Weekly Vulnerabilities Reports > June 10 to 16, 2019

Overview

279 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 75 high severity vulnerabilities. This weekly summary report vulnerabilities in 753 products from 75 vendors including Microsoft, Qualcomm, Intel, SAP, and Redhat. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 195 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 73 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 234 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 90 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

26 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-14 CVE-2019-2259 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

10.0
2019-06-14 CVE-2019-2256 Qualcomm Unspecified vulnerability in Qualcomm products

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

10.0
2019-06-14 CVE-2019-2255 Qualcomm Unspecified vulnerability in Qualcomm products

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

10.0
2019-06-14 CVE-2018-13911 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

10.0
2019-06-12 CVE-2019-7840 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability.

10.0
2019-06-12 CVE-2019-7839 Adobe Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability.

10.0
2019-06-12 CVE-2019-7838 Adobe Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability.

10.0
2019-06-11 CVE-2018-20841 Hootoo OS Command Injection vulnerability in Hootoo Tripmate Titan Ht-Tm05 Firmware 2.000.022/2.000.082

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.

10.0
2019-06-11 CVE-2017-18377 Goahead Command Injection vulnerability in Goahead Wireless IP Camera Wificam Firmware

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras.

10.0
2019-06-11 CVE-2016-10760 Seowonintech Command Injection vulnerability in Seowonintech products

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.

10.0
2019-06-11 CVE-2009-5156 Veracomp Command Injection vulnerability in Veracomp Asmax Ar-804Gu Firmware 66.34.1

An issue was discovered on ASMAX AR-804gu 66.34.1 devices.

10.0
2019-06-10 CVE-2019-11027 Openid Unspecified vulnerability in Openid Ruby-Openid

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw.

10.0
2019-06-14 CVE-2019-11582 Atlassian Argument Injection or Modification vulnerability in Atlassian Sourcetree

An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI.

9.3
2019-06-12 CVE-2019-1035 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-1034 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0974 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0909 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0908 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0907 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0906 Microsoft Improper Validation of Array Index vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0905 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0904 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2019-06-12 CVE-2019-0888 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'.

9.3
2019-06-15 CVE-2019-12840 Webmin OS Command Injection vulnerability in Webmin

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

9.0
2019-06-12 CVE-2019-0722 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

9.0
2019-06-11 CVE-2009-5157 Linksys Command Injection vulnerability in Linksys Wag54G2 Firmware 1.00.10

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.

9.0

75 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-12 CVE-2019-1043 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.

8.5
2019-06-12 CVE-2019-6571 Siemens Improper Access Control vulnerability in Siemens products

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02).

7.8
2019-06-12 CVE-2019-1025 Microsoft Unspecified vulnerability in Microsoft products

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

7.8
2019-06-12 CVE-2019-0709 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

7.7
2019-06-12 CVE-2019-0620 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

7.7
2019-06-12 CVE-2019-1080 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1055 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1052 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1051 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1038 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1024 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1005 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1003 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-1002 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0993 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0992 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0991 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0989 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0988 Microsoft Type Confusion vulnerability in Microsoft Internet Explorer 10/11

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-12 CVE-2019-0920 Microsoft Type Confusion vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-06-15 CVE-2019-12835 Leanify Project Out-of-bounds Write vulnerability in Leanify Project Leanify 0.4.3

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.

7.5
2019-06-14 CVE-2018-6350 Whatsapp Out-of-bounds Read vulnerability in Whatsapp

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers.

7.5
2019-06-14 CVE-2018-6349 Whatsapp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Whatsapp

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow.

7.5
2019-06-14 CVE-2018-6339 Whatsapp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Whatsapp 2.18.132/2.18.248/2.18.293

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in.

7.5
2019-06-14 CVE-2018-20655 Whatsapp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Whatsapp

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow.

7.5
2019-06-14 CVE-2018-13898 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130

7.5
2019-06-14 CVE-2018-11955 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24

7.5
2019-06-14 CVE-2019-10126 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

A flaw was found in the Linux kernel.

