Category Archives: Security

Microsoft Releases February 2019 Security Updates

This post was originally published on this site

Original release date: February 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft’s February 2019 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Internet Romance Scams

This post was originally published on this site

Original release date: February 12, 2019

The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone you have not met in person.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites. If you think you have been a target of a romance scam, file a report with


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update

This post was originally published on this site

Original release date: February 12, 2019

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates

This post was originally published on this site

Original release date: February 12, 2019

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

This post was originally published on this site

Original release date: February 12, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register.


This product is provided subject to this Notification and this Privacy & Use policy.

runc Open-Source Container Vulnerability

This post was originally published on this site

Original release date: February 11, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc.

NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become available.


This product is provided subject to this Notification and this Privacy & Use policy.

Have You Seen an Email Virus Recently?, (Mon, Feb 11th)

This post was originally published on this site

I did some research into the delivery of the malicious documents I analyzed this weekend (diary entries here and here).

I obtained several emails used to deliver these malicious documents as attachment. It started February 4th. All these emails are replies to existing emails, some to emails many years old.

The body of the message is always the same:

Morning,

 

 

 

Please see the attached file for your reference.

 

zip password – 1234567

 

Thanks.

The subject varies, depending on the original email: Re: …

The sender is one of the destinataires of the original email. I don’t think they are spoofed, but I need to check more emails.

And the mailer is always Outlook.

I have an hypothesis, but I need to do more research to confirm or disprove it. And more info: maybe you can help.

The attached malicious documents execute the following PowerShell script:

This PowerShell script downloads and executes 2 items (strictly speaking, 3 downloads, but that’s another story):

  1. Another PowerShell script
  2. A Windows EXE (PE file)

My hypothesis is the following: the downloaded PowerShell script is an email virus. It uses ActiveX automation to browse through Outlook inbox of the user that opened the malicious document, and selects one or more received emails to reply to. The PowerShell scripts sends replies with a message I mentioned above, and a malicious document attached (inside a password protected ZIP file).

I did not find samples of this downloaded PowerShell script. If you look at the first PowerShell script (screenshot), you will see that the second, downloaded PowerShell script is downloaded and executed without being written to disk. That makes it more difficult to obtain samples.

If you have a sample like this, please post a comment.

My research is far from complete, but I decided to already share information in this diary entry, as a request for help.

And also, to create awareness for malicious documents that are being delivered via replies to genuine emails. Because such emails are more likely to be opened by your users.

My hypothesis could be totally wrong: there could be another mechanism at work here. But fact is, that malicious documents are being mailed around as replies to existing emails.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SB19-042: Vulnerability Summary for the Week of February 4, 2019

