Vulnerability Summary for the Week of June 24, 2019
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.
High Vulnerabilities
Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
CVE-2019- An issue was discovered in Mongoose before 2019-06- 12951 cesanta -- mongoose 6.15. The parse_mqtt() function in mg_mqtt.c has 7.5 24 MISC a critical heap-based buffer overflow. MISC
A vulnerability in the web-based management CVE-2019- cisco -- interface of Cisco Data Center Network Manager 2019-06- 1619 7.5 data_center_network_manager (DCNM) could allow an unauthenticated, remote 26 BID attacker to bypass authentication and execute CISCO Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect CVE-2019- cisco -- permission settings in affected DCNM software. 2019-06- 1620 10.0 data_center_network_manager An attacker could exploit this vulnerability by 26 BID uploading specially crafted data to the affected CISCO device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.
CVE-2019- Citrix AppDNA before 7 1906.1.0.472 has 2019-06- 12292 citrix -- appdna 7.5 Incorrect Access Control. 24 CONFIRM MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
HP Support Assistant 8.7.50 and earlier allows a CVE-2019- user to gain system privilege and allows 2019-06- 6328 hp -- support_assistant unauthorized modification of directories or files. 7.2 25 BID Note: A different vulnerability than CVE-2019- CONFIRM 6329.
HP Support Assistant 8.7.50 and earlier allows a CVE-2019- user to gain system privilege and allows 2019-06- 6329 hp -- support_assistant unauthorized modification of directories or files. 7.2 25 BID Note: A different vulnerability than CVE-2019- CONFIRM 6328.
CVE-2018- 20843 MISC In libexpat in Expat before 2.2.7, XML input MISC including XML names that contain a large MISC number of colons could make the XML parser 2019-06- MISC libexpat -- expat 7.8 consume a high amount of RAM and CPU 24 MISC resources while processing (enough to be usable MLIST for denial-of-service attacks). BUGTRAQ UBUNTU UBUNTU DEBIAN Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
CVE-2019- LiveZilla Server before 8.0.1.1 is vulnerable to 2019-06- 12939 livezilla -- livezilla SQL Injection in server.php via the p_ext_rse 7.5 24 BID parameter. MISC
LiveZilla Server before 8.0.1.1 is vulnerable to CVE-2019- Denial Of Service (memory consumption) in 2019-06- livezilla -- livezilla 7.1 12940 knowledgebase.php via a large integer value of 24 MISC the depth parameter.
LiveZilla Server before 8.0.1.1 is vulnerable to CVE-2019- 2019-06- livezilla -- livezilla SQL Injection in functions.internal.build.inc.php 7.5 12960 25 via the parameter p_dt_s_d. MISC
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an CVE-2019- pivotal_software -- application using an affected version of Spring 2019-06- 7.5 11272 spring_security Security is leveraging PlaintextPasswordEncoder 26 CONFIRM and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
PostgreSQL versions 10.x before 10.9 and 2019-06- CVE-2019- postgresql -- postgresql 9.0 versions 11.x before 11.4 are vulnerable to a 26 10164 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
stack-based buffer overflow. Any authenticated CONFIRM user can overflow a stack-based buffer by MISC changing the user's own password to a purpose- crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command CVE-2019- injection, which allows the remote attacker to 2019-06- qemu -- qemu 10.0 12928 achieve code execution, denial of service, or 24 MISC information disclosure by sending a crafted QMP command to the listening server.
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, CVE-2019- which allows the attacker to achieve code 2019-06- qemu -- qemu 10.0 12929 execution, denial of service, or information 24 MISC disclosure by sending a crafted QMP command to the listening server.
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 CVE-2019- has a buffer overflow allowing local privilege 2019-06- toaruos -- toaruos 7.2 12937 escalation to the root user via the DISPLAY 23 MISC environment variable. Medium Vulnerabilities
CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
The Roundcube component of Analogic CVE- Poste.io 2.1.6 uses .htaccess to protect the 2019- logs/ folder, which is effective with the 2019-06- analogic -- poste.io 4.0 12938 Apache HTTP Server but is ineffective 24 MISC with nginx. Attackers can read logs via MISC the webmail/logs/sendmail URI.
CVE- The fix for CVE-2019-0199 was 2019- incomplete and did not address HTTP/2 10072 connection window exhaustion on write BID in Apache Tomcat versions 9.0.0.M1 to MISC 9.0.19 and 8.5.0 to 8.5.40 . By not 2019-06- apache -- tomcat 5.0 CONFIR sending WINDOW_UPDATE messages 21 M for the connection window (stream 0) CONFIR clients were able to cause server-side M threads to block eventually leading to CONFIR thread exhaustion and a DoS. M
The issue searching component in Jira CVE- 2019-06- atlassian -- jira before version 8.1.0 allows remote 4.0 2019- 26 attackers to deny access to Jira service 11583 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
via denial of service vulnerability in issue BID search when ordering by "Epic Name". MISC
CVE- BCN Quark Quarking Password Manager 2019- 3.1.84 suffers from a clickjacking 12880 vulnerability caused by allowing * within 2019-06- bcnquark -- quarking_password_manager 4.3 MISC web_accessible_resources. An attacker 24 FULLDIS can take advantage of this vulnerability C and cause significant harm. MISC
CVE- arch/powerpc/mm/mmu_context_book3s 2019- 64.c in the Linux kernel before 5.1.15 for 12817 powerpc has a bug where unrelated MLIST processes may be able to read/write to 2019-06- BID canonical -- ubuntu_linux 6.9 one another's virtual memory under 25 CONFIR certain conditions via an mmap above M 512 TB. Only a subset of powerpc MISC systems are affected. FEDORA UBUNTU
A vulnerability in the web-based 2019-06- CVE- cisco -- data_center_network_manager 5.0 management interface of Cisco Data 26 2019-1621 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
Center Network Manager (DCNM) could BID allow an unauthenticated, remote attacker CISCO to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker CVE- to retrieve sensitive information from an 2019-06- 2019-1622 cisco -- data_center_network_manager 5.0 affected device. The vulnerability is due 26 BID to improper access controls for certain CISCO URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.
CVE- 2019- 12280 MISC FULLDIS C PC-Doctor Toolbox before 7.3 has an 2019-06- dell -- supportassist_for_business_pcs 6.8 CONFIR Uncontrolled Search Path Element. 25 M BID MISC MISC MISC MISC
FasterXML jackson-databind 2.x before CVE- 2.9.9 might allow attackers to have a 2019-06- 2019- fasterxml -- jackson-databind 4.3 variety of impacts by leveraging failure to 24 12384 block the logback-core class from MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
polymorphic deserialization. Depending MISC on the classpath content, remote code CONFIR execution may be possible. M
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index CVE- number is larger than the charset array 2019-06- 2019- glyphandcog -- xpdfreader bounds. It can, for example, be triggered 6.8 24 12957 by sending a crafted PDF document to MISC the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in CVE- FoFiType1C::convertToType0 in 2019-06- 2019- glyphandcog -- xpdfreader fofi/FoFiType1C.cc when it is trying to 4.3 24 12958 access the second privateDicts array MISC element, because the privateDicts array has only one element allocated. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
An issue was discovered in the Binary File Descriptor (BFD) library (aka CVE- libbfd), as distributed in GNU Binutils 2019- 2.32. There is a heap-based buffer over- 2019-06- 12972 gnu -- binutils 4.3 read in _bfd_doprnt in bfd.c because 26 BID elf_object_p in elfcode.h mishandles an MISC e_shstrndx section of type SHT_GROUP MISC by omitting a trailing '\0' character.
Insufficient data validation in V8 in CVE- Google Chrome prior to 56.0.2924.76 2019-06- 2017-5028 google -- chrome 4.3 allowed a remote attacker to leak cross- 27 MISC origin data via a crafted HTML page. MISC
Insufficient data validation in Extensions API in Google Chrome prior to CVE- 68.0.3440.75 allowed an attacker who 2018- 2019-06- google -- chrome convinced a user to install a malicious 4.3 16064 27 extension to bypass navigation MISC restrictions via a crafted Chrome MISC Extension.
Unintended floating-point error 2019-06- CVE- google -- chrome 4.3 accumulation in SwiftShader in Google 27 2018- CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
Chrome prior to 69.0.3497.81 allowed a 16069 remote attacker to leak cross-origin data MISC via a crafted HTML page. MISC
Insufficient data validation in filesystem CVE- URIs in Google Chrome prior to 2018- 2019-06- google -- chrome 68.0.3440.75 allowed a remote attacker to 4.3 17460 27 spoof the contents of the Omnibox (URL MISC bar) via a crafted domain name. MISC
Incorrect array position calculations in CVE- V8 in Google Chrome prior to 2018- 2019-06- google -- chrome 70.0.3538.102 allowed a remote attacker 6.8 17478 27 to potentially exploit object corruption MISC via a crafted HTML page. MISC
Incorrect object lifetime calculations in CVE- GPU code in Google Chrome prior to 2018- 2019-06- google -- chrome 70.0.3538.110 allowed a remote attacker 6.8 17479 27 to potentially exploit heap corruption via MISC a crafted HTML page. MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
A double-eviction in the Incognito mode cache that lead to a user-after-free in CVE- cache in Google Chrome prior to 2019-06- 2018-6118 google -- chrome 66.0.3359.139 allowed a remote attacker 6.8 27 MISC who had compromised the renderer MISC process to execute arbitrary code via a crafted HTML page.
