Vulnerability Summary for the Week of January 7, 2019.Pdf
Vulnerability Summary for the Week of January 7, 2019
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.
High Vulnerabilities Primary Vendor -- CVSS Source & Product Description Published Score Patch Info A remote code execution vulnerability exists when CVE-2019- Microsoft Edge improperly accesses objects in 0565 microsoft -- memory, aka "Microsoft Edge Memory Corruption 2019-01- BID edge Vulnerability." This affects Microsoft Edge. 08 7.6 CONFIRM Back to top
Medium Vulnerabilities Primary Vendor -- CVSS Source & Product Description Published Score Patch Info CVE-2015- 9275 arc_project -- ARC 5.21q allows directory traversal via a full 2019-01- MISC arc pathname in an archive file. 07 5.0 MISC CVE-2016- 10735 MISC MISC In Bootstrap 3.x before 3.4.0 and 4.x-beta before MISC 4.0.0-beta.2, XSS is possible in the data-target MISC getbootstrap -- attribute, a different vulnerability than CVE-2018- 2019-01- MISC bootstrap 14041. 09 4.3 MISC CVE-2018- ibm -- IBM API Connect 5.0.0.0 through 5.0.8.4 could 2019-01- 1859 api_connect allow a user authenticated as an administrator with 04 6.5 BID Primary Vendor -- CVSS Source & Product Description Published Score Patch Info limited rights to escalate their privileges. IBM X- XF Force ID: 151258. CONFIRM A denial of service vulnerability exists when CVE-2019- ASP.NET Core improperly handles web requests, 0564 aka "ASP.NET Core Denial of Service BID microsoft -- Vulnerability." This affects ASP.NET Core 2.1. 2019-01- REDHAT asp.net_core This CVE ID is unique from CVE-2019-0548. 08 5.0 CONFIRM An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types CVE-2019- of messages, aka "Microsoft Outlook Information 0559 microsoft -- Disclosure Vulnerability." This affects Office 365 2019-01- BID office ProPlus, Microsoft Office, Microsoft Outlook. 08 4.3 CONFIRM An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents CVE-2019- of its memory, aka "Microsoft Office Information 0560 microsoft -- Disclosure Vulnerability." This affects Office 365 2019-01- BID office ProPlus, Microsoft Office. 08 4.3 CONFIRM YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as CVE-2019- yunucms -- demonstrated by site_title in an admin/system/basic 2019-01- 5310 yunucms POST request. 04 4.3 MISC An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS CVE-2019- yunucms -- vulnerability via the index.php/index/show/index cw 2019-01- 5311 yunucms parameter. 04 4.3 MISC Back to top
Low Vulnerabilities Primary CVSS Source & Vendor -- Product Description Published Score Patch Info CVE-2018- frog_cms_project -- Frog CMS 0.9.5 has XSS in the 2019-01- 20680 frog_cms admin/?/page/edit/1 body field. 09 3.5 MISC IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- users to embed arbitrary JavaScript 1657 code in the Web UI thus altering the BID ibm -- intended functionality potentially 2019-01- XF rational_publishing_engine leading to credentials disclosure within 04 3.5 CONFIRM Primary CVSS Source & Vendor -- Product Description Published Score Patch Info a trusted session. IBM X-force ID: 144883. IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the CVE-2018- intended functionality potentially 1951 leading to credentials disclosure within BID ibm -- a trusted session. IBM X-Force ID: 2019-01- XF rational_publishing_engine 153494. 04 3.5 CONFIRM Back to top
Severity Not Yet Assigned CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject CVE- external XML entities in Apache not 2018- Karaf version prior to 4.1.7 or 4.2.2. 2019 yet 11788 apache -- karaf It has been fixed in Apache Karaf -01- calcuMISC 4.1.7 and 4.2.2 releases. 07 lated BID Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTran sport class. An assert used to determine if the SASL handshake not CVE- had successfully completed could be 2019 yet 2018- disabled in production settings -01- calcu1320 apache -- thrift making the validation incomplete. 