This post was originally published on this site

Original release date: February 11, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess/scada WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. 2019-02-05 7.5 CVE-2019-6519
BID
MISC
advantech — webaccess/scada WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. 2019-02-05 7.5 CVE-2019-6521
BID
MISC
advantech — webaccess/scada WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. 2019-02-05 7.5 CVE-2019-6523
BID
MISC
articatech — artica_proxy Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. 2019-02-01 9.0 CVE-2019-7300
MISC
MISC
baijiacms_project — baijiacms An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. 2019-02-07 7.5 CVE-2019-7568
MISC
bijiadao — waimai_super_cms An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. 2019-02-07 7.5 CVE-2019-7585
MISC
bo-blog — bw Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function. 2019-02-07 7.5 CVE-2019-7587
MISC
cisco — aironet_active_sensor A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected. 2019-02-07 7.8 CVE-2019-1675
BID
CISCO
css-tricks — chat2 An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability. 2019-02-04 7.5 CVE-2019-7316
MISC
MISC
defaults-deep_project — defaults-deep A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. 2019-02-01 7.5 CVE-2018-16486
MISC
dlink — dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ‘ /bin/telnetd’ for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. 2019-02-01 9.3 CVE-2019-7298
BID
MISC
dlink — dir-823g_firmware An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication. 2019-02-04 7.8 CVE-2019-7389
BID
MISC
f5 — big-ip_local_traffic_manager On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. 2019-02-05 7.1 CVE-2019-6590
BID
CONFIRM
fastnet — mailcleaner Fastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server. 2019-02-04 9.0 CVE-2018-1000999
MISC
fortinet — fortios A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. 2019-02-08 7.5 CVE-2018-1352
CONFIRM
haraka_project — haraka Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. 2019-02-05 7.5 CVE-2016-1000282
MISC
haxx — libcurl libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn’t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. 2019-02-06 7.5 CVE-2019-3823
BID
CONFIRM
MISC
UBUNTU
DEBIAN
lifesize — networker_220_firmware LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. 2019-02-08 9.0 CVE-2019-7632
MISC
live555 — streaming_media liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. 2019-02-03 7.5 CVE-2019-7314
MISC
MISC
mozilla — firefox A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. 2019-02-05 7.5 CVE-2018-18500
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. 2019-02-05 7.5 CVE-2018-18501
BID
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. 2019-02-05 10.0 CVE-2018-18502
BID
UBUNTU
CONFIRM
mozilla — firefox A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. 2019-02-05 7.5 CVE-2018-18504
BID
UBUNTU
CONFIRM
mozilla — firefox An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. 2019-02-05 7.5 CVE-2018-18505
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
CONFIRM
CONFIRM
CONFIRM
opt-net — ng-netms OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity. 2019-02-04 7.5 CVE-2019-1000023
MISC
MISC
MISC
pizzashack — rssh Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. 2019-02-06 7.5 CVE-2019-3463
BID
MLIST
MISC
DEBIAN
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. 2019-02-05 7.5 CVE-2018-8793
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. 2019-02-05 7.5 CVE-2018-8794
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. 2019-02-05 7.5 CVE-2018-8795
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. 2019-02-05 7.5 CVE-2018-8797
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. 2019-02-05 7.5 CVE-2018-8800
BID
MISC
wibu — wibukey An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. 2019-02-05 7.2 CVE-2018-3990
MISC
zevenet — zen_load_balancer Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. 2019-02-01 9.0 CVE-2019-7301
BID
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — subversion Subversion’s mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. 2019-02-05 5.0 CVE-2018-11803
BID
CONFIRM
UBUNTU
audacityteam — audacity Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled. 2019-02-04 6.0 CVE-2016-1000276
CONFIRM
MISC
bijiadao — waimai_super_cms An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. 2019-02-07 4.3 CVE-2019-7567
MISC
boolector_project — boolector In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete. 2019-02-07 4.3 CVE-2019-7560
MISC
MISC
btor2tools_project — btor2tools In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr. 2019-02-07 4.3 CVE-2019-7559
MISC
canvasgfx — canvas_draw An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. 2019-02-06 6.8 CVE-2018-3973
BID
MISC
canvasgfx — canvas_draw An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution. 2019-02-06 6.8 CVE-2018-3976
BID
MISC
chamilo — chamilo_lms Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. 2019-02-04 4.0 CVE-2019-1000017
MISC
MISC
cisco — firepower_management_center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-02-07 4.3 CVE-2019-1671
BID
CISCO
cisco — meeting_server A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected. 2019-02-07 4.0 CVE-2019-1678
BID
CISCO
cisco — telepresence_management_suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-02-07 4.3 CVE-2019-1661
BID
CISCO
cisco — unified_intelligence_center A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. 2019-02-07 4.3 CVE-2019-1670
BID
CISCO
cszcms — csz_cms CSZ CMS 1.1.8 has CSRF via admin/users/new/add. 2019-02-07 6.8 CVE-2019-7566
MISC
dlink — dir-823g_firmware An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. 2019-02-04 5.0 CVE-2019-7388
BID
MISC
express-cart_project — express-cart A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. 2019-02-01 6.5 CVE-2018-16483
MISC
ffmpeg — ffmpeg FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. 2019-02-04 4.3 CVE-2019-1000016
MISC
fortiguard — forticlient A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. 2019-02-08 4.9 CVE-2018-9190
CONFIRM
freedesktop — poppler In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. 2019-02-02 6.8 CVE-2019-7310
BID
MISC
MISC
gpac_project — gpac In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. 2019-02-06 6.8 CVE-2018-20760
MISC
MISC
gpac_project — gpac GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. 2019-02-06 6.8 CVE-2018-20761
MISC
MISC