Object lifecycle issue in WebAssembly in CVE- Google Chrome prior to 67.0.3396.62 2019-06- 2018-6131 google -- chrome allowed a remote attacker to potentially 6.8 27 MISC exploit heap corruption via a crafted MISC HTML page.
Uninitialized data in WebRTC in Google CVE- Chrome prior to 67.0.3396.62 allowed a 2019-06- 2018-6132 google -- chrome remote attacker to obtain potentially 4.3 27 MISC sensitive information from process MISC memory via a crafted video file.
Information leak in Blink in Google CVE- Chrome prior to 67.0.3396.62 allowed a 2019-06- 2018-6134 google -- chrome 4.3 remote attacker to bypass no-referrer 27 MISC policy via a crafted HTML page. MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
Missing type check in V8 in Google CVE- Chrome prior to 67.0.3396.62 allowed a 2019-06- 2018-6136 google -- chrome remote attacker to perform an out of 4.3 27 MISC bounds memory read via a crafted HTML MISC page.
Insufficient policy enforcement in Extensions API in Google Chrome prior CVE- to 67.0.3396.62 allowed an attacker who 2019-06- 2018-6138 google -- chrome convinced a user to install a malicious 5.8 27 MISC extension to bypass navigation MISC restrictions via a crafted Chrome Extension.
Array bounds check failure in V8 in CVE- Google Chrome prior to 67.0.3396.62 2019-06- 2018-6142 google -- chrome allowed a remote attacker to perform an 4.3 27 MISC out of bounds memory read via a crafted MISC PDF file.
CVE- Insufficient data validation in WebGL in 2019-06- 2018-6154 google -- chrome Google Chrome prior to 68.0.3440.75 6.8 27 MISC allowed a remote attacker to potentially MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
exploit heap corruption via a crafted HTML page.
Incorect derivation of a packet length in CVE- WebRTC in Google Chrome prior to 2019-06- 2018-6156 google -- chrome 68.0.3440.75 allowed a remote attacker to 6.8 27 MISC potentially exploit heap corruption via a MISC crafted video file.
Insufficient policy enforcement in Blink CVE- in Google Chrome prior to 68.0.3440.75 2019-06- 2018-6161 google -- chrome 6.8 allowed a remote attacker to bypass same 27 MISC origin policy via a crafted HTML page. MISC
Information leak in media engine in Google Chrome prior to 68.0.3440.75 CVE- allowed a remote attacker to obtain 2019-06- 2018-6168 google -- chrome 4.3 potentially sensitive information from 27 MISC process memory via a crafted HTML MISC page.
Insufficient file type enforcement in 2019-06- CVE- google -- chrome 4.6 Extensions API in Google Chrome prior 27 2018-6176 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
to 68.0.3440.75 allowed a remote attacker MISC who had compromised the renderer MISC process to perform privilege escalation via a crafted Chrome Extension.
Information leak in media engine in CVE- Google Chrome prior to 68.0.3440.75 2019-06- 2018-6177 google -- chrome 4.3 allowed a remote attacker to leak cross- 27 MISC origin data via a crafted HTML page. MISC
CVE- Use after free in Blink in Google Chrome 2019-5808 prior to 74.0.3729.108 allowed a remote 2019-06- SUSE google -- chrome 6.8 attacker to potentially exploit heap 27 MISC corruption via a crafted HTML page. MISC FEDORA
CVE- Use after free in file chooser in Google 2019-5809 Chrome prior to 74.0.3729.108 allowed a 2019-06- SUSE google -- chrome remote attacker who had compromised 6.8 27 MISC the renderer process to perform privilege MISC escalation via a crafted HTML page. FEDORA CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
CVE- Information leak in autofill in Google 2019-5810 Chrome prior to 74.0.3729.108 allowed a 2019-06- SUSE google -- chrome remote attacker to obtain potentially 4.3 27 MISC sensitive information from process MISC memory via a crafted HTML page. FEDORA
CVE- Use after free in V8 in Google Chrome 2019-5813 prior to 74.0.3729.108 allowed a remote 2019-06- SUSE google -- chrome 6.8 attacker to potentially exploit heap 27 MISC corruption via a crafted HTML page. MISC FEDORA
CVE- Incorrect security UI in popup blocker in 2019-5840 Google Chrome on iOS prior to 2019-06- SUSE google -- chrome 75.0.3770.80 allowed a remote attacker to 4.3 27 MISC bypass navigation restrictions via a MISC crafted HTML page. FEDORA
IBM API Connect 5.0.0.0 through 5.0.8.6 CVE- 2019-06- ibm -- api_connect is vulnerable to cross-site request forgery 6.8 2018-1858 25 which could allow an attacker to execute CONFIR CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
malicious and unauthorized actions M transmitted from a user that the website BID trusts. IBM X-Force ID: 151256. XF
IBM API Connect 2018.1 through CVE- 2018.4.1.5 could allow an attacker to 2018-2011 obtain sensitive information from a 2019-06- BID ibm -- api_connect 5.0 specially crafted HTTP request that could 25 XF aid an attacker in further attacks against CONFIR the system. IBM X-Force ID: 155150. M
CVE- IBM API Connect 2018.1 through 2018-2013 2018.4.1.5 could disclose sensitive 2019-06- BID ibm -- api_connect information to an unauthorized user that 5.0 25 XF could aid in further attacks against the CONFIR system. IBM X-Force ID: 155193. M
IBM API Connect 5.0.0.0 through 5.0.8.6 CVE- could allow an unauthorized user to 2019-4382 obtain sensitive information about the 2019-06- BID ibm -- api_connect 5.0 system users using specially crafted 25 XF HTTP requests. IBM X-Force ID: CONFIR 162162. M CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL CVE- injection. A remote attacker could send 2019-4224 2019-06- ibm -- pureapplication_system specially-crafted SQL statements, which 6.5 XF 26 could allow the attacker to view, add, CONFIR modify or delete information in the back- M end database. IBM X-Force ID: 159240.
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the CVE- implementation of locking feature in 2019-4234 2019-06- ibm -- pureapplication_system pattern editor. An attacker by intercepting 4.0 XF 26 the subsequent requests can bypass CONFIR business logic to modify the pattern to M unlocked state. IBM X-Force ID: 159416.
IBM PureApplication System 2.2.3.0 CVE- through 2.2.5.3 does not require that 2019-4235 users should have strong passwords by 2019-06- ibm -- pureapplication_system 5.0 XF default, which makes it easier for 26 CONFIR attackers to compromise user accounts. M IBM X-Force ID: 159417. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
IBM PureApplication System 2.2.3.0 CVE- through 2.2.5.3 could allow an 2019-4241 authenticated user with local access to 2019-06- ibm -- pureapplication_system 4.6 XF bypass authentication and obtain 26 CONFIR administrative access. IBM X-Force ID: M 159467.
IBM Rational Collaborative Lifecycle CVE- Management 6.0 through 6.0.6.1 ibm -- 2018-1734 discloses sensitive information in error 2019-06- rational_collaborative_lifecycle_manage 4.0 CONFIR messages that may be used by a 27 ment M malicious user to orchestrate further XF attacks. IBM X-Force ID: 147838.
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle CVE- Management 6.0 through 6.0.6.1) could ibm -- 2019-4084 allow an authenticated user to obtain 2019-06- rational_collaborative_lifecycle_manage 4.0 CONFIR sensitive information from CLM 27 ment M Applications that could be used in further XF attacks against the system. IBM X-Force ID: 157384. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could CVE- allow a remote attacker to traverse ibm -- 2019-4252 directories on the system. An attacker 2019-06- rational_collaborative_lifecycle_manage 5.0 CONFIR could send a specially-crafted URL 27 ment M request containing "dot dot" sequences XF (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
IBM Security Access Manager 9.0.1 CVE- through 9.0.6 is affected by a security 2019-4135 2019-06- ibm -- security_access_manager vulnerability that could allow 6.5 XF 25 authenticated users to impersonate other CONFIR users. IBM X-Force ID: 158331. M
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or CVE- incorrectly validates, a certificate which 2019-4150 2019-06- ibm -- security_access_manager could allow an attacker to spoof a trusted 4.3 XF 25 entity by using a man-in-the-middle CONFIR (MITM) attack. IBM X-Force ID: M 158510. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
IBM Security Access Manager 9.0.1 CVE- through 9.0.6 uses weaker than expected 2019-4151 2019-06- ibm -- security_access_manager cryptographic algorithms that could allow 4.3 XF 25 an attacker to decrypt highly sensitive CONFIR information. IBM X-Force ID: 158512. M
IBM Security Access Manager 9.0.1 CVE- through 9.0.6 uses weaker than expected 2019-4156 2019-06- ibm -- security_access_manager cryptographic algorithms that could allow 4.3 XF 25 an attacker to decrypt highly sensitive CONFIR information. IBM X-Force ID: 158572. M
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site CVE- scripting. This vulnerability allows users 2019-4157 to embed arbitrary JavaScript code in the 2019-06- ibm -- security_access_manager 4.3 XF Web UI thus altering the intended 25 CONFIR functionality potentially leading to M credentials disclosure within a trusted session. IBM X-Force ID: 158573.
