injection vulnerability in Orpak Siteomat 6.4.414.084

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command.

10.0
2019-06-07 CVE-2019-2099 Google Out-Of-Bounds Write vulnerability in Google Android

In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check.

9.3
2019-06-07 CVE-2019-2094 Google Out-Of-Bounds Write vulnerability in Google Android

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks.

9.3
2019-06-07 CVE-2019-2093 Google Out-Of-Bounds Write vulnerability in Google Android 9.0

In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check.

9.3
2019-06-07 CVE-2018-10697 Moxa OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

9.3
2019-06-06 CVE-2019-5242 Huawei Improper Input Validation vulnerability in Huawei Pcmanager 9.0.1.50

There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50.

9.3
2019-06-06 CVE-2019-5241 Huawei Unspecified vulnerability in Huawei Pcmanager 9.0.1.50

There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50.

9.3
2019-06-05 CVE-2019-11957 HP Out-Of-Bounds Write vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.3
2019-06-05 CVE-2019-12735 VIM
Neovim
OS Command Injection vulnerability in VIM

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

9.3
2019-06-03 CVE-2019-12177 HTC Untrusted Search Path vulnerability in HTC Viveport

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

9.3
2019-06-03 CVE-2019-3567 Linuxfoundation Link Following vulnerability in Linuxfoundation Osquery

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions.

9.3
2019-06-03 CVE-2018-5406 Quest Permissions, Privileges, and Access Controls vulnerability in Quest Kace Systems Management Appliance Firmware

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism.

9.3
2019-06-03 CVE-2019-12569 Rakuten Untrusted Search Path vulnerability in Rakuten Viber

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system.

9.3
2019-06-07 CVE-2019-12775 Enttec Improper Privilege Management vulnerability in Enttec products

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482.

9.0
2019-06-06 CVE-2019-6989 TP Link Out-Of-Bounds Write vulnerability in Tp-Link Tl-Wr940N Firmware and Tl-Wr941Nd Firmware

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function.

9.0
2019-06-06 CVE-2019-9929 Northern Information Exposure Through LOG Files vulnerability in Northern Cfengine 3.12.1

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.

9.0
2019-06-06 CVE-2019-11080 Sitecore Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform

Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863.

9.0
2019-06-05 CVE-2019-9189 Primasystems Unrestricted Upload of File With Dangerous Type vulnerability in Primasystems Flexair 2.3.38

Prima Systems FlexAir, Versions 2.4.9api3 and prior.

9.0
2019-06-05 CVE-2019-1861 Cisco Unrestricted Upload of File With Dangerous Type vulnerability in Cisco Industrial Network Director 1.1(0.176)/1.5(0.250)

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code.

9.0
2019-06-05 CVE-2019-11986 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11985 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11984 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11980 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11979 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11978 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11977 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11976 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11975 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11974 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11973 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11972 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11971 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11970 HP SQL Injection vulnerability in HP Intelligent Management Center

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11969 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11968 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11967 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11966 HP Cleartext Storage of Sensitive Information vulnerability in HP Intelligent Management Center

A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11965 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11964 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11963 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11962 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11961 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11960 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11959 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11958 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11956 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11955 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11954 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11953 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11952 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11951 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11950 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5389 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5388 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5386 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5385 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5384 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5383 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5382 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5381 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5380 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5379 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5378 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5377 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5376 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5375 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5374 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5373 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5372 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5371 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5370 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5369 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5368 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5366 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5365 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5364 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5363 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5362 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5361 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5360 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5359 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5357 HP Unrestricted Upload of File With Dangerous Type vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5354 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5353 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5351 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5350 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5349 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5348 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5346 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5345 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5344 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5343 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5342 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5341 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5340 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5339 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-5338 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11948 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11947 HP USE of Hard-Coded Credentials vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11943 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11942 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-05 CVE-2019-11941 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

9.0
2019-06-03 CVE-2019-11646 Microfocus Unspecified vulnerability in Microfocus Service Manager

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61.

9.0
2019-06-03 CVE-2019-3397 Atlassian Path Traversal vulnerability in Atlassian Bitbucket

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

9.0

58 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-06 CVE-2019-8320 Rubygems Path Traversal vulnerability in Rubygems

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.

8.8
2019-06-05 CVE-2019-6800 Titanhq Injection vulnerability in Titanhq Spamtitan

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function.

8.5
2019-06-07 CVE-2019-12506 Logitech Missing Authentication FOR Critical Function vulnerability in Logitech R700 Laser Presentation Remote Firmware Wd802Xm/Wd904Xm

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks.

8.3
2019-06-07 CVE-2019-12505 Inateck Missing Authentication FOR Critical Function vulnerability in Inateck Wp1001 Firmware 1.3C

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks.

8.3
2019-06-07 CVE-2019-12504 Inateck Insufficient Verification of Data Authenticity vulnerability in Inateck Wp2002 Firmware

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks.