7.5
2019-06-13 CVE-2019-10959 BD Unrestricted Upload of File with Dangerous Type vulnerability in BD products

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

7.5
2019-06-13 CVE-2019-7321 Artifex Use of Uninitialized Resource vulnerability in Artifex Mupdf 1.14.0

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

7.5
2019-06-13 CVE-2019-12798 Artifex Incorrect Regular Expression vulnerability in Artifex Mujs 1.0.5

An issue was discovered in Artifex MuJS 1.0.5.

7.5
2019-06-13 CVE-2019-11119 Intel Unspecified vulnerability in Intel Raid web Console 3

Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

7.5
2019-06-12 CVE-2019-0304 SAP Code Injection vulnerability in SAP products

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application.

7.5
2019-06-12 CVE-2019-6580 Siemens Missing Authorization vulnerability in Siemens products

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a).

7.5
2019-06-11 CVE-2019-12149 Silverstripe SQL Injection vulnerability in Silverstripe Registry and Restfulserver

SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.

7.5
2019-06-11 CVE-2019-12144 Ipswitch Path Traversal vulnerability in Ipswitch WS FTP Server

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.

7.5
2019-06-11 CVE-2017-18378 Netgear Command Injection vulnerability in Netgear Readynas Surveillance Firmware

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

7.5
2019-06-11 CVE-2013-7471 Dlink Command Injection vulnerability in Dlink products

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev.

7.5
2019-06-11 CVE-2019-3412 ZTE OS Command Injection vulnerability in ZTE Mf920 Firmware

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability.

7.5
2019-06-11 CVE-2019-12765 Joomla Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.7.

7.5
2019-06-11 CVE-2018-11801 Apache SQL Injection vulnerability in Apache Fineract

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.

7.5
2019-06-11 CVE-2018-11800 Apache SQL Injection vulnerability in Apache Fineract

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

7.5
2019-06-10 CVE-2019-9879 Wpgraphql Missing Authentication for Critical Function vulnerability in Wpgraphql 0.2.3

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed.

7.5
2019-06-10 CVE-2018-20356 Cesanta Use After Free vulnerability in Cesanta Mongoose

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

7.5
2019-06-10 CVE-2018-20355 Cesanta Use After Free vulnerability in Cesanta Mongoose

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

7.5
2019-06-10 CVE-2018-20354 Cesanta Use After Free vulnerability in Cesanta Mongoose

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

7.5
2019-06-10 CVE-2018-20353 Cesanta Use After Free vulnerability in Cesanta Mongoose

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

7.5
2019-06-10 CVE-2019-12780 Belkin OS Command Injection vulnerability in Belkin Crock-Pot Smart Slow Cooker With Wemo Firmware

The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action.

7.5
2019-06-14 CVE-2019-2257 Qualcomm Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24

7.2
2019-06-14 CVE-2018-5913 Qualcomm Cryptographic Issues vulnerability in Qualcomm products

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

7.2
2019-06-14 CVE-2018-5903 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

7.2
2019-06-14 CVE-2018-5883 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

7.2
2019-06-14 CVE-2018-3583 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20

7.2
2019-06-14 CVE-2018-13919 Qualcomm Use After Free vulnerability in Qualcomm products

Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

7.2
2019-06-14 CVE-2018-13910 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, Snapdragon_High_Med_2016

7.2
2019-06-13 CVE-2018-12147 Intel Improper Input Validation vulnerability in Intel products

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.

7.2
2019-06-12 CVE-2019-9676 Dahuasecurity Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity products

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11.

7.2
2019-06-12 CVE-2019-1069 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1065 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1064 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1053 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1045 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory, aka 'Windows Network File System Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1044 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019

A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system, aka 'Windows Secure Kernel Mode Security Feature Bypass Vulnerability'.