gpac_project — gpac GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. 2019-02-06 6.8 CVE-2018-20762
MISC
MISC
gpac_project — gpac In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. 2019-02-06 6.8 CVE-2018-20763
MISC
MISC
grafana — piechart-panel The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard. 2019-02-06 4.3 CVE-2015-9282
MISC
MISC
MISC
MISC
gurock — testrail index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology. 2019-02-07 5.0 CVE-2019-7535
MISC
html-pages_project — html-pages A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user’s browser due to the absence of sanitization of the paths before rendering. 2019-02-01 4.3 CVE-2018-16481
MISC
http-live-simulator_project — http-live-simulator Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. 2019-02-01 5.0 CVE-2018-16479
MISC
ibm — api_connect API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. 2019-02-07 5.0 CVE-2019-4008
XF
CONFIRM
ibm — integration_bus IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. 2019-02-04 5.0 CVE-2018-1801
CONFIRM
XF
ibm — security_identity_manager IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. 2019-02-04 4.6 CVE-2019-4038
XF
CONFIRM
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. 2019-02-04 5.0 CVE-2018-1675
CONFIRM
XF
imagemagick — imagemagick In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. 2019-02-04 5.0 CVE-2019-7395
BID
MISC
MISC
imagemagick — imagemagick In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. 2019-02-04 5.0 CVE-2019-7396
BID
MISC
MISC
imagemagick — imagemagick In ImageMagick before 7.0.8-25, several memory leaks exist in WritePDFImage in coders/pdf.c. 2019-02-04 5.0 CVE-2019-7397
BID
MISC
MISC
imagemagick — imagemagick In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. 2019-02-04 5.0 CVE-2019-7398
BID
MISC
jenkins — git A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. 2019-02-06 4.3 CVE-2019-1003010
CONFIRM
jenkins — github_oauth An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. 2019-02-06 4.3 CVE-2019-1003019
CONFIRM
jenkins — job_import An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc. 2019-02-06 6.4 CVE-2019-1003015
CONFIRM
jenkins — job_import An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-02-06 4.3 CVE-2019-1003016
CONFIRM
jenkins — monitoring A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. 2019-02-06 4.3 CVE-2019-1003022
CONFIRM
jenkins — script_security A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-02-06 6.5 CVE-2019-1003005
CONFIRM
jenkins — token_macro An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. 2019-02-06 5.5 CVE-2019-1003011
CONFIRM
jenkins — warnings A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. 2019-02-06 6.8 CVE-2019-1003007
CONFIRM
jenkins — warnings_next_generation A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. 2019-02-06 6.8 CVE-2019-1003008
CONFIRM
jspmyadmin — jspmyadmin2 yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren’t properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question. 2019-02-04 4.3 CVE-2019-1000004
MISC
kanboard — kanboard app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. 2019-02-04 4.3 CVE-2019-7324
MISC
MISC
kindsoft — kindeditor In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. 2019-02-06 4.3 CVE-2019-7543
MISC
libarchive — libarchive libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. 2019-02-04 4.3 CVE-2019-1000019
MISC
MISC
MLIST
UBUNTU
libarchive — libarchive libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. 2019-02-04 4.3 CVE-2019-1000020
MISC
MISC
MLIST
UBUNTU
libming — libming The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876. 2019-02-07 6.8 CVE-2019-7581
MISC
libming — libming The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure. 2019-02-07 6.8 CVE-2019-7582
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. 2019-02-07 6.8 CVE-2019-7572
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). 2019-02-07 6.8 CVE-2019-7573
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. 2019-02-07 6.8 CVE-2019-7574
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. 2019-02-07 6.8 CVE-2019-7575
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). 2019-02-07 6.8 CVE-2019-7576
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. 2019-02-07 6.8 CVE-2019-7577
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. 2019-02-07 6.8 CVE-2019-7578
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. 2019-02-08 6.8 CVE-2019-7635
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. 2019-02-08 6.8 CVE-2019-7636
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. 2019-02-08 6.8 CVE-2019-7637
MISC
MISC
libsdl — simple_directmedia_layer SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. 2019-02-08 6.8 CVE-2019-7638
MISC
MISC
linux — linux_kernel In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. 2019-02-01 4.7 CVE-2016-10741
MISC
BID
MISC
MISC
MISC
mcafee — epolicy_orchestrator Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user’s session via unspecified vectors. 2019-02-01 6.8 CVE-2019-3604
BID
CONFIRM
mcstatic-project — mcstatic A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. 2019-02-01 5.0 CVE-2018-16482
MISC
modx — modx_revolution MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. 2019-02-06 4.3 CVE-2018-20755
MISC
modx — modx_revolution MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. 2019-02-06 4.3 CVE-2018-20756
MISC
modx — modx_revolution MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. 2019-02-06 4.3 CVE-2018-20757
MISC
mozilla — firefox When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. 2019-02-05 6.8 CVE-2018-18503
BID
UBUNTU
CONFIRM
mozilla — firefox When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. 2019-02-05 4.3 CVE-2018-18506
BID
UBUNTU
CONFIRM
opt-net — ng-netms OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The “id” and “operation” GET parameters can be used to inject arbitrary JavaScript which is returned in the page’s response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity. 2019-02-04 4.3 CVE-2019-1000024
MISC
MISC
MISC
pbootcms — pbootcms A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. 2019-02-07 5.8 CVE-2019-7570
MISC
phpipam — phpipam phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. 2019-02-04 4.3 CVE-2019-1000010
MISC
MISC
phpmywind — phpmywind An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. 2019-02-05 4.3 CVE-2019-7402
MISC
phpmywind — phpmywind An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. 2019-02-05 5.5 CVE-2019-7403
MISC