8.3
2019-06-07 CVE-2019-2102 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK).

8.3
2019-06-05 CVE-2019-11983 HP Buffer Errors vulnerability in HP products

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

8.3
2019-06-03 CVE-2019-3846 Linux
Redhat
Canonical
Netapp
Fedoraproject
Debian
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

8.3
2019-06-05 CVE-2019-5355 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

7.8
2019-06-05 CVE-2018-7123 HP Improper Authentication vulnerability in HP Intelligent Management Center

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

7.8
2019-06-04 CVE-2019-5285 Huawei Improper Input Validation vulnerability in Huawei products

Some Huawei S series switches have a DoS vulnerability.

7.8
2019-06-04 CVE-2019-12727 UI Out-Of-Bounds Read vulnerability in UI Aircam Firmware 3.1.4

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary.

7.8
2019-06-03 CVE-2019-12615 Linux Null Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6.

7.8
2019-06-07 CVE-2019-2095 Google USE After Free vulnerability in Google Android 9.0

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition.

7.6
2019-06-06 CVE-2019-5216 Huawei Race Condition vulnerability in Huawei products

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8).

7.6
2019-06-05 CVE-2019-11982 HP Cross-Site Scripting vulnerability in HP products

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

7.6
2019-06-07 CVE-2019-9087 Digitaldruid SQL Injection vulnerability in Digitaldruid Hoteldruid

HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.

7.5
2019-06-07 CVE-2019-9086 Digitaldruid SQL Injection vulnerability in Digitaldruid Hoteldruid

HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.

7.5
2019-06-07 CVE-2019-12601 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).

7.5
2019-06-07 CVE-2019-12600 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).

7.5
2019-06-07 CVE-2019-12599 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.

7.5
2019-06-07 CVE-2019-12598 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).

7.5
2019-06-07 CVE-2018-19800 Aubio Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aubio

aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.

7.5
2019-06-07 CVE-2019-12771 Thinstation Project OS Command Injection vulnerability in Thinstation Project Thinstation

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.

7.5
2019-06-06 CVE-2019-11523 Anviz Missing Authentication FOR Critical Function vulnerability in Anviz M3 Firmware

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source.

7.5
2019-06-06 CVE-2019-12135 Papercut Unspecified vulnerability in Papercut MF and Papercut NG

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.

7.5
2019-06-05 CVE-2019-8385 Thomsonreuters Path Traversal vulnerability in Thomsonreuters Concourse Matter Room and Firm Central Desktop

An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358.

7.5
2019-06-05 CVE-2019-7672 Primasystems USE of Hard-Coded Credentials vulnerability in Primasystems Flexair 2.3.38

Prima Systems FlexAir, Versions 2.3.38 and prior.

7.5
2019-06-05 CVE-2019-12196 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Netflow Analyzer 12.3

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.

7.5
2019-06-05 CVE-2019-11988 HPE Unspecified vulnerability in HPE Smart Update Manager

A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.

7.5
2019-06-05 CVE-2019-9642 Pydio Unrestricted Upload of File With Dangerous Type vulnerability in Pydio

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2.

7.5
2019-06-05 CVE-2019-9548 Citrix Unspecified vulnerability in Citrix Application Delivery Management 12.1

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

7.5
2019-06-05 CVE-2019-12553 Sweetscape Out-Of-Bounds Write vulnerability in Sweetscape 010 Editor 9.0.1

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

7.5
2019-06-05 CVE-2019-10149 Exim Improper Input Validation vulnerability in Exim

A flaw was found in Exim versions 4.87 to 4.91 (inclusive).

7.5
2019-06-05 CVE-2019-11768 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin before 4.9.0.1.

7.5
2019-06-04 CVE-2019-12730 Ffmpeg USE of Uninitialized Resource vulnerability in Ffmpeg

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

7.5
2019-06-03 CVE-2019-11367 AUO Missing Encryption of Sensitive Data vulnerability in AUO Solar Data Recorder

An issue was discovered in AUO Solar Data Recorder before 1.3.0.

7.5
2019-06-03 CVE-2019-11185 WP Livechat Unrestricted Upload of File With Dangerous Type vulnerability in Wp-Livechat WP Live Chat Support PRO

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability.

7.5
2019-06-03 CVE-2019-12377 Ivanti Unrestricted Upload of File With Dangerous Type vulnerability in Ivanti Landesk Management Suite 10.0.1.168

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

7.5
2019-06-03 CVE-2019-11356 Cyrus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cyrus Imap

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

7.5
2019-06-03 CVE-2017-14854 Orpak Buffer Errors vulnerability in Orpak Siteomat 6.4.414.084

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution.

7.5
2019-06-03 CVE-2019-6742 Samsung Code Injection vulnerability in Samsung Galaxy S9 Firmware

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2.

7.5
2019-06-03 CVE-2017-14851 Orpak SQL Injection vulnerability in Orpak Siteomat

A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25.