IBM Security Access Manager 9.0.1 CVE- 2019-06- ibm -- security_access_manager through 9.0.6 does not prove that a user's 5.5 2019-4158 25 identity is correct which can lead to the XF CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
exposure of resources or functionality to CONFIR unintended actors. IBM X-Force ID: M 158574.
CVE- IBM Sterling B2B Integrator 6.0.0.0 and 2019-4377 6.0.0.1 reveals sensitive information from 2019-06- BID ibm -- sterling_b2b_integrator a stack trace that could be used in further 4.0 25 XF attacks against the system. IBM X-Force CONFIR ID: 162803. M
A NULL pointer dereference in the function ReadPANGOImage in CVE- coders/pango.c and the function 2019- 2019-06- imagemagick -- imagemagick ReadVIDImage in coders/vid.c in 4.3 12974 26 ImageMagick 7.0.8-34 allows remote BID attackers to cause a denial of service via a MISC crafted image.
CVE- ImageMagick 7.0.8-34 has a memory 2019- 2019-06- imagemagick -- imagemagick leak vulnerability in the WriteDPXImage 4.3 12975 26 function in coders/dpx.c. BID MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
CVE- ImageMagick 7.0.8-34 has a memory 2019- 2019-06- imagemagick -- imagemagick leak in the ReadPCLImage function in 4.3 12976 26 coders/pcl.c. BID MISC
CVE- ImageMagick 7.0.8-34 has a "use of 2019- 2019-06- imagemagick -- imagemagick uninitialized value" vulnerability in the 6.8 12977 26 WriteJP2Image function in coders/jp2.c. BID MISC
CVE- ImageMagick 7.0.8-34 has a "use of 2019- uninitialized value" vulnerability in the 2019-06- imagemagick -- imagemagick 6.8 12978 ReadPANGOImage function in 26 BID coders/pango.c. MISC
ImageMagick 7.0.8-34 has a "use of CVE- uninitialized value" vulnerability in the 2019- 2019-06- imagemagick -- imagemagick SyncImageSettings function in 6.8 12979 26 MagickCore/image.c. This is related to BID AcquireImage in magick/image.c. MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
A denial of service vulnerability was CVE- reported in Lenovo System Update before 2019-06- 2019-6163 lenovo -- system_update version 5.07.0084 that could allow log 5.0 26 CONFIR files to be written to non-standard M locations.
A NULL pointer dereference vulnerability in the function CVE- nfc_genl_deactivate_target() in 2019- net/nfc/netlink.c in the Linux kernel 2019-06- 12984 linux -- linux_kernel 4.3 before 5.1.13 can be triggered by a 26 BID malicious user-mode program that omits MISC certain NFC attributes, leading to denial MISC of service.
CVE- LiveZilla Server before 8.0.1.1 is 2019-06- 2019- livezilla -- livezilla vulnerable to CSV Injection in the Export 6.8 25 12961 Function. MISC
CVE- LiveZilla Server before 8.0.1.1 is 2019-06- 2019- livezilla -- livezilla vulnerable to XSS in mobile/index.php 4.3 25 12962 via the Accept-Language HTTP header. MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
CVE- LiveZilla Server before 8.0.1.1 is 2019-06- 2019- livezilla -- livezilla vulnerable to XSS in the chat.php Create 4.3 25 12963 Ticket Action. MISC
CVE- LiveZilla Server before 8.0.1.1 is 2019-06- 2019- livezilla -- livezilla vulnerable to XSS in the ticket.php 4.3 25 12964 Subject. MISC
CVE- A flaw was found in Moodle before 3.7, 2019- 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to 10133 2019-06- moodle -- moodle upload cohorts contained a redirect field, 5.8 CONFIR 26 which was not restricted to internal M URLs. CONFIR M
A flaw was found in Moodle before 3.7, CVE- 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of 2019- 2019-06- moodle -- moodle users' private file uploads via email were 4.3 10134 26 not correctly checked, so their quota CONFIR allowance could be exceeded. M CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
CONFIR M
CVE- 2019- A flaw was found in Moodle before 10154 versions 3.7, 3.6.4. A web service 2019-06- moodle -- moodle 5.0 CONFIR fetching messages was not restricted to 26 M the current user's conversations. CONFIR M
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage CVE- XSS to upload arbitrary executable code, 2019-06- 2019- netgate -- pfsense 4.3 via diag_command.php and 25 12949 rrd_fetch_json.php (timePeriod MISC parameter), to a server. Then, the remote attacker can run any command with root privileges on that server.
A potential XSS exists in Self Service 2019-06- CVE- netiq -- self_service_password_reset 4.3 Password Reset, in Micro Focus NetIQ 24 2019- CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
Software all versions prior to version 4.4. 11647 The vulnerability could be exploited to CONFIR enable an XSS attack. M
An information leakage exists in Micro CVE- Focus NetIQ Self Service Password Reset 2019- 2019-06- netiq -- self_service_password_reset Software all versions prior to version 4.4. 5.0 11648 24 The vulnerability could be exploited to CONFIR expose sensitive information. M
Division-by-zero vulnerabilities in the CVE- functions pi_next_pcrl, pi_next_cprl, and 2018- pi_next_rpcl in openmj2/pi.c in 2019-06- openjpeg -- openjpeg 4.3 20845 OpenJPEG through 2.3.0 allow remote 26 BID attackers to cause a denial of service MISC (application crash).
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, CVE- pi_next_pcrl, pi_next_rpcl, and 2018- 2019-06- openjpeg -- openjpeg pi_next_cprl in openmj2/pi.c in 4.3 20846 26 OpenJPEG through 2.3.0 allow remote BID attackers to cause a denial of service MISC (application crash). CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
CVE- An improper computation of p_tx0, 2018- p_tx1, p_ty0 and p_ty1 in the function 20847 2019-06- openjpeg -- openjpeg opj_get_encoding_parameters in 6.8 BID 26 openjp2/pi.c in OpenJPEG through 2.3.0 MISC can lead to an integer overflow. MISC MISC
In OpenJPEG 2.3.1, there is excessive CVE- iteration in the opj_t1_encode_cblks 2019- function of openjp2/t1.c. Remote 2019-06- 12973 openjpeg -- openjpeg attackers could leverage this vulnerability 4.3 26 BID to cause a denial of service via a crafted MISC bmp file. This issue is similar to CVE- MISC 2018-6616.
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ CVE- through 1.86. A manipulated PC Worx or 2019- phoenixcontact -- 2019-06- Config+ project file could lead to an Out- 6.8 12869 automationworx_software_suite 24 Of-Bounds Read, Information Disclosure, MISC and remote code execution. The attacker MISC needs to get access to an original PC Worx or Config+ project file to be able to CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an CVE- Uninitialized Pointer and remote code 2019- phoenixcontact -- 2019-06- execution. The attacker needs to get 6.8 12870 automationworx_software_suite 24 access to an original PC Worx or Config+ MISC project file to be able to manipulate it. MISC After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
An issue was discovered in PHOENIX CVE- CONTACT PC Worx through 1.86, PC 2019- phoenixcontact -- Worx Express through 1.86, and Config+ 2019-06- 6.8 12871 automationworx_software_suite through 1.86. A manipulated PC Worx or 24 MISC Config+ project file could lead to a Use- MISC After-Free and remote code execution. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVE- 2019- 12935 Shopware before 5.5.8 has XSS via the 2019-06- MISC shopware -- shopware Query String to the backend/Login or 4.3 23 FULLDIS backend/Login/load/ URI. C MISC MISC
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS CVE- vulnerability due to improper validation 2019-3961 2019-06- tenable -- nessus of user-supplied input. An 4.3 BID 25 unauthenticated, remote attacker could CONFIR potentially exploit this vulnerability via a M specially crafted request to execute CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
arbitrary script code in a users browser session.
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of CVE- any user once one is connected. One can 2019-06- 2019- ultimatemember -- ultimate_member 4.0 also modify the profiles and cover 24 10271 pictures of privileged users. To perform MISC such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.
CVE- A reflective Cross-site scripting (XSS) 2019- vulnerability in the free_time_failed.cgi 12581 CGI program in selected Zyxel ZyWall, 2019-06- MISC zyxel -- uag2100_firmware 4.3 USG, and UAG devices allows remote 27 MISC attackers to inject arbitrary web script or CONFIR HTML via the err_msg parameter. M MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e
Missing Access Control in the "Free Time" component of several Zyxel UAG, CVE- USG, and ZyWall devices allows a 2019- remote attacker to generate guest 2019-06- 12583 zyxel -- uag2100_firmware 6.4 accounts by directly accessing the 27 MISC account generator. This can lead to CONFIR unauthorised network access or Denial of M Service.