7.2
2019-06-12 CVE-2019-1041 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1018 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1017 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1014 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0998 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0984 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0983 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0973 Microsoft Improper Input Validation vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0960 Microsoft Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0959 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-0943 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.

7.2
2019-06-12 CVE-2019-1029 Microsoft Unspecified vulnerability in Microsoft Lync Server 2010/2013

A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.

7.1

140 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-14 CVE-2018-13909 Qualcomm Race Condition vulnerability in Qualcomm products

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

6.9
2019-06-14 CVE-2019-12828 EA Data Processing Errors vulnerability in EA Origin 10.5.36/10.5.37

An issue was discovered in Electronic Arts Origin before 10.5.39.

6.8
2019-06-14 CVE-2019-11770 Eclipse Incorrect Resource Transfer Between Spheres vulnerability in Eclipse Buildship

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS.

6.8
2019-06-13 CVE-2019-12802 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context.

6.8
2019-06-12 CVE-2019-7845 Adobe Use After Free vulnerability in Adobe Flash Player

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability.

6.8
2019-06-12 CVE-2019-10971 Omron Untrusted Search Path vulnerability in Omron Network Configurator FOR Devicenet Safety 3.41

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.

6.8
2019-06-12 CVE-2019-6584 Siemens Improper Access Control vulnerability in Siemens products

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02).

6.8
2019-06-12 CVE-2019-0985 Microsoft Out-of-bounds Write vulnerability in Microsoft Windows 7 and Windows Server 2008

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.

6.8
2019-06-12 CVE-2019-0972 Microsoft Unspecified vulnerability in Microsoft products

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

6.8
2019-06-11 CVE-2019-3410 ZTE Cross-Site Request Forgery (CSRF) vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users.

6.8
2019-06-11 CVE-2019-10338 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JX Resources

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.

6.8
2019-06-10 CVE-2019-12790 Radare Out-of-bounds Read vulnerability in Radare Radare2

In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c.

6.8
2019-06-10 CVE-2019-12788 Photodex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Photodex Proshow Producer 9.0.3797

An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges).

6.8
2019-06-10 CVE-2018-20352 Cesanta Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

6.8
2019-06-15 CVE-2019-12839 Orangehrm OS Command Injection vulnerability in Orangehrm

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.

6.5
2019-06-15 CVE-2019-12831 Mybb Improper Input Validation vulnerability in Mybb

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.

6.5
2019-06-15 CVE-2019-12816 ZNC Improper Input Validation vulnerability in ZNC

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

6.5
2019-06-14 CVE-2019-9842 Miniblog Project Unrestricted Upload of File with Dangerous Type vulnerability in Miniblog Project Miniblog

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.

6.5
2019-06-13 CVE-2019-12799 Shopware Deserialization of Untrusted Data vulnerability in Shopware

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated.

6.5
2019-06-12 CVE-2019-6581 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a).

6.5
2019-06-11 CVE-2019-3409 ZTE OS Command Injection vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability.

6.5
2019-06-10 CVE-2019-12787 Dlink XML Injection (aka Blind XPath Injection) vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA.

6.5
2019-06-10 CVE-2019-12786 Dlink Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.05.B03/2.06B01

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA.

6.5
2019-06-14 CVE-2018-13906 Qualcomm Improper Input Validation vulnerability in Qualcomm products

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

6.4
2019-06-11 CVE-2019-12154 Realobjects XXE vulnerability in Realobjects Pdfreactor

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.

6.4
2019-06-11 CVE-2019-12153 Realobjects Server-Side Request Forgery (SSRF) vulnerability in Realobjects Pdfreactor

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.

6.4
2019-06-11 CVE-2019-12146 Ipswitch Path Traversal vulnerability in Ipswitch WS FTP Server

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.

6.4
2019-06-10 CVE-2019-9880 Wpgraphql Missing Authentication for Critical Function vulnerability in Wpgraphql 0.2.3

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress.

6.4
2019-06-12 CVE-2019-3873 Redhat Cross-site Scripting vulnerability in Redhat products

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML.