7.5
2019-06-03 CVE-2017-14728 Orpak USE of Hard-Coded Credentials vulnerability in Orpak Siteomat

An authentication bypass was found in an unknown area of the SiteOmat source code.

7.5
2019-06-03 CVE-2019-11580 Atlassian Unspecified vulnerability in Atlassian Crowd

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds.

7.5
2019-06-03 CVE-2019-12585 Apcupsd
Netgate
OS Command Injection vulnerability in multiple products

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

7.5
2019-06-07 CVE-2019-2098 Google Missing Authorization vulnerability in Google Android

In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check.

7.2
2019-06-07 CVE-2019-2096 Google Double Free vulnerability in Google Android

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free.

7.2
2019-06-07 CVE-2019-2092 Google Missing Authorization vulnerability in Google Android

In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check.

7.2
2019-06-07 CVE-2019-2091 Google Missing Authorization vulnerability in Google Android

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check.

7.2
2019-06-07 CVE-2018-19999 Solarwinds Improper Authentication vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation.

7.2
2019-06-07 CVE-2019-12777 Enttec Incorrect Permission Assignment FOR Critical Resource vulnerability in Enttec products

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482.

7.2
2019-06-06 CVE-2019-5525 Vmware
Linux
USE After Free vulnerability in VMWare Workstation

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend.

7.2
2019-06-06 CVE-2019-7311 Linksys Cryptographic Issues vulnerability in Linksys Wrt1900Acs Firmware 1.0.3.187766

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices.

7.2
2019-06-05 CVE-2019-9730 Synaptics Unspecified vulnerability in Synaptics Sound Device

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

7.2
2019-06-03 CVE-2019-12176 HTC Improper Privilege Management vulnerability in HTC Viveport

Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.

7.2
2019-06-06 CVE-2019-5305 Huawei Double Free vulnerability in Huawei Mate 10 Firmware

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability.

7.1
2019-06-06 CVE-2019-5214 Huawei USE After Free vulnerability in Huawei Mate 10 Firmware

There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8).

7.1

189 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-03 CVE-2019-10147 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat RKT

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

6.9
2019-06-03 CVE-2019-10145 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat RKT

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

6.9
2019-06-03 CVE-2019-10144 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat RKT

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

6.9
2019-06-07 CVE-2018-10703 Moxa Buffer Errors vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10702 Moxa OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10701 Moxa Buffer Errors vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10699 Moxa OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10696 Moxa Cross-Site Request Forgery (CSRF) vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10695 Moxa Buffer Errors vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-10693 Moxa Buffer Errors vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

6.8
2019-06-07 CVE-2018-19452 Foxitsoftware
Microsoft
USE After Free vulnerability in Foxitsoftware Foxit PDF SDK Activex

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031.

6.8
2019-06-07 CVE-2018-19451 Foxitsoftware
Microsoft
Command Injection vulnerability in Foxitsoftware Foxit PDF SDK Activex

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field.

6.8
2019-06-07 CVE-2018-20135 Samsung Improper Certificate Validation vulnerability in Samsung Galaxy Apps

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack.

6.8
2019-06-07 CVE-2019-6532 Panasonic Incorrect Type Conversion OR Cast vulnerability in Panasonic Control Fpwin PRO

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties.

6.8
2019-06-07 CVE-2019-6530 Panasonic Out-Of-Bounds Write vulnerability in Panasonic Control Fpwin PRO

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.

6.8
2019-06-05 CVE-2019-1881 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Network Director 1.5(0.250)

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

6.8
2019-06-05 CVE-2019-9673 Freenetproject Data Processing Errors vulnerability in Freenetproject Freenet 0.7.5

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.

6.8
2019-06-05 CVE-2019-5393 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

6.8
2019-06-05 CVE-2019-11946 HP Cryptographic Issues vulnerability in HP Intelligent Management Center

A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

6.8
2019-06-04 CVE-2019-12728 Grails Incorrect Resource Transfer Between Spheres vulnerability in Grails

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service.

6.8
2019-06-03 CVE-2019-12097 Progress Improper Validation of Integrity Check Value vulnerability in Progress Fiddler 5.0.20182.28034

Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.

6.8
2019-06-03 CVE-2019-12374 Ivanti SQL Injection vulnerability in Ivanti Landesk Management Suite 10.0.1.168

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

6.8
2019-06-03 CVE-2019-12169 Atutor Unrestricted Upload of File With Dangerous Type vulnerability in Atutor 2.2.1/2.2.2/2.2.4

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

6.8
2019-06-03 CVE-2019-6769 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6768 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6767 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6765 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6764 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6763 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6762 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828.

6.8
2019-06-03 CVE-2019-6761 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811.

6.8
2019-06-03 CVE-2019-6760 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811.

6.8
2019-06-03 CVE-2019-6759 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

6.8
2019-06-03 CVE-2019-6757 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811.