Low Vulnerabilities
Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
Use of extended attributes in CVE-2018- downloads in Google Chrome prior 2019-06- 20073 google -- chrome to 72.0.3626.81 allowed a local 2.1 27 MISC attacker to read download URLs via MISC the filesystem. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores CVE-2019- potentially sensitive information in 2019-06- 4225 ibm -- pureapplication_system 2.1 log files that could be read by a 26 XF local user. IBM X-Force ID: CONFIRM 159242.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- ibm -- users to embed arbitrary JavaScript 2019-06- 1758 3.5 rational_collaborative_lifecycle_management code in the Web UI thus altering 27 CONFIRM the intended functionality XF potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site CVE-2018- ibm -- scripting. This vulnerability allows 2019-06- 1760 3.5 rational_collaborative_lifecycle_management users to embed arbitrary JavaScript 27 CONFIRM code in the Web UI thus altering XF the intended functionality potentially leading to credentials Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
disclosure within a trusted session. IBM X-Force ID: 148614.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- ibm -- users to embed arbitrary JavaScript 2019-06- 1826 3.5 rational_collaborative_lifecycle_management code in the Web UI thus altering 27 CONFIRM the intended functionality XF potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- ibm -- users to embed arbitrary JavaScript 2019-06- 1827 3.5 rational_collaborative_lifecycle_management code in the Web UI thus altering 27 CONFIRM the intended functionality XF potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- ibm -- users to embed arbitrary JavaScript 2019-06- 1828 3.5 rational_collaborative_lifecycle_management code in the Web UI thus altering 27 CONFIRM the intended functionality XF potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- ibm -- users to embed arbitrary JavaScript 2019-06- 1892 3.5 rational_collaborative_lifecycle_management code in the Web UI thus altering 27 CONFIRM the intended functionality XF potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
IBM Rational Collaborative CVE-2018- Lifecycle Management 6.0 through ibm -- 2019-06- 1893 6.0.6.1 is vulnerable to cross-site 3.5 rational_collaborative_lifecycle_management 27 CONFIRM scripting. This vulnerability allows XF users to embed arbitrary JavaScript Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site CVE-2019- scripting. This vulnerability allows ibm -- 2019-06- 4083 users to embed arbitrary JavaScript 3.5 rational_collaborative_lifecycle_management 27 CONFIRM code in the Web UI thus altering XF the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site CVE-2019- ibm -- scripting. This vulnerability allows 2019-06- 4249 3.5 rational_collaborative_lifecycle_management users to embed arbitrary JavaScript 27 CONFIRM code in the Web UI thus altering XF the intended functionality potentially leading to credentials Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
disclosure within a trusted session. IBM X-Force ID: 159647.
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site CVE-2019- scripting. This vulnerability allows ibm -- 2019-06- 4250 users to embed arbitrary JavaScript 3.5 rational_collaborative_lifecycle_management 27 CONFIRM code in the Web UI thus altering XF the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal CVE-2019- highly sensitive in specialized 2019-06- 4145 ibm -- security_access_manager conditions to a local user which 3.6 25 XF could be used in further attacks CONFIRM against the system. IBM X-Force ID: 158400.
IBM Security Access Manager 2019-06- CVE-2019- ibm -- security_access_manager 9.0.1 through 9.0.6 does not 3.6 25 4152 invalidate session tokens in a timely Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
manner. The lack of proper session XF expiration may allow attackers with CONFIRM local access to login into a closed browser session. IBM X-Force ID: 158515.
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a CVE-2019- remote attacker could exploit this 2019-06- 4153 ibm -- security_access_manager vulnerability to spoof the URL 3.5 25 XF displayed to redirect a user to a CONFIRM malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
VVX products using UCS software CVE-2019- version 5.9.2 and earlier with Better polycom -- 2019-06- 10689 Together over Ethernet Connector 3.3 better_together_over_ethernet_connector 24 BID (BToE) application version 3.9.1 CONFIRM and earlier provides insufficient Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username CVE-2019- 2019-06- quadbase -- espressreport_es to an XSS payload. The stored 3.5 9957 24 payload can then be triggered by MISC accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such as CSRF must be exploited first.
A stored cross-site scripting (XSS) CVE-2019- vulnerability was found in the PDF 2019-06- redhat -- cloudforms_management_engine 3.5 10177 export component of CloudForms, 27 CONFIRM versions 5.9 and 5.10, due to user Primary CVSS Source & Description Published Vendor -- Product Score Patch Info
input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti- CSRF token of higher privileged users.
Severity Not Yet Assigned
Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
The ABB CP635 HMI uses two different CVE- transmission methods to upgrade its firmware 2019- and its software components: "Utilization of 7229 USB/SD Card to flash the device" and not yet abb -- cp635_hmi 2019- MISC "Remote provisioning process via ABB Panel calcula 06-24 MISC Builder 600 over FTP." Neither of these ted CONFI transmission methods implements any form of RM encryption or authenticity checks against the CONFI new firmware HMI software binary files. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
RM MISC
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the CVE- HMI. These credentials are the idal123 2019- password for the IdalMaster account, and the 7225 not yet abb -- hmi_components exor password for the exor account. These 2019- MISC calcula credentials are used over both HTTP(S) and 06-27 FULLDI ted FTP. There is no option to disable or change SC these undocumented credentials. An attacker BID can use these credentials to login to ABB HMI MISC to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
The ABB IDAL FTP server is vulnerable to a CVE- not yet abb -- idal_ftp_server buffer overflow when a long string is sent by 2019- 2019- calcula an authenticated attacker. This overflow is 06-24 7231 ted handled, but terminates the process. An MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
authenticated attacker can send a FTP FULLDI command string of 472 bytes or more to SC overflow a buffer, causing an exception that BID terminates the server. CONFI RM MISC
CVE- 2019- The ABB IDAL FTP server mishandles format 7230 strings in a username during the authentication not yet MISC abb -- idal_ftp_server process. Attempting to authenticate with the 2019- calcula MISC username %s%p%x%d will crash the server. 06-24 ted BID Sending %08x.AAAA.%08x.%08x will log CONFI memory content from the stack. RM MISC
In the ABB IDAL FTP server, an authenticated CVE- attacker can traverse to arbitrary directories on 2019- the hard disk with "CWD ../" and then use the 7227 not yet abb -- idal_ftp_server FTP server functionality to download and 2019- MISC calcula upload files. An unauthenticated attacker can 06-27 FULLDI ted take advantage of the hardcoded or default SC credential pair exor/exor to become an BID authenticated attacker. CONFI Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
RM MISC
CVE- 2019- The ABB IDAL HTTP server mishandles 7228 format strings in a username or cookie during MISC the authentication process. Attempting to not yet 2019- FULLDI abb -- idal_http_server authenticate with the username calcula 06-27 SC %25s%25p%25x%25n will crash the server. ted BID Sending %08x.AAAA.%08x.%08x will log CONFI memory content from the stack. RM MISC
The ABB IDAL HTTP server is vulnerable to CVE- a buffer overflow when a long Host header is 2019- sent in a web request. The Host header value 7232 overflows a buffer and overwrites a Structured not yet MISC abb -- idal_http_server Exception Handler (SEH) address. An 2019- calcula MISC unauthenticated attacker can submit a Host 06-24 ted BID header value of 2047 bytes or more to CONFI overflow the buffer and overwrite the SEH RM address, which can then be leveraged to MISC execute attacker-controlled code on the server. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, CVE- /cgi/loginDefaultUser creates a session in an 2019- authenticated state and returns the session ID 7226 along with what may be the username and not yet abb -- idal_http_server 2019- MISC cleartext password of the user. An attacker can calcula 06-27 FULLDI then supply an IDALToken value in a cookie, ted SC which will allow them to perform privileged BID operations such as restarting the service with MISC /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897 a145c admin admin" or a similar response.
An issue was discovered in the Quantenna CVE- WiFi Controller on Telus Actiontec 2018- WEB6000Q v1.1.02.22 devices. An attacker not yet actiontec -- web6000q_devices 2019- 15557 can statically set his/her IP to anything on the calcula 06-27 MISC 169.254.1.0/24 subnet, and obtain root access ted FULLDI by connecting to 169.254.1.2 port 23 with SC telnet/netcat. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
The Quantenna WiFi Controller on Telus CVE- Actiontec WEB6000Q v1.1.02.22 allows login not yet 2018- actiontec -- web6000q_devices 2019- with root level access with the user "root" and calcula 15556 06-27 an empty password by using the enabled ted MISC onboard UART headers. MISC
CVE- On Telus Actiontec WEB6000Q v1.1.02.22 2018- devices, an attacker can login with root level not yet actiontec -- web6000q_devices 2019- 15555 access with the user "root" and password calcula 06-28 MISC "admin" by using the enabled onboard UART ted FULLDI headers. SC
CVE- Secure Encrypted Virtualization (SEV) on 2019- Advanced Micro Devices (AMD) Platform advanced_micro_devices -- not yet 9836 Security Processor (PSP; aka AMD Secure 2019- platform_security_processor calcula MISC Processor or AMD-SP) 0.17 build 11 and 06-25 ted MISC earlier has an insecure cryptographic CONFI implementation. RM
In WebAccess/SCADA, Versions 8.3.5 and CVE- not yet advantech -- webaccess/scada prior, a path traversal vulnerability is caused 2019- 2019- calcula by a lack of proper validation of a user- 06-28 10985 ted supplied path prior to use in file operations. An MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
attacker can leverage this vulnerability to delete files while posing as an administrator.