6.0
2019-06-12 CVE-2019-1019 Microsoft Information Exposure vulnerability in Microsoft products

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.

6.0
2019-06-11 CVE-2019-12794 Misp Improper Privilege Management vulnerability in Misp 2.4.108

An issue was discovered in MISP 2.4.108.

6.0
2019-06-10 CVE-2017-13718 Starry 7PK - Security Features vulnerability in Starry S00111 Firmware

The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet.

6.0
2019-06-16 CVE-2019-12855 Twistedmatrix Improper Certificate Validation vulnerability in Twistedmatrix Twisted

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

5.8
2019-06-12 CVE-2019-11269 Pivotal Software
Oracle
Open Redirect vulnerability in multiple products

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code.

5.8
2019-06-12 CVE-2019-3875 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak

A vulnerability was found in keycloak before 6.0.2.

5.8
2019-06-11 CVE-2019-10334 Jenkins Improper Certificate Validation vulnerability in Jenkins Electricflow

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.

5.8
2019-06-10 CVE-2019-11517 Wampserver Cross-Site Request Forgery (CSRF) vulnerability in Wampserver

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete.

5.8
2019-06-12 CVE-2019-6582 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens products

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a).

5.5
2019-06-12 CVE-2019-10925 Siemens Improper Access Control vulnerability in Siemens Simatic Mv420 Firmware and Simatic Mv440 Firmware

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6).

5.5
2019-06-12 CVE-2019-0713 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

5.5
2019-06-12 CVE-2019-0711 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

5.5
2019-06-12 CVE-2019-0710 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

5.5
2019-06-12 CVE-2019-1054 Microsoft Unspecified vulnerability in Microsoft Edge

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

5.1
2019-06-15 CVE-2019-12829 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations.

5.0
2019-06-14 CVE-2018-13907 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

5.0
2019-06-14 CVE-2018-13902 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

5.0
2019-06-14 CVE-2019-12822 Embedthis Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Embedthis Goahead

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.

5.0
2019-06-14 CVE-2019-12818 Linux NULL Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.20.15.

5.0
2019-06-13 CVE-2019-10962 BD Improper Access Control vulnerability in BD Alaris Gateway Workstation Firmware

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.

5.0
2019-06-12 CVE-2019-0315 SAP Unspecified vulnerability in SAP Netweaver Process Integration

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.

5.0
2019-06-12 CVE-2019-0312 SAP Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected.

5.0
2019-06-12 CVE-2019-5442 Pippo XML Entity Expansion vulnerability in Pippo 1.12.0

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken.

5.0
2019-06-12 CVE-2019-3947 Fujielectric Insufficiently Protected Credentials vulnerability in Fujielectric V-Server

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext.

5.0
2019-06-12 CVE-2019-3946 Fujielectric Integer Overflow or Wraparound vulnerability in Fujielectric V-Server

Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005.

5.0
2019-06-12 CVE-2019-3888 Redhat Information Exposure Through Log Files vulnerability in Redhat Undertow 1.0.0

A vulnerability was found in Undertow web server before 2.0.21.

5.0
2019-06-12 CVE-2019-0941 Microsoft Data Processing Errors vulnerability in Microsoft products

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.

5.0
2019-06-12 CVE-2017-15123 Redhat Missing Authentication for Critical Function vulnerability in Redhat Cloudforms Management Engine

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only.

5.0
2019-06-11 CVE-2019-0196 Apache
Canonical
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.

5.0
2019-06-11 CVE-2019-12145 Ipswitch Path Traversal vulnerability in Ipswitch WS FTP Server

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.

5.0
2019-06-11 CVE-2019-12143 Progress Path Traversal vulnerability in Progress Ipswitch WS FTP Server

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.

5.0
2019-06-11 CVE-2019-0220 Apache
Opensuse
Debian
Fedoraproject
Canonical
Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38.

5.0
2019-06-11 CVE-2010-5330 UI Command Injection vulnerability in UI Airos

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters.