6.8
2019-06-03 CVE-2019-6755 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

6.8
2019-06-03 CVE-2019-6754 Foxitsoftware Path Traversal vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

6.8
2019-06-03 CVE-2019-6751 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779.

6.8
2019-06-03 CVE-2019-6750 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

6.8
2019-06-03 CVE-2019-6749 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

6.8
2019-06-03 CVE-2019-6748 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

6.8
2019-06-03 CVE-2019-6747 Foxitsoftware Out-Of-Bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

6.8
2019-06-03 CVE-2019-6743 MI Out-Of-Bounds Write vulnerability in MI MI6 Browser

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0.

6.8
2019-06-03 CVE-2019-6740 Samsung Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Galaxy S9 Firmware

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467).

6.8
2019-06-03 CVE-2019-3895 Openstack
Redhat
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director.
6.8
2019-06-03 CVE-2019-9883 Hgiga Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability.

6.8
2019-06-03 CVE-2019-9882 Hgiga Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability.

6.8
2019-06-03 CVE-2019-6739 Malwarebytes Improper Input Validation vulnerability in Malwarebytes Antimalware 3.6.1.2711

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711.

6.8
2019-06-03 CVE-2019-6738 Bitdefender Improper Input Validation vulnerability in Bitdefender Safepay 23.0.10.34

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

6.8
2019-06-03 CVE-2019-6737 Bitdefender Data Processing Errors vulnerability in Bitdefender Safepay 23.0.10.34

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

6.8
2019-06-03 CVE-2019-6736 Bitdefender Improper Input Validation vulnerability in Bitdefender Safepay 23.0.10.34

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

6.8
2019-06-07 CVE-2019-12779 Clusterlabs Link Following vulnerability in Clusterlabs Libqb

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

6.6
2019-06-07 CVE-2018-19462 Phome SQL Injection vulnerability in Phome Empirecms

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

6.5
2019-06-07 CVE-2018-20091 Cloudera SQL Injection vulnerability in Cloudera Data Science Workbench 1.4.0/1.4.1/1.4.2

An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2.

6.5
2019-06-07 CVE-2019-4069 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM products

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content.

6.5
2019-06-07 CVE-2019-4066 IBM Improper Input Validation vulnerability in IBM products

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution.

6.5
2019-06-07 CVE-2018-5265 UI OS Command Injection vulnerability in UI Edgeos 1.9.1

Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.

6.5
2019-06-06 CVE-2019-12303 Rancher Injection vulnerability in Rancher

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.

6.5
2019-06-06 CVE-2019-12134 Workday Unspecified vulnerability in Workday

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.

6.5
2019-06-05 CVE-2019-12742 Bludit Authorization Bypass Through User-Controlled KEY vulnerability in Bludit

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin.

6.5
2019-06-05 CVE-2018-7125 HP Unspecified vulnerability in HP Intelligent Management Center

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

6.5
2019-06-05 CVE-2019-12739 Nextcloud OS Command Injection vulnerability in Nextcloud Extract

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).

6.5
2019-06-03 CVE-2019-12548 Bludit Code Injection vulnerability in Bludit

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.

6.5
2019-06-03 CVE-2019-11509 Pulsesecure Unspecified vulnerability in Pulsesecure Pulse Connect Secure and Pulse Policy Secure

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.

6.5
2019-06-03 CVE-2019-12591 Netgear Command Injection vulnerability in Netgear Insight

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

6.5
2019-06-06 CVE-2019-3723 Dell Improper Input Validation vulnerability in Dell EMC Openmanage Server Administrator

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability.

6.4
2019-06-06 CVE-2019-7215 Progress Insufficient Session Expiration vulnerability in Progress Sitefinity

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts.

6.4
2019-06-06 CVE-2019-12291 Hashicorp Unspecified vulnerability in Hashicorp Consul

HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control.

6.4
2019-06-05 CVE-2018-18571 Citrix Improper Authentication vulnerability in Citrix Xenmobile Server 10.8.0/10.9.0

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3.

6.4
2019-06-06 CVE-2019-12760 Parso Project Deserialization of Untrusted Data vulnerability in Parso Project Parso

** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache.

6.0
2019-06-07 CVE-2019-3957 Solarwinds Out-Of-Bounds Read vulnerability in Solarwinds Dameware Mini Remote Control

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.

5.8
2019-06-07 CVE-2019-3956 Dameware Out-Of-Bounds Read vulnerability in Dameware Remote Mini Control

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information.

5.8
2019-06-07 CVE-2019-3477 Microfocus Open Redirect vulnerability in Microfocus Solutions Business Manager

Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

5.8
2019-06-07 CVE-2018-19860 Broadcom
Cypress
Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

5.8
2019-06-06 CVE-2019-12492 Gallagher Information Exposure vulnerability in Gallagher Command Centre 7.70/7.80/8.00

Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.