In WebAccess/SCADA Versions 8.3.5 and CVE- prior, an out-of-bounds read vulnerability is not yet advantech -- webaccess/scada 2019- 2019- caused by a lack of proper validation of user- calcula 06-28 10983 supplied data. Exploitation of this vulnerability ted MISC may allow disclosure of information.
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow CVE- vulnerabilities are caused by a lack of proper not yet advantech -- webaccess/scada 2019- 2019- validation of the length of user-supplied data. calcula 06-28 10989 Exploitation of these vulnerabilities may allow ted MISC remote code execution. Note: A different vulnerability than CVE-2019-10991.
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write CVE- not yet advantech -- webaccess/scada vulnerabilities are caused by a lack of proper 2019- 2019- calcula validation of the length of user-supplied data. 06-28 10987 ted Exploitation of these vulnerabilities may allow MISC remote code execution. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
In WebAccess/SCADA Versions 8.3.5 and CVE- not yet advantech -- webaccess/scada prior, multiple untrusted pointer dereference 2019- 2019- calcula vulnerabilities may allow a remote attacker to 06-28 10993 ted execute arbitrary code. MISC
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow CVE- not yet advantech -- webaccess/scada vulnerabilities are caused by a lack of proper 2019- 2019- calcula validation of the length of user-supplied data. 06-28 10991 ted Exploitation of these vulnerabilities may allow MISC remote code execution.
CVE- The ASUS HiVivo application before 5.6.27 not yet asus -- hivivo_application 2019- 2017- for ASUS Watch has Missing SSL Certificate calcula 06-24 17945 Validation. ted MISC
CVE- BlueStacks App Player 2, 3, and 4 before 4.90 not yet 2019- bluestacks -- app_player 2019- allows DNS Rebinding for attacks on exposed calcula 12936 06-23 IPC functions. ted MISC MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is CVE- couchbase -- affected by a previously undisclosed N1QL- 2019- not yet couchbase_sync_gateway_and_couchb injection vulnerability in the REST API. An 2019- 9039 calcula ase_server attacker with access to the public REST API 06-26 CONFI ted can insert additional N1QL statements through RM the parameters ?startkey? and ?endkey? of the MISC ?_all_docs? endpoint.
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle CVE- plugin), the XML parser would resolve 2019- external entities over both HTTP and HTTPS not yet 9843 diffplug -- spotless 2019- and didn't respect the resolveExternalEntities calcula MISC 06-28 setting. For example, this allows disclosure of ted MISC file contents to a MITM attacker if a victim MISC performs a spotlessApply operation on an MISC untrusted XML file.
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service CVE- (invoice-creation outage) via the n_file not yet 2019- digitaldruid -- hoteldruid 2019- parameter to visualizza_contratto.php with calcula 9085 06-24 invalid arguments (any non-numeric value), as ted MISC demonstrated by the MISC anno=2019&id_transazione=1&numero_contr Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
atto=1&n_file=a query string to visualizza_contratto.php.
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 CVE- and 1.2. Affected plugin versions did not 2019- discard IP packets with an unnaturally long not yet 12968 doomseeker -- doomseeker 2019- response length from a Sonic Robo Blast 2 calcula MISC 06-26 master server, allowing a remote attacker to ted MISC cause a potential crash / denial of service in MISC Doomseeker. The issue has been remediated in MISC the Doomseeker 1.3 release with source code patches to the SRB2 plugin.
HHVM, when used with FastCGI, would bind by default to all available interfaces. This CVE- behavior could allow a malicious individual not yet 2019- facebook_open_source -- hhvm unintended direct access to the application, 2019- calcula 3569 which could result in information disclosure. 06-26 ted MISC This issue affects versions 4.3.0, 4.4.0, 4.5.0, MISC 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
FeHelper through 2019-06-19 allows arbitrary CVE- not yet fehelper -- fehelper code execution during a JSON format 2019- 2019- calcula operation, as demonstrated by the 06-26 12966 ted {"a":(function(){confirm(1)})()} input. MISC
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or CVE- not yet flightcrew -- flightcrew GetRelativePathsToXhtmlDocuments() when a 2019- 2019- calcula NULL pointer is passed to 06-28 13032 ted xc::XMLUri::isValidURI(). This affects third- MISC party software (not Sigil) that uses FlightCrew as a library.
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents CVE- (kfsb->dir, NULL, NULL) and files using 2019- g_file_replace_contents (kfsb->file, contents, not yet gnome -- glib 2019- 13012 length, NULL, FALSE, calcula 06-28 MISC G_FILE_CREATE_REPLACE_DESTINATI ted MISC ON, NULL, NULL, NULL). Consequently, it MISC does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
permissions are used. This is similar to CVE- 2019-12450.
CVE- Incorrect convexity calculations in Skia in not yet 2019- Google Chrome prior to 72.0.3626.81 allowed 2019- google -- chrome calcula 5785 a remote attacker to perform an out of bounds 06-27 ted MISC memory write via a crafted HTML page. MISC
CVE- 2019- Integer overflow in download manager in 5829 Google Chrome prior to 75.0.3770.80 allowed not yet google -- chrome 2019- SUSE a remote attacker to potentially perform out of calcula 06-27 MISC bounds memory access via a crafted HTML ted MISC page. FEDOR A
CVE- Insufficient file type enforcement in Blink in not yet 2018- google -- chrome Google Chrome prior to 69.0.3497.81 allowed 2019- calcula 16075 a remote attacker to obtain local file data via a 06-27 ted MISC crafted HTML page. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- Type confusion in WebRTC in Google not yet 2018- google -- chrome Chrome prior to 68.0.3440.75 allowed a 2019- calcula 6157 remote attacker to potentially exploit heap 06-27 ted MISC corruption via a crafted video file. MISC
Insufficient policy enforcement in CVE- ServiceWorker in Google Chrome prior to not yet 2018- google -- chrome 2019- 68.0.3440.75 allowed a remote attacker to calcula 6159 06-27 obtain potentially sensitive information from ted MISC process memory via a crafted HTML page. MISC
CVE- Type confusion in JavaScript in Google not yet 2018- google -- chrome Chrome prior to 67.0.3396.87 allowed a 2019- calcula 6149 remote attacker to perform an out of bounds 06-27 ted MISC memory write via a crafted HTML page. MISC
CVE- Incorrect implementation in Content Security not yet 2018- google -- chrome Policy in Google Chrome prior to 67.0.3396.79 2019- calcula 6148 allowed a remote attacker to bypass navigation 06-27 ted MISC restrictions via a crafted HTML page. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- Insufficient data validation in HTML parser in not yet 2018- google -- chrome Google Chrome prior to 67.0.3396.62 allowed 2019- calcula 6145 a remote attacker to bypass same origin policy 06-27 ted MISC via a crafted HTML page. MISC
Use after free in Bluetooth in Google Chrome CVE- prior to 68.0.3440.75 allowed an attacker who not yet 2018- google -- chrome convinced a user to install a malicious 2019- calcula 6171 extension to obtain potentially sensitive 06-27 ted MISC information from process memory via a crafted MISC Chrome Extension.
Incorrect handling of object lifetimes in CVE- WebRTC in Google Chrome prior to not yet 2018- google -- chrome 2019- 67.0.3396.62 allowed a remote attacker to calcula 6130 06-27 potentially perform out of bounds memory ted MISC access via a crafted HTML page. MISC
CVE- Object lifecycle issue in Blink in Google not yet 2018- google -- chrome Chrome prior to 69.0.3497.81 allowed a 2019- calcula 16077 remote attacker to bypass content security 06-27 ted MISC policy via a crafted HTML page. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Object lifecycle issue in ServiceWorker in 5828 Google Chrome prior to 75.0.3770.80 allowed not yet google -- chrome 2019- SUSE a remote attacker to potentially perform out of calcula 06-27 MISC bounds memory access via a crafted HTML ted MISC page. FEDOR A
Object lifetime issue in Blink in Google CVE- Chrome prior to 72.0.3626.121 allowed a not yet 2019- google -- chrome 2019- remote attacker to potentially perform out of calcula 5786 06-27 bounds memory access via a crafted HTML ted MISC page. MISC
CVE- Incorrect handling of CORS in ServiceWorker not yet 2018- google -- chrome in Google Chrome prior to 66.0.3359.117 2019- calcula 6150 allowed a remote attacker to leak cross-origin 06-27 ted MISC data via a crafted HTML page. MISC
Out of bounds array access in WebRTC in not yet CVE- google -- chrome 2019- Google Chrome prior to 67.0.3396.62 allowed calcula 2018- 06-27 a remote attacker to potentially perform out of ted 6129 Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
bounds memory access via a crafted HTML MISC page. MISC
CVE- Insufficient policy enforcement in site isolation not yet 2018- google -- chrome in Google Chrome prior to 69.0.3497.81 2019- calcula 16074 allowed a remote attacker to bypass site 06-27 ted MISC isolation via a crafted HTML page. MISC
CVE- 2019- Object lifecycle issue in V8 in Google Chrome 5831 not yet google -- chrome prior to 75.0.3770.80 allowed a remote 2019- SUSE calcula attacker to potentially exploit heap corruption 06-27 MISC ted via a crafted HTML page. MISC FEDOR A
CVE- Incorrect URL parsing in WebKit in Google not yet 2018- google -- chrome Chrome on iOS prior to 67.0.3396.62 allowed 2019- calcula 6128 a remote attacker to perform domain spoofing 06-27 ted MISC via a crafted HTML page. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- Insufficient validation of input in Blink in not yet 2018- google -- chrome Google Chrome prior to 66.0.3359.170 2019- calcula 6121 allowed a remote attacker to perform privilege 06-27 ted MISC escalation via a crafted HTML page. MISC
CVE- Integer overflows in Skia in Google Chrome not yet 2018- google -- chrome prior to 69.0.3497.81 allowed a remote 2019- calcula 16070 attacker to potentially exploit heap corruption 06-27 ted MISC via a crafted HTML page. MISC
Insufficient policy enforcement in extensions CVE- API in Google Chrome prior to 69.0.3497.81 not yet 2018- google -- chrome allowed an attacker who convinced a user to 2019- calcula 16086 install a malicious extension to bypass 06-27 ted MISC navigation restrictions via a crafted Chrome MISC Extension.