5.0
2019-06-11 CVE-2019-3411 ZTE Information Exposure vulnerability in ZTE Mf920 Firmware

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability.

5.0
2019-06-11 CVE-2019-10337 Jenkins XXE vulnerability in Jenkins Token Macro

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

5.0
2019-06-10 CVE-2019-9881 Wpgraphql Missing Authentication for Critical Function vulnerability in Wpgraphql 0.2.3

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

5.0
2019-06-10 CVE-2019-6241 Bevywise Unspecified vulnerability in Bevywise Mqttroute 1.1

In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.

5.0
2019-06-14 CVE-2017-8252 Qualcomm Improper Authorization vulnerability in Qualcomm products

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

4.9
2019-06-11 CVE-2019-0197 Apache HTTP Request Smuggling vulnerability in Apache Http Server

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38.

4.9
2019-06-14 CVE-2018-5911 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24

4.6
2019-06-14 CVE-2018-13908 Qualcomm Improper Authorization vulnerability in Qualcomm products

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

4.6
2019-06-14 CVE-2018-11939 Qualcomm Use After Free vulnerability in Qualcomm products

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20

4.6
2019-06-14 CVE-2018-11934 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

4.6
2019-06-14 CVE-2018-11929 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

4.6
2019-06-14 CVE-2018-11819 Qualcomm Use After Free vulnerability in Qualcomm products

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDX20, SDX24

4.6
2019-06-13 CVE-2019-5245 Huawei Untrusted Search Path vulnerability in Huawei Hisuite

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability.

4.6
2019-06-13 CVE-2019-11129 Intel Out-of-bounds Read vulnerability in Intel products

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11128 Intel Improper Input Validation vulnerability in Intel products

Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11127 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11126 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11125 Intel Improper Input Validation vulnerability in Intel products

Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11124 Intel Out-of-bounds Read vulnerability in Intel products

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11123 Intel Improper Input Validation vulnerability in Intel products

Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-06-13 CVE-2019-11117 Intel Unspecified vulnerability in Intel Omni-Path Fabric Manager GUI

Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack.

4.6
2019-06-13 CVE-2019-0181 Intel Unspecified vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

4.6
2019-06-13 CVE-2019-0128 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Chipset Device Software

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.

4.6
2019-06-13 CVE-2018-3702 Intel
Microsoft
Incorrect Permission Assignment for Critical Resource vulnerability in Intel ITE Tech Consumer Infrared Driver

Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-06-12 CVE-2019-1028 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-12 CVE-2019-1027 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-12 CVE-2019-1026 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-12 CVE-2019-1022 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-12 CVE-2019-1021 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-12 CVE-2019-1007 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

4.6
2019-06-11 CVE-2019-12795 Gnome Incorrect Default Permissions vulnerability in Gnome Gvfs

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule.

4.6
2019-06-13 CVE-2019-0164 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Turbo Boost MAX Technology 3.0 1.0.0.1035

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

4.4
2019-06-15 CVE-2013-7472 Count PER DAY Project Cross-site Scripting vulnerability in Count PER DAY Project Count PER DAY

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.

4.3
2019-06-14 CVE-2019-0303 SAP Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation.

4.3
2019-06-13 CVE-2019-12813 Crossmatch Cryptographic Issues vulnerability in Crossmatch Digital Persona U.Are.U 4500 Firmware 24

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24.

4.3
2019-06-13 CVE-2019-5439 Videolan Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player

A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.

4.3
2019-06-13 CVE-2019-5286 Huawei Cross-site Scripting vulnerability in Huawei Hedex Lite V200R006C00

There is a reflection XSS vulnerability in the HedEx products.

4.3
2019-06-13 CVE-2019-0130 Intel Cross-site Scripting vulnerability in Intel Rapid Storage Technology Enterprise

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

4.3
2019-06-12 CVE-2019-0314 SAP Unspecified vulnerability in SAP Inventory Manager and Work Manager

SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

4.3
2019-06-12 CVE-2019-0311 SAP Cross-site Scripting vulnerability in SAP R/3 Enterprise

Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious code there, resulting in Cross-Site Scripting (XSS) vulnerability.