5.8
2019-06-06 CVE-2019-4201 IBM Open Redirect vulnerability in IBM Jazz FOR Service Management 1.1.3.0/1.1.3.1/1.1.3.2

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.8
2019-06-04 CVE-2018-13384 Fortinet Open Redirect vulnerability in Fortinet Fortios

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

5.8
2019-06-03 CVE-2019-6741 Samsung Open Redirect vulnerability in Samsung Galaxy S9 Firmware 1.4.20.2

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467).

5.8
2019-06-07 CVE-2018-6185 Cloudera Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys.

5.5
2019-06-06 CVE-2019-3790 Pivotal Software Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.

5.5
2019-06-05 CVE-2019-1842 Cisco Improper Authentication vulnerability in Cisco IOS XR Firmware

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames.

5.5
2019-06-04 CVE-2019-12210 Yubico Unspecified vulnerability in Yubico Pam-U2F 1.0.7

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned.

5.5
2019-06-06 CVE-2019-4185 IBM Unspecified vulnerability in IBM products

IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component.

5.4
2019-06-05 CVE-2019-12243 Istio Unspecified vulnerability in Istio

Istio 1.1.x through 1.1.6 has Incorrect Access Control.

5.4
2019-06-05 CVE-2019-9156 Gemalto OS Command Injection vulnerability in Gemalto Ezio DS3 Server 2.6.1

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.

5.2
2019-06-06 CVE-2019-12761 Python XML Injection (Aka Blind Xpath Injection) vulnerability in Python Pyxdg 0.25

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file.

5.1
2019-06-07 CVE-2019-3955 Dameware Out-Of-Bounds Write vulnerability in Dameware Remote Mini Control

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation.

5.0
2019-06-07 CVE-2018-10691 Moxa Improper Access Control vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

5.0
2019-06-07 CVE-2019-10160 Python
Redhat
Credentials Management vulnerability in multiple products

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.

5.0
2019-06-07 CVE-2018-19802 Aubio Null Pointer Dereference vulnerability in Aubio

aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.

5.0
2019-06-07 CVE-2018-19801 Aubio Null Pointer Dereference vulnerability in Aubio

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

5.0
2019-06-07 CVE-2018-20523 MI Command Injection vulnerability in MI products

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection.

5.0
2019-06-07 CVE-2018-20014 Urbackup Null Pointer Dereference vulnerability in Urbackup 2.2.6

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.

5.0
2019-06-07 CVE-2019-4068 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM products

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system.

5.0
2019-06-07 CVE-2019-4067 IBM Weak Password Requirements vulnerability in IBM products

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

5.0
2019-06-07 CVE-2019-12763 Securitycamera Information Exposure vulnerability in Securitycamera Security Camera CZ 1.6.8

The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.

5.0
2019-06-06 CVE-2019-4219 IBM Information Exposure Through AN Error Message vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system.

5.0
2019-06-06 CVE-2019-4162 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header.

5.0
2019-06-06 CVE-2019-6451 Soyal Missing Authentication FOR Critical Function vulnerability in Soyal Ar-727H Firmware and Ar-829Ev5 Firmware

On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.

5.0
2019-06-06 CVE-2019-3722 Dell XXE vulnerability in Dell EMC Openmanage Server Administrator

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability.

5.0
2019-06-06 CVE-2019-3579 Mybb Information Exposure vulnerability in Mybb 1.18.19

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

5.0
2019-06-05 CVE-2019-12494 Gardener Unspecified vulnerability in Gardener

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters.

5.0
2019-06-05 CVE-2019-9187 Ikiwiki Server-Side Request Forgery (SSRF) vulnerability in Ikiwiki

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin.

5.0
2019-06-05 CVE-2019-12276 Grandnode Path Traversal vulnerability in Grandnode 4.40

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.

5.0
2019-06-05 CVE-2019-1872 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests.

5.0
2019-06-05 CVE-2019-1868 Cisco Unspecified vulnerability in Cisco Webex Meetings Server 2.6

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information.

5.0
2019-06-05 CVE-2019-1845 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition.

5.0
2019-06-05 CVE-2019-12555 Sweetscape Out-Of-Bounds Read vulnerability in Sweetscape 010 Editor 9.0.1

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

5.0
2019-06-05 CVE-2019-12554 Sweetscape Out-Of-Bounds Read vulnerability in Sweetscape 010 Editor 9.0.1

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

5.0
2019-06-05 CVE-2019-5392 HP Unspecified vulnerability in HP Intelligent Management Center

A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

5.0
2019-06-05 CVE-2018-7122 HP Information Exposure vulnerability in HP Intelligent Management Center

A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

5.0
2019-06-04 CVE-2019-12209 Yubico Link Following vulnerability in Yubico Pam-U2F 1.0.7

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root.

5.0
2019-06-04 CVE-2018-13382 Fortinet Improper Authorization vulnerability in Fortinet Fortios

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.