CVE- Incorrect handling of frames in the VP8 parser not yet 2018- google -- chrome in Google Chrome prior to 68.0.3440.75 2019- calcula 6155 allowed a remote attacker to potentially exploit 06-27 ted MISC heap corruption via a crafted video file. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Parameter passing error in media in Google 5824 not yet google -- chrome Chrome prior to 74.0.3729.131 allowed a 2019- SUSE calcula remote attacker to potentially exploit heap 06-27 MISC ted corruption via a crafted HTML page. MISC FEDOR A
CVE- Insufficient policy enforcement in site isolation not yet 2018- google -- chrome in Google Chrome prior to 69.0.3497.81 2019- calcula 16073 allowed a remote attacker to bypass site 06-27 ted MISC isolation via a crafted HTML page. MISC
CVE- Incorrect handling of deferred code in V8 in not yet 2019- google -- chrome Google Chrome prior to 72.0.3626.96 allowed 2019- calcula 5784 a remote attacker to potentially exploit heap 06-27 ted MISC corruption via a crafted HTML page. MISC
Integer overflow in PDFium in Google CVE- not yet google -- chrome Chrome prior to 74.0.3729.108 allowed a 2019- 2019- calcula remote attacker to potentially exploit heap 06-27 5820 ted corruption via a crafted PDF file. SUSE Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
MISC MISC FEDOR A
CVE- 2019- Resource size information leakage in Blink in 5837 not yet google -- chrome Google Chrome prior to 75.0.3770.80 allowed 2019- SUSE calcula a remote attacker to leak cross-origin data via a 06-27 MISC ted crafted HTML page. MISC FEDOR A
CVE- 2019- Insufficient data validation in developer tools 5819 in Google Chrome on OS X prior to not yet google -- chrome 2019- SUSE 74.0.3729.108 allowed a local attacker to calcula 06-27 MISC execute arbitrary code via a crafted string ted MISC copied to clipboard. FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Insufficient policy enforcement in 5832 not yet google -- chrome XMLHttpRequest in Google Chrome prior to 2019- SUSE calcula 75.0.3770.80 allowed a remote attacker to leak 06-27 MISC ted cross-origin data via a crafted HTML page. MISC FEDOR A
CVE- 2019- Use-after-free in PDFium in Google Chrome 5805 not yet google -- chrome prior to 74.0.3729.108 allowed a remote 2019- SUSE calcula attacker to potentially exploit heap corruption 06-27 MISC ted via a crafted PDF file. MISC FEDOR A
CVE- Insufficient policy enforcement in extensions 2019- API in Google Chrome prior to 75.0.3770.80 5838 not yet google -- chrome allowed an attacker who convinced a user to 2019- SUSE calcula install a malicious extension to bypass 06-27 MISC ted restrictions on file URIs via a crafted Chrome MISC Extension. FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Incorrect dialog box scoping in browser in 5833 Google Chrome on Android prior to not yet google -- chrome 2019- SUSE 75.0.3770.80 allowed a remote attacker to calcula 06-27 MISC display misleading security UI via a crafted ted MISC HTML page. FEDOR A
CVE- Insufficient policy enforcement in service 2019- workers in Google Chrome prior to not yet google -- chrome 2019- 5823 74.0.3729.108 allowed a remote attacker to calcula 06-27 SUSE bypass navigation restrictions via a crafted ted MISC HTML page. MISC
CVE- 2019- Insufficient data validation in Blink in Google 5834 not yet google -- chrome Chrome prior to 75.0.3770.80 allowed a 2019- SUSE calcula remote attacker to perform domain spoofing 06-27 MISC ted via a crafted HTML page. MISC FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Inappropriate implementation in Blink in 5822 not yet google -- chrome Google Chrome prior to 74.0.3729.108 2019- SUSE calcula allowed a remote attacker to bypass same 06-27 MISC ted origin policy via a crafted HTML page. MISC FEDOR A
CVE- 2019- Integer overflow in PDFium in Google 5821 not yet google -- chrome Chrome prior to 74.0.3729.108 allowed a 2019- SUSE calcula remote attacker to potentially exploit heap 06-27 MISC ted corruption via a crafted PDF file. MISC FEDOR A
CVE- 2019- Integer overflow in SQLite via WebSQL in 5827 not yet google -- chrome Google Chrome prior to 74.0.3729.131 2019- SUSE calcula allowed a remote attacker to potentially exploit 06-27 MISC ted heap corruption via a crafted HTML page. MISC FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Object lifecycle issue in SwiftShader in 5835 Google Chrome prior to 75.0.3770.80 allowed not yet google -- chrome 2019- SUSE a remote attacker to potentially perform out of calcula 06-27 MISC bounds memory access via a crafted HTML ted MISC page. FEDOR A
CVE- 2019- Integer overflow in ANGLE in Google 5806 not yet google -- chrome Chrome on Windows prior to 74.0.3729.108 2019- SUSE calcula allowed a remote attacker to potentially exploit 06-27 MISC ted heap corruption via a crafted HTML page. MISC FEDOR A
CVE- 2019- Insufficient policy enforcement in CORS in 5830 not yet google -- chrome Google Chrome prior to 75.0.3770.80 allowed 2019- SUSE calcula a remote attacker to leak cross-origin data via a 06-27 MISC ted crafted HTML page. MISC FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- Heap buffer overflow in ANGLE in Google 2019- not yet google -- chrome Chrome on Windows prior to 74.0.3729.108 2019- 5817 calcula allowed a remote attacker to potentially exploit 06-27 SUSE ted heap corruption via a crafted HTML page. MISC MISC
CVE- Process lifetime issue in Chrome in Google 2019- not yet google -- chrome Chrome on Android prior to 74.0.3729.108 2019- 5816 calcula allowed a remote attacker to potentially persist 06-27 SUSE ted an exploited process via a crafted HTML page. MISC MISC
CVE- 2019- Insufficient policy enforcement in Blink in 5814 not yet google -- chrome Google Chrome prior to 74.0.3729.108 2019- SUSE calcula allowed a remote attacker to leak cross-origin 06-27 MISC ted data via a crafted HTML page. MISC FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Excessive data validation in URL parser in 5839 Google Chrome prior to 75.0.3770.80 allowed not yet google -- chrome 2019- SUSE a remote attacker who convinced a user to calcula 06-27 MISC input a URL to bypass website URL validation ted MISC via a crafted URL. FEDOR A
CVE- 2019- Heap buffer overflow in ANGLE in Google 5836 not yet google -- chrome Chrome prior to 75.0.3770.80 allowed a 2019- SUSE calcula remote attacker to potentially exploit heap 06-27 MISC ted corruption via a crafted HTML page. MISC FEDOR A
CVE- Inadequate security UI in iOS UI in Google 2019- not yet google -- chrome Chrome prior to 74.0.3729.108 allowed a 2019- 5812 calcula remote attacker to perform domain spoofing 06-27 SUSE ted via a crafted HTML page. MISC MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2019- Incorrect handling of CORS in ServiceWorker 5811 not yet google -- chrome in Google Chrome prior to 74.0.3729.108 2019- SUSE calcula allowed a remote attacker to bypass same 06-27 MISC ted origin policy via a crafted HTML page. MISC FEDOR A
CVE- 2019- Object lifetime issue in V8 in Google Chrome 5807 not yet google -- chrome prior to 74.0.3729.108 allowed a remote 2019- SUSE calcula attacker to potentially exploit heap corruption 06-27 MISC ted via a crafted HTML page. MISC FEDOR A
CVE- 2019- Uninitialized data in media in Google Chrome 5818 prior to 74.0.3729.108 allowed a remote not yet google -- chrome 2019- SUSE attacker to obtain potentially sensitive calcula 06-27 MISC information from process memory via a crafted ted MISC video file. FEDOR A Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- public/app/features/panel/panel_ctrl.ts in not yet 2019- grafana -- grafana Grafana before 6.2.5 allows HTML Injection 2019- calcula 13068 in panel drilldown links (via the Title or url 06-29 ted MISC field). MISC
The admin interface of the Grouptime CVE- Teamwire Desktop Client 1.5.1 prior to 1.9.0 not yet grouptime -- teamwire_desktop_client 2019- 2018- on-premises messenger server allows stored calcula 06-28 17560 XSS. All backend versions prior to prod-2018- ted MISC 11-13-15-00-42 are affected.