podofo_project — podofo An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName(“MediaBox”),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. 2019-02-04 6.8 CVE-2018-20751
MISC
MISC
rarlab — winrar There is an out-of-bounds writes vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2019-02-05 6.8 CVE-2018-20252
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. 2019-02-05 5.0 CVE-2018-8791
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). 2019-02-05 5.0 CVE-2018-8792
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). 2019-02-05 5.0 CVE-2018-8796
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. 2019-02-05 5.0 CVE-2018-8798
BID
MISC
rdesktop — rdesktop rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). 2019-02-05 5.0 CVE-2018-8799
BID
MISC
schneider-electric — guicon A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file 2019-02-06 6.8 CVE-2018-7813
BID
CONFIRM
schneider-electric — guicon A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file 2019-02-06 6.8 CVE-2018-7814
BID
CONFIRM
schneider-electric — guicon A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file 2019-02-06 6.8 CVE-2018-7815
BID
CONFIRM
schneider-electric — zelio_soft_2 A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. 2019-02-06 4.4 CVE-2018-7817
BID
CONFIRM
spice_project — spice Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. 2019-02-04 5.4 CVE-2019-3813
BID
REDHAT
REDHAT
CONFIRM
MLIST
UBUNTU
DEBIAN
sqlalchemy — sqlalchemy SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. 2019-02-06 6.8 CVE-2019-7548
MISC
MISC
thinkcmf — thinkcmf ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection. 2019-02-07 6.5 CVE-2019-7580
MISC
MISC
topnew — sidu An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. 2019-02-06 4.3 CVE-2019-7546
MISC
wdoyo — doyo An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. 2019-02-07 6.8 CVE-2019-7569
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST[‘PHP_SELF’], without applying any proper filtration. 2019-02-04 4.3 CVE-2019-7325
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘Host’ parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. 2019-02-04 4.3 CVE-2019-7326
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘scale’ parameter value in the view frame (frame.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7327
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘scale’ parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7328
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER[‘PHP_SELF’] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. 2019-02-04 4.3 CVE-2019-7329
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘show’ parameter value in the view frame (frame.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7330
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named “signal check color” (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. 2019-02-04 4.3 CVE-2019-7331
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘eid’ (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7332
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘Exportfile’ parameter value in the view download (download.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7333
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘Exportfile’ parameter value in the view export (export.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7334
MISC
zoneminder — zoneminder Self – Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view ‘log’ as it insecurely prints the ‘Log Message’ value on the web page without applying any proper filtration. This relates to the view=logs value. 2019-02-04 4.3 CVE-2019-7335
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. 2019-02-04 4.3 CVE-2019-7336
MISC
zoneminder — zoneminder Self – Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view ‘group’ as it insecurely prints the ‘Group Name’ value on the web page without applying any proper filtration. 2019-02-04 4.3 CVE-2019-7338
MISC
zoneminder — zoneminder POST – Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘level’ parameter value in the view log (log.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7339
MISC
zoneminder — zoneminder POST – Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘filter[Query][terms][0][val]’ parameter value in the view filter (filter.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7340
MISC
zoneminder — zoneminder Reflected – Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘newMonitor[LinkedMonitors]’ parameter value in the view monitor (monitor.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7341
MISC
zoneminder — zoneminder POST – Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘filter[AutoExecuteCmd]’ parameter value in the view filter (filter.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7342
MISC
zoneminder — zoneminder Reflected – Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘newMonitor[Method]’ parameter value in the view monitor (monitor.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7343
MISC
zoneminder — zoneminder Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view ‘filter’ as it insecurely prints the ‘filter[Name]’ (aka Filter name) value on the web page without applying any proper filtration. 2019-02-04 4.3 CVE-2019-7344
MISC
zoneminder — zoneminder A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a “Try again” button, which allows resending the failed request, making the CSRF attack successful. 2019-02-04 6.8 CVE-2019-7346
MISC
zoneminder — zoneminder A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). 2019-02-04 6.0 CVE-2019-7347
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘username’ parameter value in the view user (user.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7348
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘newMonitor[V4LCapturesPerFrame]’ parameter value in the view monitor (monitor.php) because proper filtration is omitted. 2019-02-04 4.3 CVE-2019-7349
MISC
zoneminder — zoneminder Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim’s account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins. 2019-02-04 4.9 CVE-2019-7350
MISC
zoneminder — zoneminder Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the ‘log’ view page, as demonstrated by the message=User%20’admin’%20Logged%20in value. 2019-02-04 4.3 CVE-2019-7351
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view ‘state’ (aka Run State) (state.php) does no input validation to the value supplied to the ‘New State’ (aka newState) field, allowing an attacker to execute HTML or JavaScript code. 2019-02-04 4.3 CVE-2019-7352