5.0
2019-06-04 CVE-2018-13381 Fortinet Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fortinet Fortios and Fortiproxy

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.

5.0
2019-06-04 CVE-2018-13379 Fortinet Path Traversal vulnerability in Fortinet Fortios

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

5.0
2019-06-03 CVE-2019-12310 Exagrid Path Traversal vulnerability in Exagrid Backup Appliance Firmware 48.1.1044.P50

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information.

5.0
2019-06-03 CVE-2017-14852 Orpak Cryptographic Issues vulnerability in Orpak Siteomat

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate.

5.0
2019-06-03 CVE-2019-12593 Icewarp Path Traversal vulnerability in Icewarp Mail Server

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

5.0
2019-06-03 CVE-2019-3802 Pivotal Software Information Exposure vulnerability in Pivotal Software Spring Data Java Persistance API

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20.

5.0
2019-06-03 CVE-2019-12564 Douco Improper Authentication vulnerability in Douco Douphp 1.5

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

5.0
2019-06-07 CVE-2019-2101 Google Out-Of-Bounds Read vulnerability in Google Android

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation.

4.9
2019-06-05 CVE-2019-5394 HP Unspecified vulnerability in HP products

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

4.9
2019-06-04 CVE-2019-10636 Marvell Resource Exhaustion vulnerability in Marvell products

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism.

4.9
2019-06-03 CVE-2019-12614 Linux
Canonical
Fedoraproject
Opensuse
Redhat
Null Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6.

4.7
2019-06-07 CVE-2019-2090 Google Missing Authorization vulnerability in Google Android

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check.

4.6
2019-06-05 CVE-2019-11987 HPE Unspecified vulnerability in HPE Smart Update Manager

A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.

4.6
2019-06-05 CVE-2017-6261 Nvidia Improper Input Validation vulnerability in Nvidia Vibrante Linux 1.1/2.0/2.2

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.

4.6
2019-06-04 CVE-2019-5300 Huawei Improper Verification of Cryptographic Signature vulnerability in Huawei products

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers.

4.6
2019-06-04 CVE-2019-5298 Huawei Improper Authentication vulnerability in Huawei Ap4050Dn-E Firmware

There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800.

4.6
2019-06-03 CVE-2019-12589 Firejail Project Incorrect Permission Assignment FOR Critical Resource vulnerability in Firejail Project Firejail

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

4.6
2019-06-06 CVE-2019-5295 Huawei Unspecified vulnerability in Huawei Honor View 10 Firmware 9.0.0.202(C567E6R1P12T8)

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability.

4.4
2019-06-05 CVE-2019-9755 Tuxera Integer Underflow (Wrap OR Wraparound) vulnerability in Tuxera Ntfs-3G 2017.3.23

An integer underflow issue exists in ntfs-3g 2017.3.23.

4.4
2019-06-07 CVE-2018-10700 Moxa Cross-Site Scripting vulnerability in Moxa Awk-3121 Firmware 1.19

An issue was discovered on Moxa AWK-3121 1.19 devices.

4.3
2019-06-07 CVE-2018-10694 Moxa Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

4.3
2019-06-07 CVE-2018-10692 Moxa Cross-Site Scripting vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

4.3
2019-06-07 CVE-2018-10690 Moxa Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14

An issue was discovered on Moxa AWK-3121 1.14 devices.

4.3
2019-06-07 CVE-2018-19465 Maccms Cross-Site Scripting vulnerability in Maccms

Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.

4.3
2019-06-07 CVE-2019-12774 Enttec Cross-Site Scripting vulnerability in Enttec products

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application.

4.3
2019-06-07 CVE-2018-5264 UI Improper Access Control vulnerability in UI Unifi Firmware

Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.

4.3
2019-06-07 CVE-2019-8283 Gemalto Information Exposure vulnerability in Gemalto Sentinel LDK

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag.

4.3
2019-06-07 CVE-2018-5798 Cloudera Cross-Site Scripting vulnerability in Cloudera Manager

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.

4.3
2019-06-06 CVE-2019-4217 IBM Improper Input Validation vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim.

4.3
2019-06-06 CVE-2019-3578 Mybb Cross-Site Scripting vulnerability in Mybb 1.18.19

MyBB 1.8.19 has XSS in the resetpassword function.

4.3
2019-06-06 CVE-2018-8047 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions.

4.3
2019-06-06 CVE-2019-7554 API Based Travel Booking Project Cross-Site Scripting vulnerability in API Based Travel Booking Project API Based Travel Booking 3.4.7

An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7.

4.3
2019-06-06 CVE-2019-7220 X Cart
Qualiteam
Cross-Site Scripting vulnerability in Qualiteam X-Cart

X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.

4.3
2019-06-06 CVE-2019-5219 Huawei Double Free vulnerability in Huawei Mate 10 Firmware

There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8).