4.3
2019-06-12 CVE-2019-0305 SAP Deserialization of Untrusted Data vulnerability in SAP Netweaver Process Integration

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability.

4.3
2019-06-12 CVE-2019-1081 Microsoft Information Exposure vulnerability in Microsoft Edge and Internet Explorer

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1050 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1049 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1048 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1047 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1046 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1040 Microsoft Unspecified vulnerability in Microsoft products

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.

4.3
2019-06-12 CVE-2019-1023 Microsoft Information Exposure vulnerability in Microsoft Chakracore and Edge

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1016 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-10150 Redhat Improper Authentication vulnerability in Redhat Openshift Container Platform

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds.

4.3
2019-06-12 CVE-2019-1015 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1013 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1012 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1011 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1010 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-1009 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-0996 Microsoft Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Azure Devops Server 2019

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'.

4.3
2019-06-12 CVE-2019-0990 Microsoft Information Exposure vulnerability in Microsoft Chakracore and Edge

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-0977 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-0968 Microsoft Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2019-06-12 CVE-2019-0948 Microsoft XXE vulnerability in Microsoft products

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'.

4.3
2019-06-11 CVE-2019-12766 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.7.

4.3
2019-06-11 CVE-2019-11334 Tzumi Authentication Bypass by Capture-replay vulnerability in Tzumi Klic Lock and Klic Smart Padlock Model 5686 Firmware

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay.

4.3
2019-06-11 CVE-2019-10336 Jenkins Cross-site Scripting vulnerability in Jenkins Electricflow

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.

4.3
2019-06-11 CVE-2019-10332 Jenkins Permission Issues vulnerability in Jenkins Electricflow

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

4.3
2019-06-11 CVE-2019-10331 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Electricflow

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3
2019-06-10 CVE-2019-10226 Fatfreecrm Cross-site Scripting vulnerability in Fatfreecrm FAT Free CRM 0.19.0

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.

4.3
2019-06-10 CVE-2017-13717 Starry Credentials Management vulnerability in Starry S00111 Firmware

Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*".

4.3
2019-06-10 CVE-2019-11881 Rancher Unspecified vulnerability in Rancher 2.1.4

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols.

4.3
2019-06-10 CVE-2019-11877 PIX Link Cross-site Scripting vulnerability in Pix-Link Lv-Wr09 Firmware 28K.Minirouter.20180616

XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network.

4.3
2019-06-10 CVE-2019-5243 Huawei Improper Restriction of Rendered UI Layers or Frames vulnerability in Huawei Hg255S Firmware

There is a Clickjacking vulnerability in Huawei HG255s product.

4.3
2019-06-10 CVE-2019-12387 Twistedmatrix Injection vulnerability in Twistedmatrix Twisted

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

4.3
2019-06-14 CVE-2019-10159 Redhat Information Exposure Through Log Files vulnerability in Redhat Cfme-Gemset

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller.

4.0
2019-06-12 CVE-2019-0306 SAP Unspecified vulnerability in SAP Hana Extended Application Services 1.0

SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.

4.0
2019-06-11 CVE-2019-12764 Joomla Unspecified vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.7.

4.0
2019-06-11 CVE-2019-10339 Jenkins Credentials Management vulnerability in Jenkins JX Resources

A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.

4.0
2019-06-11 CVE-2019-10333 Jenkins Information Exposure vulnerability in Jenkins Electricflow

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

4.0

38 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-06-13 CVE-2019-11092 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.6
2019-06-13 CVE-2019-0180 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.6
2019-06-13 CVE-2019-0179 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.6
2019-06-13 CVE-2019-0177 Intel Unspecified vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.6
2019-06-13 CVE-2019-0175 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.6
2019-06-12 CVE-2019-0986 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

3.6
2019-06-11 CVE-2019-12749 Freedesktop
Canonical
Link Following vulnerability in multiple products

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library.