07 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to CVE- contain a security vulnerability in not 2018- which a remote user has the ability 2019 yet 11798 to access files outside the set -01- calcuBID apache -- thrift webservers docroot path. 07 lated MISC An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file not CVE- system as root. An attacker would 2019 yet 2018- need local access to the machine for -01- calcu4043 apple -- cleanmymac_x a successful exploit. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4047 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file not CVE- system as root. An attacker would 2019 yet 2018- need local access to the machine for -01- calcu4032 apple -- cleanmymac_x a successful exploit. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4033 apple -- cleanmymac_x system as root. 10 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4034 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4045 apple -- cleanmymac_x system as root. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use not CVE- this vulnerability to modify the 2019 yet 2018- running kernel extensions on the -01- calcu4036 apple -- cleanmymac_x system. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An not CVE- attacker with local access can use 2019 yet 2018- this vulnerability to modify the file -01- calcu4037 apple -- cleanmymac_x system as root. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4035 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable denial-of-service vulnerability exists in the helper not CVE- service of Clean My Mac X, version 2019 yet 2018- 4.04, due to improper input -01- calcu4046 apple -- cleanmymac_x validation. A user with local access 10 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4041 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4042 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4044 apple -- cleanmymac_x system as root. 10 lated MISC CVE- In iOS before 11.2, exchange rates not 2017- were retrieved from HTTP rather 2019 yet 2411 than HTTPS. This was addressed by -01- calcuCONF apple -- ios enabling HTTPS for exchange rates. 11 lated IRM CVE- 2018- In iOS before 11.4 and macOS High 4404 Sierra before 10.13.5, a memory not MISC corruption issue exists and was 2019 yet CONF addressed with improved memory -01- calcuIRM apple -- ios handling. 11 lated EXPL CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info OIT- DB CVE- not 2017- In iOS before 11.2, an inconsistent 2019 yet 13891 user interface issue was addressed -01- calcuCONF apple -- ios through improved state management. 11 lated IRM CVE- not 2017- In iOS before 11.2, a type confusion 2019 yet 13888 issue was addressed with improved -01- calcuCONF apple -- ios memory handling. 11 lated IRM CVE- 2018- 4330 BID SECT In iOS before 11.4, a memory not RAC corruption issue exists and was 2019 yet K addressed with improved memory -01- calcuCONF apple -- ios handling. 11 lated IRM CVE- In iOS before 9.3.3, a memory not 2016- corruption issue existed in the 2019 yet 7576 kernel. This issue was addressed -01- calcuCONF apple -- ios through improved memory handling. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, a buffer overflow was 2019 yet 4257 addressed with improved size -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, an out-of-bounds read was 2019 yet 4255 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM In macOS High Sierra before CVE- 10.13.5, an input validation issue not 2018- existed in the kernel. This issue was 2019 yet 4254 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In macOS High Sierra before CVE- 10.13.5, a privacy issue in the not 2018- handling of Open Directory records 2019 yet 4217 was addressed with improved -01- calcuCONF apple -- macos_high_sierra indexing. 11 lated IRM CVE- 2018- 4183 In macOS High Sierra before not CONF 10.13.5, an access issue was 2019 yet IRM addressed with additional sandbox -01- calcuDEBI apple -- macos_high_sierra restrictions. 11 lated AN CVE- 2018- 4182 In macOS High Sierra before not CONF 10.13.5, an access issue was 2019 yet IRM addressed with additional sandbox -01- calcuDEBI apple -- macos_high_sierra restrictions on CUPS. 11 lated AN CVE- 2018- 4181 MLIS T CONF IRM In macOS High Sierra before not UBU 10.13.5, an issue existed in CUPS. 2019 yet NTU This issue was addressed with -01- calcuDEBI apple -- macos_high_sierra improved access restrictions. 