4.3
2019-06-05 CVE-2019-1870 Cisco Cross-Site Scripting vulnerability in Cisco Enterprise Chat and Email 11.6(1)/11.6(1)Es6

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2019-06-05 CVE-2019-9647 Gilacms Cross-Site Scripting vulnerability in Gilacms Gila CMS 1.9.1

Gila CMS 1.9.1 has XSS.

4.3
2019-06-05 CVE-2019-12741 Fhir Cross-Site Scripting vulnerability in Fhir Hapi Fhir

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0.

4.3
2019-06-05 CVE-2019-12543 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

4.3
2019-06-05 CVE-2019-12542 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

4.3
2019-06-05 CVE-2019-12541 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

4.3
2019-06-05 CVE-2019-12538 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

4.3
2019-06-05 CVE-2019-12616 Phpmyadmin Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin before 4.9.0.

4.3
2019-06-04 CVE-2019-5588 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortios

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.

4.3
2019-06-04 CVE-2019-5586 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortios

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.

4.3
2019-06-04 CVE-2018-13380 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortios

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

4.3
2019-06-04 CVE-2019-5307 Huawei Authentication Bypass BY Capture-Replay vulnerability in Huawei P30 Firmware and P30 PRO Firmware

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability.

4.3
2019-06-04 CVE-2019-5284 Huawei Improper Input Validation vulnerability in Huawei Leland-Al00A Firmware 8.0.0.171(C00)

There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8).

4.3
2019-06-04 CVE-2019-5215 Huawei Unspecified vulnerability in Huawei P30 Firmware and P30 PRO Firmware

There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1).

4.3
2019-06-04 CVE-2019-5244 Huawei Improper Input Validation vulnerability in Huawei Mate 9 PRO Fimware

Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation.

4.3
2019-06-03 CVE-2019-9839 Vfront Cross-Site Scripting vulnerability in Vfront 0.99.5

VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.

4.3
2019-06-03 CVE-2019-9838 Vfront Cross-Site Scripting vulnerability in Vfront 0.99.5

VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering.

4.3
2019-06-03 CVE-2019-6773 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

4.3
2019-06-03 CVE-2019-6772 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.

4.3
2019-06-03 CVE-2019-6771 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.

4.3
2019-06-03 CVE-2019-6770 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

4.3
2019-06-03 CVE-2019-6766 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

4.3
2019-06-03 CVE-2019-6758 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811.

4.3
2019-06-03 CVE-2019-6756 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811.

4.3
2019-06-03 CVE-2019-6753 Foxitsoftware Integer Overflow OR Wraparound vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826.

4.3
2019-06-03 CVE-2019-6752 Foxitsoftware
Microsoft
Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826.

4.3
2019-06-03 CVE-2019-6746 Foxitsoftware Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6.

4.3
2019-06-03 CVE-2017-14850 Orpak Cross-Site Scripting vulnerability in Orpak Siteomat

All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation.

4.3
2019-06-03 CVE-2019-12308 Djangoproject Cross-Site Scripting vulnerability in Djangoproject Django

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2.

4.3
2019-06-03 CVE-2019-12584 Apcupsd
Netgate
Cross-Site Scripting vulnerability in multiple products

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

4.3
2019-06-03 CVE-2019-12375 Ivanti Files OR Directories Accessible TO External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.

4.1
2019-06-07 CVE-2019-9084 Digitaldruid Divide BY Zero vulnerability in Digitaldruid Hoteldruid

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI.

4.0
2019-06-06 CVE-2019-4257 IBM Information Exposure Through AN Error Message vulnerability in IBM products

IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability.

4.0
2019-06-06 CVE-2019-6452 Kyocera Insufficiently Protected Credentials vulnerability in Kyocera Command Center RX

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

4.0
2019-06-06 CVE-2018-9839 Mantisbt Improper Input Validation vulnerability in Mantisbt

An issue was discovered in MantisBT through 1.3.14, and 2.0.0.

4.0
2019-06-06 CVE-2019-12274 Rancher Exposure of Resource TO Wrong Sphere vulnerability in Rancher

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud.

4.0
2019-06-06 CVE-2019-4056 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM products

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files.

4.0
2019-06-06 CVE-2018-2028 IBM Information Exposure vulnerability in IBM products

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information.

4.0
2019-06-04 CVE-2019-5587 Fortinet Improper Input Validation vulnerability in Fortinet Fortios

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

4.0
2019-06-03 CVE-2019-10009 Southrivertech Path Traversal vulnerability in Southrivertech Titan FTP Server 2019

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505.

4.0
2019-06-03 CVE-2019-11369 Carel Insufficiently Protected Credentials vulnerability in Carel Pcoweb Card Firmware

An issue was discovered in Carel pCOWeb prior to B1.2.4.

4.0
2019-06-03 CVE-2019-9753 Otrs Information Exposure vulnerability in Otrs 7.0.0/7.0.4

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5.

4.0
2019-06-03 CVE-2018-5404 Quest SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database.