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — spark When using PySpark , it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. 2019-02-04 2.1 CVE-2018-11760
BID
MLIST
cisco — webex_meetings A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected. 2019-02-07 1.9 CVE-2019-1677
BID
CISCO
dbninja — dbninja In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. 2019-02-06 3.5 CVE-2019-7545
MISC
f5 — big-ip_access_policy_manager On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. 2019-02-05 3.5 CVE-2019-6591
CONFIRM
gnu — glibc In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. 2019-02-02 2.1 CVE-2019-7309
BID
MISC
MISC
jenkins — config_file_provider An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. 2019-02-06 3.5 CVE-2019-1003014
CONFIRM
libpng — libpng png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. 2019-02-04 2.6 CVE-2019-7317
MISC
MISC
modx — modx_revolution MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. 2019-02-06 3.5 CVE-2018-20758
MISC
mywebsql — mywebsql An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. 2019-02-06 3.5 CVE-2019-7544
MISC
schneider-electric — iiot_monitor A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure. 2019-02-06 2.1 CVE-2018-7839
CONFIRM
topnew — sidu An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. 2019-02-06 3.5 CVE-2019-7547
MISC
zoneminder — zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view ‘events’ (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. 2019-02-04 3.5 CVE-2019-7337
MISC
zoneminder — zoneminder Self – Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view ‘options’ (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. 2019-02-04 3.5 CVE-2019-7345
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
42gears — suremdm An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx “url” parameter. 2019-02-04 not yet calculated CVE-2018-15657
MISC
EXPLOIT-DB
42gears — suremdm An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. 2019-02-04 not yet calculated CVE-2018-15655
MISC
42gears — suremdm An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. 2019-02-04 not yet calculated CVE-2018-15659
MISC
42gears — suremdm An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an “apiKey” value in the “ApiKey” header. 2019-02-04 not yet calculated CVE-2018-15656
MISC
42gears — suremdm An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data. 2019-02-04 not yet calculated CVE-2018-15658
MISC
abbyy — flexicapture Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. 2019-02-09 not yet calculated CVE-2018-13792
CONFIRM
aioxmpp — aioxmpp aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3. 2019-02-04 not yet calculated CVE-2019-1000007
MISC
apache — gauacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user’s session token. This cookie lacked the “secure” flag, which could allow an attacker eavesdropping on the network to intercept the user’s session token if unencrypted HTTP requests are made to the same domain. 2019-02-07 not yet calculated CVE-2018-1340
BID
MISC
apache — hadoop In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. 2019-02-07 not yet calculated CVE-2018-1296
BID
MISC
api_platform — api_platform API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6. 2019-02-04 not yet calculated CVE-2019-1000011
MISC
MISC
avaya — aura_communication_manager A vulnerability in the “capro” (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1. 2019-02-01 not yet calculated CVE-2018-15617
BID
CONFIRM
becton,_dickinson_and_company — facslyric BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions. 2019-02-06 not yet calculated CVE-2019-6517
BID
MISC
brancz — kube-rbac-proxy The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. 2019-02-05 not yet calculated CVE-2019-3818
BID
CONFIRM
CONFIRM
buildbot — buildbot www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain. 2019-02-03 not yet calculated CVE-2019-7313
MISC
ca_technologies — automic_workload_automation Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. 2019-02-05 not yet calculated CVE-2019-6504
BID
MISC
BUGTRAQ
MISC
MISC
FULLDISC
MISC
canvas — draw An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. 2019-02-06 not yet calculated CVE-2018-3980
MISC
chamilo — chamilo-lms Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. 2019-02-04 not yet calculated CVE-2019-1000015
MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. 2019-02-08 not yet calculated CVE-2019-1673
BID
CISCO
cisco — meeting_server A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected. 2019-02-08 not yet calculated CVE-2019-1676
BID
CISCO
cisco — telepresence_conductor_and_expressway_series_and_telepresence_video_communication_server_software A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected. 2019-02-07 not yet calculated CVE-2019-1679
BID
CISCO
cisco — telepresence_management_suite A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited. 2019-02-07 not yet calculated CVE-2019-1660
BID
CISCO
cisco — web_security_appliance A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected. 2019-02-08 not yet calculated CVE-2019-1672
BID
CISCO
cisco — webex_business_suite A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user’s browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected. 2019-02-07 not yet calculated CVE-2019-1680
BID
CISCO
connectwise — manageditsync ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication. 2019-02-05 not yet calculated CVE-2017-18362
MISC
MISC
MISC
coturn — coturn An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. 2019-02-05 not yet calculated CVE-2018-4056
MISC
DEBIAN
cvsweb — cvsweb FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact–CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. 2019-02-04 not yet calculated CVE-2018-1000998
MISC
d-link — dir-823g_devices An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. 2019-02-04 not yet calculated CVE-2019-7390
BID
MISC
debain — tmpreaper Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14. 2019-02-04 not yet calculated CVE-2019-3461
MISC
MLIST
DEBIAN
dell_emc — dell_os10 Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). 2019-02-04 not yet calculated CVE-2018-15778
MISC
dell_emc — vnx2_operating_environment VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability. 2019-02-07 not yet calculated CVE-2019-3704
BID
FULLDISC
elfutils — elfutils In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. 2019-02-09 not yet calculated CVE-2019-7665
MISC
MISC
elfutils — elfutils In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). 2019-02-09 not yet calculated CVE-2019-7664