11 lated AN CVE- 2018- 4180 MLIS T CONF IRM In macOS High Sierra before not UBU 10.13.5, an issue existed in CUPS. 2019 yet NTU This issue was addressed with -01- calcuDEBI apple -- macos_high_sierra improved access restrictions. 11 lated AN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- In macOS High Sierra before not 2018- 10.13.5, a buffer overflow was 2019 yet 4258 addressed with improved bounds -01- calcuCONF apple -- macos_high_sierra checking. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, an out-of-bounds read was 2019 yet 4256 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM In macOS High Sierra before CVE- 10.13.4, there was an issue with the not 2018- handling of smartcard PINs. This 2019 yet 4179 issue was addressed with additional -01- calcuCONF apple -- macos_high_sierra logic. 11 lated IRM In macOS High Sierra before 10.13.2, an access issue existed with CVE- privileged WiFi system not 2017- configuration. This issue was 2019 yet 13886 addressed with additional -01- calcuCONF apple -- macos_high_sierra restrictions. 11 lated IRM In macOS High Sierra before CVE- 10.13.2, a logic issue existed in not 2017- APFS when deleting keys during 2019 yet 13887 hibernation. This was addressed with -01- calcuCONF apple -- macos_high_sierra improved state management. 11 lated IRM CVE- 2018- In iOS before 11.4, iCloud for 4194 Windows before 7.5, watchOS MISC before 4.3.1, iTunes before 12.7.5 CONF for Windows, and macOS High not IRM Sierra before 10.13.5, an out-of- 2019 yet MISC bounds read was addressed with -01- calcuMISC apple -- multiple_products improved input validation. 11 lated MISC In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018- CVE- 001 El Capitan, a logic error existed not 2017- in the validation of credentials. This 2019 yet 13889 was addressed with improved -01- calcuCONF apple -- multiple_products credential validation. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In macOS High Sierra before 10.13.3, Security Update 2018-001 CVE- Sierra, and Security Update 2018- not 2018- 001 El Capitan, an out-of-bounds 2019 yet 4169 read was addressed with improved -01- calcuCONF apple -- multiple_products input validation. 11 lated IRM CVE- 2018- 4278 SECT RAC K GENT OO In Safari before 11.1.2, iTunes CONF before 12.8 for Windows, iOS IRM before 11.4.1, tvOS before 11.4.1, MISC iCloud for Windows before 7.6, MISC sound fetched through audio not MISC elements may be exfiltrated cross- 2019 yet MISC origin. This issue was addressed -01- calcuUBU apple -- multiple_products with improved audio taint tracking. 11 lated NTU CVE- 2018- 4277 SECT RAC In iOS before 11.4.1, watchOS K before 4.3.2, tvOS before 11.4.1, MISC Safari before 11.1.1, macOS High MISC Sierra before 10.13.6, a spoofing not MISC issue existed in the handling of 2019 yet CONF URLs. This issue was addressed -01- calcuIRM apple -- multiple_products with improved input validation. 11 lated MISC CVE- In Safari before 11.1.2, iTunes 2018- before 12.8 for Windows, iOS 4262 before 11.4.1, tvOS before 11.4.1, SECT iCloud for Windows before 7.6, not RAC multiple memory corruption issues 2019 yet K were addressed with improved -01- calcuGENT apple -- multiple_products memory handling. 11 lated OO CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info MISC CONF IRM MISC UBU NTU CVE- 2018- 4213 GENT OO In iOS before 11.3, Safari before MISC 11.1, iCloud for Windows before CONF 7.4, tvOS before 11.3, watchOS IRM before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU In macOS High Sierra before 10.13.3, Security Update 2018-001 CVE- Sierra, and Security Update 2018- 2018- 001 El Capitan, a permissions issue not 4298 existed in Remote Management. 2019 yet CONF This issue was addressed through -01- calcuIRM apple -- multiple_products improved permission validation. 