Grouptime Teamwire Desktop Client 1.5.1 CVE- prior to 1.9.0 on Windows allows code not yet grouptime -- teamwire_desktop_client 2019- 2018- injection via a template, leading to remote calcula 06-28 17170 code execution. All backend versions prior to ted MISC prod-2018-11-13-15-00-42 are affected.
CVE- 2019- hosting_controller -- The HC.Server service in Hosting Controller not yet 2019- 12323 hc10_hc.server_service HC10 10.14 allows an Invalid Pointer Write calcula 06-24 MISC DoS. ted MISC MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- IBM BigFix Inventory v9 (SUA v9 / ILMT v9) 2019- discloses sensitive information to unauthorized not yet ibm -- bigfix_inventory 2019- 4369 users. The information can be used to mount calcula 06-28 CONFI further attacks on the system. IBM X-Force ted RM ID: 161807. XF
CVE- IBM WebSphere Application Server 7.0, 8.0, 2019- 8.5, and 9.0 Admin Console could allow a not yet ibm -- websphere_application_server 2019- 4269 remote attacker to obtain sensitive information calcula 06-28 XF when a specially crafted url causes a stack ted CONFI trace to be dumped. IBM X-Force ID: 160202. RM
In Loopchain through 2.2.1.3, an attacker can CVE- escalate privileges from a low-privilege shell not yet icon_project -- loopchain 2019- 2019- by changing the environment (aka injection in calcula 06-28 12997 the DEFAULT_SCORE_HOST environment ted MISC variable).
CVE- Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x not yet 2019- irssi -- irssi before 1.2.1, when SASL is enabled, has a use 2019- calcula 13045 after free when sending SASL login to the 06-29 ted MLIST server. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
MISC BUGTR AQ
CVE- Istio before 1.2.2 mishandles certain access 2019- not yet istio -- istio tokens, leading to "Epoch 0 terminated with an 2019- 12995 calcula error" in Envoy. This is related to a 06-28 MISC ted jwt_authenticator.cc segmentation fault. MISC MISC
CVE- not yet KeyIdentity LinOTP before 2.10.5.3 has 2019- 2019- keyidentity -- linotp calcula Incorrect Access Control (issue 1 of 2). 06-27 12887 ted MISC
LemonLDAP::NG before 1.9.20 has an XML CVE- External Entity (XXE) issue when submitting a not yet lemonldap-ng -- lemonldap-ng 2019- 2019- notification to the notification server. By calcula 06-28 13031 default, the notification server is not enabled ted MISC and has a "deny all" rule. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- A vulnerability reported in Lenovo Service not yet 2019- lenovo -- service_bridge 2019- Bridge before version 4.1.0.1 could allow calcula 6166 06-26 cross-site request forgery. ted CONFI RM
CVE- A vulnerability reported in Lenovo Service not yet 2019- lenovo -- service_bridge 2019- Bridge before version 4.1.0.1 could allow calcula 6167 06-26 remote code execution. ted CONFI RM
CVE- A vulnerability reported in Lenovo Service not yet 2019- lenovo -- service_bridge 2019- Bridge before version 4.1.0.1 could allow calcula 6169 06-26 unencrypted downloads over FTP. ted CONFI RM
CVE- A vulnerability reported in Lenovo Service not yet 2019- lenovo -- service_bridge 2019- Bridge before version 4.1.0.1 could allow calcula 6168 06-26 remote code execution. ted CONFI RM Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- not yet 2018- lexmark -- multiple_devices Various Lexmark devices have a Buffer 2019- calcula 15520 Overflow (issue 2 of 2). 06-28 ted CONFI RM
CVE- not yet 2018- lexmark -- multiple_devices Various Lexmark devices have a Buffer 2019- calcula 15519 Overflow (issue 1 of 2). 06-28 ted CONFI RM
Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the CVE- not yet libming -- libming decompileCAST function in util/decompile.c 2019- 2019- calcula in libutil.a. Remote attackers could leverage 06-26 12982 ted this vulnerability to cause a denial of service MISC via a crafted SWF file.
In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) CVE- not yet libming -- libming in the SWFInput_readSBits function in 2019- 2019- calcula blocks/input.c. Remote attackers could 06-26 12980 ted leverage this vulnerability to cause a denial-of- MISC service via a crafted swf file. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- Ming (aka libming) 0.4.8 has an "fill overflow" not yet libming -- libming 2019- 2019- vulnerability in the function calcula 06-26 12981 SWFShape_setLeftFillStyle in blocks/shape.c. ted MISC
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to CVE- not yet logitech -- r500_presentation_clicker keystroke injection. On Windows, any text 2019- 2019- calcula may be injected by using ALT+NUMPAD 06-29 13054 ted input to bypass the restriction on the characters MISC A through Z.
CVE- Logitech Unifying devices before 2016-02-26 not yet 2016- 2019- logitech -- unifying_devices allow keystroke injection, bypassing calcula 10761 06-29 encryption, aka MouseJack. ted MISC MISC
CVE- Logitech Unifying devices allow live not yet 2019- 2019- logitech -- unifying_devices decryption if the pairing of a keyboard to a calcula 06-29 13052 receiver is sniffed. ted MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, CVE- not yet logitech -- unifying_devices leading to the capability of live decryption of 2019- 2019- calcula Radio Frequency transmissions, as 06-29 13055 ted demonstrated by an attack against a Logitech MISC K360 keyboard.
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker CVE- must press a "magic" key combination while not yet logitech -- unifying_devices 2019- 2019- sniffing cryptographic data from a Radio calcula 06-29 13053 Frequency transmission. NOTE: this issue ted MISC exists because of an incomplete fix for CVE- 2016-10761.
CVE- 2018- 14916 not yet loytec -- lgate-902_devices LOYTEC LGATE-902 6.3.2 devices allow 2019- MISC calcula Arbitrary file deletion. 06-28 FULLDI ted SC FULLDI SC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- 2018- 14918 not yet loytec -- lgate-902_devices LOYTEC LGATE-902 6.3.2 devices allow 2019- MISC calcula Directory Traversal. 06-28 FULLDI ted SC FULLDI SC
CVE- 2018- 14919 not yet MISC loytec -- lgate-902_devices LOYTEC LGATE-902 6.3.2 devices allow 2019- calcula FULLDI XSS. 06-28 ted SC FULLDI SC MISC
The MakerBot Replicator 5G printer runs an CVE- Apache HTTP Server with directory indexing 2014- not yet enabled. Apache logs, system logs, design files 2019- 9699 makerbot -- replicator_5g_printer calcula (i.e., a history of print files), and more are 06-24 MISC ted exposed to unauthenticated attackers through CONFI this HTTP server. RM Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
Directory Traversal vulnerability in McAfee CVE- Enterprise Security Manager (ESM) prior to not yet 2019- mcafee -- enterprise_security_manager 2019- 11.2.0 and prior to 10.4.0 allows authenticated calcula 3632 06-27 user to gain elevated privileges via specially ted CONFI crafted input. RM
Privilege escalation in McAfee Enterprise CVE- Security Manager (ESM) 11.x prior to 11.2.0 not yet 2019- mcafee -- enterprise_security_manager 2019- allows authenticated user to gain access to a calcula 3628 06-27 core system component via incorrect access ted CONFI control. RM
Application protection bypass vulnerability in CVE- McAfee Enterprise Security Manager (ESM) not yet 2019- mcafee -- enterprise_security_manager 2019- prior to 11.2.0 and prior to 10.4.0 allows calcula 3629 06-27 unauthenticated user to impersonate system ted CONFI users via specially crafted parameters. RM
Command Injection vulnerability in McAfee CVE- Enterprise Security Manager (ESM) prior to not yet 2019- mcafee -- enterprise_security_manager 2019- 11.2.0 and prior to 10.4.0 allows authenticated calcula 3630 06-27 user to execute arbitrary code via specially ted CONFI crafted parameters. RM Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
Command Injection vulnerability in McAfee CVE- Enterprise Security Manager (ESM) prior to not yet 2019- mcafee -- enterprise_security_manager 2019- 11.2.0 and prior to 10.4.0 allows authenticated calcula 3631 06-27 user to execute arbitrary code via specially ted CONFI crafted parameters. RM
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump ? All versions, MiniMed Paradigm 511 pump ? All versions, MiniMed Paradigm 512/712 pumps ? All versions, MiniMed Paradigm 712E pump?All versions, MiniMed Paradigm 515/715 pumps?All versions, MiniMed Paradigm 522/722 pumps ? CVE- medtronic -- All versions,MiniMed Paradigm 522K/722K not yet 2019- minimed_508_and_paradigm_series_i pumps ? All versions, MiniMed Paradigm 2019- calcula 10964 nsulin_pumps 523/723 pumps ? Software versions 2.4A or 06-28 ted BID lower, MiniMed Paradigm 523K/723K pumps MISC ? Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps ? Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only ? Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
An incorrect implementation of a local web CVE- server in eID client (Windows version before 2019- ministry_of_interior_of_the_slovak_re 3.1.2, Linux version before 3.0.3) allows not yet 2019- 13028 public -- eid_client remote attackers to execute arbitrary code calcula 06-28 MISC (.cgi, .pl, or .php) or delete arbitrary files via a ted MISC crafted HTML page. This is a product from the MISC Ministry of Interior of the Slovak Republic.