MISC
emsisoft — emsisoft_anti-malware EPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories “inside” the .EPP device are not properly protected, leading to unintended impersonation or object creation. 2019-02-08 not yet calculated CVE-2019-7651
MISC
MISC
MISC
enphase_energy — envoy A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. 2019-02-09 not yet calculated CVE-2019-7676
MISC
MISC
MISC
enphase_energy — envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. 2019-02-09 not yet calculated CVE-2019-7678
MISC
MISC
enphase_energy — envoy XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. 2019-02-09 not yet calculated CVE-2019-7677
MISC
MISC
extend — extend A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16492
MISC
forcepoint — forcepoint_user_id Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface. 2019-02-07 not yet calculated CVE-2019-6139
MISC
genivia — gsoap Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. 2019-02-09 not yet calculated CVE-2019-7659
CONFIRM
gitea — gitea Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to “any” repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2. 2019-02-04 not yet calculated CVE-2019-1000002
MISC
gnome — gdm A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user’s session. 2019-02-06 not yet calculated CVE-2019-3825
CONFIRM
gnome — gnome-shell It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. 2019-02-06 not yet calculated CVE-2019-3820
CONFIRM
MISC
gsi-openssh-server — gsi_openssh_server An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. 2019-02-08 not yet calculated CVE-2019-7639
MISC
helm — chartmuseum Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1. 2019-02-04 not yet calculated CVE-2019-1000009
MISC
helm — helm All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The commands `helm fetch –untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2. 2019-02-04 not yet calculated CVE-2019-1000008
MISC
hex — hex_core Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0. 2019-02-04 not yet calculated CVE-2019-1000013
MISC
MISC
hex — hex_core Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19. 2019-02-04 not yet calculated CVE-2019-1000012
MISC
MISC
hotels_server_project — hotels_server controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. 2019-02-08 not yet calculated CVE-2019-7648
MISC
ibm — bigfix_compliance IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429. 2019-02-05 not yet calculated CVE-2017-1177
XF
CONFIRM
ibm — bigfix_compliance IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673. 2019-02-05 not yet calculated CVE-2017-1198
XF
CONFIRM
ibm — bigfix_compliance IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675. 2019-02-05 not yet calculated CVE-2017-1200
XF
CONFIRM
ibm — bigfix_compliance IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 123677. 2019-02-05 not yet calculated CVE-2017-1202
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. 2019-02-07 not yet calculated CVE-2018-1666
XF
CONFIRM
ibm — security_identity_manager IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. 2019-02-04 not yet calculated CVE-2018-1970
CONFIRM
XF
ibm — security_identity_manager IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. 2019-02-04 not yet calculated CVE-2018-1962
CONFIRM
BID
XF
inxedu — inxedu inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg. 2019-02-09 not yet calculated CVE-2019-7684
MISC
jenkins — jenkins An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator’s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. 2019-02-06 not yet calculated CVE-2019-1003018
CONFIRM
jenkins — jenkins An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user’s description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. 2019-02-06 not yet calculated CVE-2019-1003013
CONFIRM
jenkins — jenkins An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. 2019-02-06 not yet calculated CVE-2019-1003009
CONFIRM
jenkins — jenkins A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job’s configuration. 2019-02-06 not yet calculated CVE-2019-1003017
CONFIRM
jenkins — jenkins A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. 2019-02-06 not yet calculated CVE-2019-1003012
CONFIRM
jenkins — jenkins A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-02-06 not yet calculated CVE-2019-1003006
CONFIRM
jenkins — jenkins An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator’s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. 2019-02-06 not yet calculated CVE-2019-1003021
CONFIRM
jenkins — jenkins A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. 2019-02-06 not yet calculated CVE-2019-1003020
CONFIRM
jenkins — jenkins A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. 2019-02-06 not yet calculated CVE-2019-1003023
CONFIRM
joomla — joomla Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in “/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events”. This attack appears to be exploitable if the attacker can reach the web server. 2019-02-04 not yet calculated CVE-2016-1000271
MISC
just-extend — just-extend A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. 2019-02-01 not yet calculated CVE-2018-16489
MISC
kaseya — vsa_rmm Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild. 2019-02-05 not yet calculated CVE-2018-20753
MISC
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. 2019-02-05 not yet calculated CVE-2018-19002
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. 2019-02-05 not yet calculated CVE-2018-18992
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. 2019-02-05 not yet calculated CVE-2018-18986
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. 2019-02-05 not yet calculated CVE-2018-19029
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. 2019-02-01 not yet calculated CVE-2018-18988
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. 2019-02-05 not yet calculated CVE-2018-18996
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. 2019-02-05 not yet calculated CVE-2018-18998
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. 2019-02-05 not yet calculated CVE-2018-19000
BID
MISC
lcds — laquis_scada LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. 2019-02-05 not yet calculated CVE-2018-18990
BID
MISC
libcurl — libcurl libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. 2019-02-06 not yet calculated CVE-2018-16890
BID
CONFIRM
MISC
UBUNTU
DEBIAN
libcurl — libcurl libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large ‘nt response’ data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a ‘large value’ needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. 2019-02-06 not yet calculated CVE-2019-3822