11 lated MISC CVE- 2018- 4212 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 4210 GENT OO In iOS before 11.3, Safari before MISC 11.1, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, an array indexing issue not CONF existed in the handling of a function 2019 yet IRM in javascript core. This issue was -01- calcuUBU apple -- multiple_products addressed with improved checks. 11 lated NTU CVE- 2018- 4209 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVE- 2018- 4208 GENT OO MISC In iOS before 11.3, Safari before MISC 11.1, iCloud for Windows before MISC 7.4, tvOS before 11.3, watchOS CONF before 4.3, iTunes before 12.7.4 for IRM Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 4207 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security CVE- Update 2018-001 Sierra, and 2018- Security Update 2018-001 El 4189 Capitan, watchOS before 4.2.2, and CONF tvOS before 11.2.5, a memory not IRM corruption issue exists and was 2019 yet MISC addressed with improved memory -01- calcuMISC apple -- multiple_products handling. 11 lated MISC CVE- 2018- 4147 In iCloud for Windows before 7.3, CONF Safari before 11.0.3, iTunes before IRM 12.7.3 for Windows, and iOS before not MISC 11.2.5, multiple memory corruption 2019 yet MISC issues exist and were addressed with -01- calcuMISC apple -- multiple_products improved memory handling. 11 lated MISC In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016- CVE- 004, a downgrade issue existed with 2016- HTTP authentication credentials 4644 saved in Keychain. This issue was not MISC addressed by storing the 2019 yet MISC authentication types with the -01- calcuCONF apple -- multiple_products credentials. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In iOS before 9.3.3, tvOS before CVE- 9.2.2, and OS X El Capitan before 2016- v10.11.6 and Security Update 2016- 4643 004, a validation issue existed in the not MISC parsing of 407 responses. This issue 2019 yet MISC was addressed through improved -01- calcuCONF apple -- multiple_products response validation. 11 lated IRM CVE- In iOS before 11.3, tvOS before 2018- 11.3, watchOS before 4.3, and 4185 macOS before High Sierra 10.13.4, MISC an information disclosure issue not MISC existed in the transition of program 2019 yet CONF state. This issue was addressed with -01- calcuIRM apple -- multiple_products improved state handling. 11 lated MISC In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before CVE- v10.11.6 and Security Update 2016- 2016- 004, proxy authentication incorrectly 4642 reported HTTP proxies received not MISC credentials securely. This issue was 2019 yet MISC apple -- multiple_products addressed through improved -01- calcuCONF warnings. 11 lated IRM In Safari before 11.1, an information CVE- leakage issue existed in the handling not 2018- of downloads in Safari Private 2019 yet 4186 Browsing. This issue was addressed -01- calcuCONF apple -- safari with additional validation. 11 lated IRM CVE- not 2018- In SwiftNIO before 1.8.0, a buffer 2019 yet 4281 overflow was addressed with -01- calcuCONF apple -- swiftnio improved size validation. 11 lated IRM Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated not CVE- by mutool. This is related to page- 2019 yet 2019- number mishandling in cbz/mucbz.c, -01- calcu6130 artifex -- mupdf cbz/muimg.c, and svg/svg-doc.c. 11 lated MISC svg-run.c in Artifex MuPDF 1.14.0 2019 has infinite recursion with stack -01- not CVE- artifex -- mupdf consumption in 11 yet 2019- CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info svg_run_use_symbol, calcu6131 svg_run_element, and svg_run_use, lated MISC as demonstrated by mutool. Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- FactoryPassword parameter or 2019 yet 0634 bootmode parameter of a certain -01- calcuMISC aterm -- hc100rc URL. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0635 arbitrary OS commands via filename -01- calcuMISC aterm -- hc100rc parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- FactoryPassword parameter of a 2019 yet 0636 certain URL, different URL from -01- calcuMISC aterm -- hc100rc CVE-2018-0634. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0638 arbitrary OS commands via -01- calcuMISC aterm -- hc100rc import.cgi encKey parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- tools_firmware.cgi date parameter, 2019 yet 0639 time parameter, and offset -01- calcuMISC aterm -- hc100rc parameter. 