4.0

34 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-06 CVE-2019-5522 Vmware
Microsoft
Out-Of-Bounds Read vulnerability in VMWare Tools

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.

3.6
2019-06-07 CVE-2018-19461 Phome Cross-Site Scripting vulnerability in Phome Empirecms

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.

3.5
2019-06-07 CVE-2019-4070 IBM Cross-Site Scripting vulnerability in IBM products

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting.

3.5
2019-06-06 CVE-2019-7553 Chartered Accountant Cross-Site Scripting vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.

3.5
2019-06-06 CVE-2019-7552 Investment MLM Software Project Cross-Site Scripting vulnerability in Investment MLM Software Project Investment MLM Software 2.0.2

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2.

3.5
2019-06-05 CVE-2019-7671 Primasystems Cross-Site Scripting vulnerability in Primasystems Flexair 2.3.38

Prima Systems FlexAir, Versions 2.3.38 and prior.

3.5
2019-06-05 CVE-2019-11226 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10

CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.

3.5
2019-06-05 CVE-2019-1882 Cisco Cross-Site Scripting vulnerability in Cisco Industrial Network Director 1.5(0.250)

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks.

3.5
2019-06-03 CVE-2019-11368 AUO Cross-Site Scripting vulnerability in AUO Solar Data Recorder

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.

3.5
2019-06-03 CVE-2019-11370 Carel Cross-Site Scripting vulnerability in Carel Pcoweb Card Firmware

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

3.5
2019-06-03 CVE-2018-5405 Quest Cross-Site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page.

3.5
2019-06-03 CVE-2019-12566 Veronalabs Cross-Site Scripting vulnerability in Veronalabs WP Statistics

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php.

3.5
2019-06-05 CVE-2019-9158 Gemalto Authentication Bypass BY Capture-Replay vulnerability in Gemalto Ezio DS3 Server 2.6.1

Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.

2.7
2019-06-05 CVE-2019-9157 Gemalto Information Exposure vulnerability in Gemalto Ezio DS3 Server 2.6.1

Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.

2.7
2019-06-03 CVE-2019-12376 Ivanti USE of Hard-Coded Credentials vulnerability in Ivanti Landesk Management Suite 10.0.1.168

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.

2.7
2019-06-03 CVE-2019-12373 Ivanti Incorrect Permission Assignment FOR Critical Resource vulnerability in Ivanti Landesk Management Suite 10.0.1.168

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.

2.7
2019-06-07 CVE-2019-8282 Gemalto Origin Validation Error vulnerability in Gemalto Sentinel LDK

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs.

2.6
2019-06-06 CVE-2019-12732 Chartkick Project Cross-Site Scripting vulnerability in Chartkick Project Chartkick

The Chartkick gem through 3.1.0 for Ruby allows XSS.

2.6
2019-06-03 CVE-2019-6588 Liferay Cross-Site Scripting vulnerability in Liferay Portal

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />.

2.6
2019-06-07 CVE-2019-12477 Supra Path Traversal vulnerability in Supra Stv-Lc40Lt0020F Firmware

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.

2.1
2019-06-06 CVE-2019-4218 IBM Improper Privilege Management vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system.

2.1
2019-06-06 CVE-2019-4161 IBM Unspecified vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users.

2.1
2019-06-06 CVE-2019-4220 IBM USE of Hard-Coded Credentials vulnerability in IBM products

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information.

2.1
2019-06-06 CVE-2019-4048 IBM Improper Privilege Management vulnerability in IBM products

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine.

2.1
2019-06-05 CVE-2019-1880 Cisco Insufficient Verification of Data Authenticity vulnerability in Cisco Unified Computing System Server Firmware

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device.

2.1
2019-06-05 CVE-2019-10637 Marvell Unspecified vulnerability in Marvell products

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism.

2.1
2019-06-04 CVE-2019-5297 Huawei Unspecified vulnerability in Huawei Emily-L29C Firmware

Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability.

2.1
2019-06-04 CVE-2019-5283 Huawei Unspecified vulnerability in Huawei P20 Firmware

There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8).

2.1
2019-06-04 CVE-2019-5217 Huawei Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Mate 9 PRO Firmware

There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8).

2.1
2019-06-04 CVE-2019-5306 Huawei Unspecified vulnerability in Huawei P20 Firmware

There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8).

2.1
2019-06-04 CVE-2019-5281 Huawei Unspecified vulnerability in Huawei Y9 2019 Firmware

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2).

2.1
2019-06-03 CVE-2019-9824 Qemu USE of Uninitialized Resource vulnerability in Qemu 3.0.0

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

2.1
2019-06-06 CVE-2019-12762 Xiaomi
Sony
Samsung
Google
Sharp
Fujitsu
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
1.9
2019-06-04 CVE-2019-5296 Huawei Out-Of-Bounds Read vulnerability in Huawei Mate20 Firmware

Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability.

1.7