BID
CONFIRM
MISC
UBUNTU
DEBIAN
libtiff — libtiff An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. 2019-02-09 not yet calculated CVE-2019-7663
MISC
lightsoft — logmx GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file. 2019-02-04 not yet calculated CVE-2019-7323
MISC
MISC
MISC
linux — linux_kernel kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. 2019-02-01 not yet calculated CVE-2019-7308
MISC
MISC
BID
MISC
MISC
MISC
MISC
lodash — lodash A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. 2019-02-01 not yet calculated CVE-2018-16487
MISC
m-server — m-server Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. 2019-02-01 not yet calculated CVE-2018-16485
MISC
m-server — m-server A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. 2019-02-01 not yet calculated CVE-2018-16484
MISC
mapsvg — mapsvg_lite MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. 2019-02-04 not yet calculated CVE-2019-1000003
MISC
MISC
mitsubishi — multiple_products Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash. 2019-02-05 not yet calculated CVE-2019-6535
BID
MISC
mobotix — s14_mx-v4.2.1.61_devices An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the “aaaaa” password, considered insecure for some use cases, from a user. 2019-02-09 not yet calculated CVE-2019-7674
MISC
mobotix — s14_mx-v4.2.1.61_devices An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. 2019-02-09 not yet calculated CVE-2019-7675
MISC
mobotix — s14_mx-v4.2.1.61_devices An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. 2019-02-09 not yet calculated CVE-2019-7673
MISC
mobotix — s14_mx-v4.2.1.61_devices An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. 2019-02-09 not yet calculated CVE-2009-5154
MISC
MISC
mpath — mpath A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16490
MISC
mpdf — mpdf mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src=”https://www.us-cert.govphar://path/to/crafted/image”>. This vulnerability appears to have been fixed in 7.1.8. 2019-02-04 not yet calculated CVE-2019-1000005
MISC
netapp — clustered_data_ontap Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. 2019-02-01 not yet calculated CVE-2018-5498
CONFIRM
nginx — nginx_unit NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact. 2019-02-07 not yet calculated CVE-2019-7401
MISC
MISC
MISC
BID
node.extend — node.extend A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. 2019-02-01 not yet calculated CVE-2018-16491
MISC
pagure — pagure Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.) 2019-02-07 not yet calculated CVE-2019-7628
MISC
MISC
MISC
MISC
MISC
primx — zed_enterprise Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it. 2019-02-03 not yet calculated CVE-2019-7312
MISC
public — public A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. 2019-02-01 not yet calculated CVE-2018-16480
MISC
MISC
rarlab — winrar A validation function (in WinRAR code) is being called before extraction of ACE archives. The validation function inspects the filename field for each compressed file in the ACE archive. In case the filename is disallow by the validator function (for example, the filename contains path traversal patterns) The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after the creation of files and folders. It prevent the write operation to the extracted files only. 2019-02-05 not yet calculated CVE-2018-20251
BID
MISC
rebar3 — rebar3 Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0. 2019-02-04 not yet calculated CVE-2019-1000014
MISC
recon-ng — recon-ng An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker. 2019-02-04 not yet calculated CVE-2018-20752
MISC
MISC
redflib — redflib The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because “python -m” looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. 2019-02-08 not yet calculated CVE-2019-7653
MISC
riot — riot-os RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity. 2019-02-04 not yet calculated CVE-2019-1000006
MISC
rssh — rssh rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. 2019-02-04 not yet calculated CVE-2019-1000018
MISC
MLIST
DEBIAN
rssh — rssh Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. 2019-02-06 not yet calculated CVE-2019-3464
BID
MLIST
MISC
DEBIAN
rukovoditel — rukovoditel Rukovoditel before 2.4.1 allows XSS. 2019-02-05 not yet calculated CVE-2019-7400
CONFIRM
slixmpp — slixmpp slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn’t configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2. 2019-02-04 not yet calculated CVE-2019-1000021
MISC
MISC
symantec — ghost_solution_suite Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. 2019-02-08 not yet calculated CVE-2018-18364
BID
CONFIRM
systrome — mulitple_cumilon_devices A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. 2019-02-04 not yet calculated CVE-2019-7387
MISC
MISC
taoensso — senate Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later. 2019-02-04 not yet calculated CVE-2019-1000022
MISC
tcpcrypt — tcpcrypt A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. 2019-02-08 not yet calculated CVE-2018-20764
CONFIRM
teampass — teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. 2019-02-04 not yet calculated CVE-2019-1000001
MISC
trend_micro — dr_safety A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations. 2019-02-05 not yet calculated CVE-2018-18334
CONFIRM
trend_micro — security_2019 A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. 2019-02-05 not yet calculated CVE-2018-18333
CONFIRM
MISC
MISC
webassembly — binaryen An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file. 2019-02-09 not yet calculated CVE-2019-7662
MISC
wibu-systems — wibukey An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. 2019-02-05 not yet calculated CVE-2018-3991
MISC
wibu-systems — wibukey An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. 2019-02-05 not yet calculated CVE-2018-3989
MISC
win.rar — winrar By crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution. 2019-02-05 not yet calculated CVE-2018-20250
BID
MISC
wordpress — wordpress In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. (“parallax” has a spelling change within the PHP filename.) 2019-02-05 not yet calculated CVE-2019-7413
MISC
wordpress — wordpress The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. 2019-02-05 not yet calculated CVE-2019-7412
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Video: Maldoc Analysis of the Weekend, (Sun, Feb 10th)