3.6
2019-06-15 CVE-2019-12830 Mybb Cross-site Scripting vulnerability in Mybb

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.

3.5
2019-06-14 CVE-2019-0316 SAP Cross-site Scripting vulnerability in SAP Netweaver Process Integration

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.

3.5
2019-06-14 CVE-2019-4403 IBM Cross-site Scripting vulnerability in IBM Connections 6.0

IBM Connections 6.0 is vulnerable to cross-site scripting.

3.5
2019-06-12 CVE-2019-0308 SAP Code Injection vulnerability in SAP E-Commerce

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.

3.5
2019-06-12 CVE-2019-3872 Redhat Cross-site Scripting vulnerability in Redhat products

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x.

3.5
2019-06-12 CVE-2019-1036 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2019-06-12 CVE-2019-1033 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2019-06-12 CVE-2019-1032 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2019-06-12 CVE-2019-1031 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2019-06-12 CVE-2019-10155 Libreswan
Strongswan
Xelerance
Fedoraproject
Improper Input Validation vulnerability in multiple products

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified.

3.5
2019-06-11 CVE-2019-3413 ZTE Cross-site Scripting vulnerability in ZTE Netnumen DAP Firmware

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability.

3.5
2019-06-11 CVE-2019-10335 Jenkins Cross-site Scripting vulnerability in Jenkins Electricflow

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.

3.5
2019-06-13 CVE-2019-0178 Intel Race Condition vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

3.3
2019-06-13 CVE-2019-0136 Intel
Google
Linux
Microsoft
Unspecified vulnerability in Intel Proset/Wireless Wifi

Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

3.3
2019-06-13 CVE-2018-10947 Polycom Improper Input Validation vulnerability in Polycom Realpresence Debut Firmware

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.

2.9
2019-06-13 CVE-2018-10946 Polycom Information Exposure vulnerability in Polycom Realpresence Debut Firmware

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.

2.7
2019-06-12 CVE-2019-0307 SAP Missing Encryption of Sensitive Data vulnerability in SAP Solution Manager 7.2

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default.

2.7
2019-06-12 CVE-2019-10926 Siemens Cleartext Transmission of Sensitive Information vulnerability in Siemens Simatic Mv420 Firmware and Simatic Mv440 Firmware

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6).

2.6
2019-06-14 CVE-2018-13901 Qualcomm Unspecified vulnerability in Qualcomm products

Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660

2.1
2019-06-14 CVE-2018-11947 Qualcomm Double Free vulnerability in Qualcomm products

The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

2.1
2019-06-14 CVE-2018-11942 Qualcomm Information Exposure vulnerability in Qualcomm products

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

2.1
2019-06-14 CVE-2019-4381 IBM Credentials Management vulnerability in IBM I 7.2/7.3

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC.

2.1
2019-06-14 CVE-2019-4239 IBM
Redhat
Insufficiently Protected Credentials vulnerability in IBM Cloud Private

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user.

2.1
2019-06-14 CVE-2019-12819 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.0.

2.1
2019-06-13 CVE-2019-0183 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2019-06-13 CVE-2019-0182 Intel Insufficiently Protected Credentials vulnerability in Intel Open Cloud Integrity Tehnology and Openattestation

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2019-06-13 CVE-2019-0174 Intel Unspecified vulnerability in Intel products

Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.

2.1
2019-06-13 CVE-2019-0157 Intel
Linux
Improper Input Validation vulnerability in Intel products

Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.

2.1
2019-06-12 CVE-2019-6567 Siemens Insufficiently Protected Credentials vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

2.1
2019-06-12 CVE-2019-1039 Microsoft Improper Initialization vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'.

2.1
2019-06-12 CVE-2019-10157 Redhat Improper Authentication vulnerability in Redhat Keycloak

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout .

2.1