njs through 0.3.3, used in NGINX, has a buffer CVE- not yet over-read in nxt_utf8_decode in 2019- 2019- nginx -- nginx calcula nxt/nxt_utf8.c. This issue occurs after the fix 06-29 13067 ted for CVE-2019-12207 is in place. MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
Incorrect access control in the database CVE- manager component in Odoo Community 10.0 2018- not yet odoo -- community_and_enterprise and 11.0 and Odoo Enterprise 10.0 and 11.0 2019- 14885 calcula allows a remote attacker to restore a database 06-28 MISC ted dump without knowing the super-admin CONFI password. An arbitrary password succeeds. RM
Incorrect access control in the portal CVE- messaging system in Odoo Community 9.0 2018- not yet odoo -- community_and_enterprise and 10.0 and Odoo Enterprise 9.0 and 10.0 2019- 14867 calcula allows remote attackers to post messages on 06-28 MISC ted behalf of customers, and to guess document CONFI attribute values, via crafted parameters. RM
Incorrect access control in the Password CVE- Encryption module in Odoo Community 9.0 2018- not yet odoo -- community_and_enterprise and Odoo Enterprise 9.0 allows authenticated 2019- 14868 calcula users to change the password of other users 06-28 MISC ted without knowing their current password via a CONFI crafted RPC call. RM
The module-description renderer in Odoo CVE- not yet odoo -- community_and_enterprise Community 11.0 and earlier and Odoo 2019- 2018- calcula Enterprise 11.0 and earlier does not disable 06-28 14886 ted RST's local file inclusion, which allows MISC Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
privileged authenticated users to read local CONFI files via a crafted module description. RM
Improper Host header sanitization in the CVE- dbfilter routing component in Odoo 2018- not yet odoo -- community_and_enterprise Community 11.0 and earlier and Odoo 2019- 14887 calcula Enterprise 11.0 and earlier allows a remote 06-28 MISC ted attacker to deny access to the service and to CONFI disclose database names via a crafted request. RM
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to CVE- create new files. Moreover, the Apache service not yet pandora_fms -- pandora_fms 2019- 2019- httpd.exe will try to execute cmd.exe from calcula 06-29 13035 C:\PandoraFMS (the current directory) as NT ted MISC AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non- privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
not yet An insecure login process was discovered in 2019- CVE- panduit -- intravue calcula Panduit IntraVUE before 3.2.0. 06-29 2019- ted Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
13044 MISC
CVE- An input validation issue has been found with not yet 2018- 2019- pulse_secure -- pulse_connect_secure login_meeting.cgi in Pulse Secure Pulse calcula 20813 06-28 Connect Secure 8.3RX before 8.3R2. ted CONFI RM
An XSS issue has been found in welcome.cgi CVE- in Pulse Secure Pulse Connect Secure (PCS) not yet 2018- 2019- pulse_secure -- pulse_connect_secure 8.1.x before 8.1R12, 8.2.x before 8.2R9, and calcula 20807 06-28 8.3.x before 8.3R3 due to one of the URL ted CONFI parameters not being sanitized properly. RM
An XSS issue was found with CVE- Psaldownload.cgi in Pulse Secure Pulse not yet 2018- pulse_secure -- pulse_connect_secure Connect Secure (PCS) 8.3R2 before 8.3R2 and 2019- calcula 20814 Pulse Policy Secure (PPS) 5.4RX before 06-28 ted CONFI 5.4R2. This is not applicable to PCS 8.1RX or RM PPS 5.2RX. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
CVE- An XSS issue has been found with rd.cgi in not yet 2018- pulse_secure -- pulse_connect_secure Pulse Secure Pulse Connect Secure 8.3RX 2019- calcula 20808 before 8.3R3 due to improper header 06-28 ted CONFI sanitization. This is not applicable to 8.1RX. RM
CVE- A hidden RPC service issue was found with not yet 2018- pulse_secure -- pulse_connect_secure 2019- Pulse Secure Pulse Connect Secure 8.3RX calcula 20811 06-28 before 8.3R2 and 8.1RX before 8.1R12. ted CONFI RM
A crafted message can cause the web server to CVE- pulse_secure -- crash with Pulse Secure Pulse Connect Secure not yet 2018- 2019- pulse_connect_secure_and_pulse_poli (PCS) 8.3RX before 8.3R5 and Pulse Policy calcula 20809 06-28 cy_secure Secure 5.4RX before 5.4R5. This is not ted CONFI applicable to PCS 8.1RX. RM
Session data between cluster nodes during cluster synchronization is not properly CVE- pulse_secure -- encrypted in Pulse Secure Pulse Connect not yet 2018- pulse_connect_secure_and_pulse_poli 2019- Secure (PCS) 8.3RX before 8.3R2 and Pulse calcula 20810 cy_secure 06-28 Policy Secure (PPS) 5.4RX before 5.4R2. This ted CONFI
is not applicable to PCS 8.1RX, PPS 5.2RX, or RM stand-alone devices. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
An information exposure issue where IPv6 CVE- DNS traffic would be sent outside of the VPN not yet 2018- pulse_secure -- pulse_secure_desktop tunnel (when Traffic Enforcement was 2019- calcula 20812 enabled) exists in Pulse Secure Pulse Secure 06-28 ted CONFI Desktop 9.0R1 and below. This is applicable RM only to dual-stack (IPv4/IPv6) endpoints.
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 CVE- allows remote attackers to escalate privileges, not yet quadbase_systems -- espressreport_es 2019- 2019- or create new admin accounts by crafting a calcula 06-24 9958 malicious web page that issues specific ted MISC requests, using a target admin's session to process their requests.
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the CVE- not yet rockoa -- rockoa webmain/webmainAction.php publictreestore 2019- 2019- calcula method constructs a SQL WHERE clause 06-28 9846 ted unsafely by using the pidfields and idfields MISC parameters, aka background SQL injection.
A stored XSS vulnerability was found in not yet seeddms -- seeddms 2019- CVE- SeedDMS 5.1.11 due to poorly escaping the calcula 06-28 2019- search result in the autocomplete search form ted Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
placed in the header of 12932 out/out.Viewfolder.php. MISC
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to CVE- sks_keyserver_project -- not yet have a GnuPG keyserver configuration line 2019- 2019- sks_keyserver calcula referring to a host on the SKS keyserver 06-29 13050 ted network. Retrieving data from this network MISC may cause a persistent denial of service, because of a Certificate Spamming Attack.
CVE- linker/linker.c in ToaruOS through 1.10.9 has not yet toaruos -- toaruos 2019- 2019- insecure LD_LIBRARY_PATH handling in calcula 06-29 13046 setuid applications. ted MISC
kernel/sys/syscall.c in ToaruOS through 1.10.9 CVE- has incorrect access control in sys_sysfunc not yet toaruos -- toaruos 2019- 2019- case 9 for TOARU_SYS_FUNC_SETHEAP, calcula 06-29 13047 allowing arbitrary kernel pages to be mapped ted MISC into user land, leading to root access. Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
kernel/sys/syscall.c in ToaruOS through 1.10.9 CVE- allows a denial of service upon a critical error not yet toaruos -- toaruos 2019- 2019- in certain sys_sbrk allocation patterns calcula 06-29 13048 (involving PAGE_SIZE, and a value less than ted MISC PAGE_SIZE).
An integer wrap in kernel/sys/syscall.c in CVE- ToaruOS 1.10.10 allows users to map arbitrary not yet toaruos -- toaruos 2019- 2019- kernel pages into userland process space via calcula 06-29 13049 TOARU_SYS_FUNC_MMAP, leading to ted MISC escalation of privileges.
mod_auth_mellon through 0.14.2 has an Open CVE- not yet Redirect via the login?ReturnTo= substring, as 2019- 2019- uninett -- mod_auth_mellon calcula demonstrated by omitting the // after http: in 06-29 13038 ted the target URL. MISC
A flaw was found in the containerized-data- importer in virt-cdi-cloner, version 1.4, where CVE- the host-assisted cloning feature does not not yet 2019- virt-cdi-cloner -- virt-cdi-cloner 2019- determine whether the requesting user has calcula 10175 06-28 permission to access the Persistent Volume ted CONFI Claim (PVC) in the source namespace. This RM could allow users to clone any PVC in the Source Primary Publis CVSS Description & Patch Vendor -- Product hed Score Info
cluster into their own namespace, effectively allowing access to other user's data.
CVE- In the miniOrange SAML SP Single Sign On not yet 2019- wordpress -- wordpress plugin before 4.8.73 for WordPress, the SAML 2019- calcula 12346 Login Endpoint is vulnerable to XSS via a 06-24 ted MISC specially crafted SAMLResponse XML post. MISC
Stored XSS in the Filters page (Name field) in CVE- ZoneMinder 1.32.3 allows a malicious user to not yet zoneminder -- zoneminder 2019- 2019- embed and execute JavaScript code in the calcula 06-29 13072 browser of any user who navigates to this ted MISC page.