This post was originally published on this site

I made a video for yesterday’s diary entry “Maldoc Analysis of the Weekend” (the analysis of a Word document with VBA launching a PowerShell command).

The sample I use in this video is different from yesterday’s sample: I start with an email (.msg file) containing the maldoc in a password protected ZIP attachment. Unfortunately, I can’t share the content of this email. But I’m looking for similar samples that I can share.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Maldoc Analysis of the Weekend, (Sat, Feb 9th)

This post was originally published on this site

Yesterday I received malicious Office document request15.doc (MD5 8598361ecbbffb35900d0720b0316a56).

It contains VBA macros that execute a PowerShell script. That script is a bit different than usual, so let’s take a look.

With oledump.py, I look at the streams and find a macro stream:

Grepping for shell in the VBA code, it becomes clear what the purpose is:

Following the method I explained in diary entry “Quickie: String Analysis is Still Useful“, I can quickly extract the PowerShell command:

Remark also that in the VBA code, character [ is replaced with letter A before the code is executed. I use sed to do the replacement:

And then I pipe this into base64dump.py:

Giving me the following PowerShell script:

This PowerShell script enumerates all methods of class System.Net.WebClient, and takes action for methods DownloadString and DownloadData.

With DownloadString it downloads a PowerShell script to be executed (IEX).

And with DownloadData it downloads a Windows executable to be executed.

Both files were no longer available when I performed the analysis, but I could probably find them via VirusTotal.

 

 

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.