09 lated JVN Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker CVE- with administrator rights to execute not 2018- arbitrary code via netWizard.cgi date 2019 yet 0640 parameter, time parameter, and -01- calcuMISC aterm -- hc100rc offset parameter. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker CVE- with administrator rights to execute not 2018- arbitrary code via tools_system.cgi 2019 yet 0641 date parameter, time parameter, and -01- calcuMISC aterm -- hc100rc offset parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0637 arbitrary OS commands via -01- calcuMISC aterm -- hc100rc export.cgi encKey parameter. 09 lated JVN Buffer overflow in Aterm W300P CVE- Ver1.0.13 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0633 arbitrary code via submit-url -01- calcuMISC aterm -- w300p parameter. 09 lated JVN Buffer overflow in Aterm W300P CVE- Ver1.0.13 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0632 arbitrary code via HTTP request and -01- calcuMISC aterm -- w300p response. 09 lated JVN Aterm W300P Ver1.0.13 and earlier CVE- allows attacker with administrator not 2018- rights to execute arbitrary OS 2019 yet 0631 commands via targetAPSsid -01- calcuMISC aterm -- w300p parameter. 09 lated JVN Aterm W300P Ver1.0.13 and earlier CVE- allows attacker with administrator not 2018- rights to execute arbitrary OS 2019 yet 0629 commands via HTTP request and -01- calcuMISC aterm -- w300p response. 09 lated JVN CVE- Aterm W300P Ver1.0.13 and earlier not 2018- allows attacker with administrator 2019 yet 0630 rights to execute arbitrary OS -01- calcuMISC aterm -- w300p commands via sysCmd parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0628 arbitrary OS commands via HTTP -01- calcuMISC aterm -- wg1200hp_firmware request and response. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0627 arbitrary OS commands via -01- calcuMISC aterm -- wg1200hp_firmware targetAPSsid parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0626 arbitrary OS commands via sysCmd -01- calcuMISC aterm -- wg1200hp_firmware in formWsc parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0625 arbitrary OS commands via -01- calcuMISC aterm -- wg1200hp_firmware formSysCmd parameter. 09 lated JVN An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDesc riptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the not CVE- AP4_EsdsAtom class in 2019 yet 2019- bento4 -- bento4 Core/Ap4EsdsAtom.cpp, as -01- calcu6132 demonstrated by mp42aac. 11 lated MISC CVE- 2017- Bodhi 2.9.0 and lower is vulnerable not 10021 to cross-site scripting resulting in 2019 yet 52 bodhi -- bodhi code injection caused by incorrect -01- calcuCONF validation of bug titles. 10 lated IRM CVE- 2018- 20677 MISC not MISC In Bootstrap before 3.4.0, XSS is 2019 yet MISC possible in the affix configuration -01- calcuMISC bootstrap -- bootstrap target property. 09 lated MISC In Bootstrap before 3.4.0, XSS is 2019 CVE- bootstrap -- bootstrap possible in the tooltip data-viewport -01- not 2018- attribute. 09 yet 20676 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info calcuMISC lated MISC MISC MISC MISC An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4- CVE- byte length when decoding not 2019- DHCP_SUBNET. NOTE: this issue 2019 yet 5747 busybox -- busybox exists because of an incomplete fix -01- calcuMISC for CVE-2018-20679. 09 lated MISC An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack CVE- by sending a crafted DHCP message. 2018- This is related to verification in not 20679 udhcp_get_option() in 2019 yet MISC busybox -- busybox networking/udhcp/common.c that 4- -01- calcuMISC byte options are indeed 4 bytes. 09 lated MISC CVE- In CIMTechniques CIMScan 6.x not 2018- through 6.2, the SOAP WSDL 2019 yet 16803 parser allows attackers to execute -01- calcuMISC cimtechniques -- cimscan SQL code. 10 lated MISC A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to CVE- cause a partial denial of service not 2018- (DoS) condition on an affected 2019 yet 15464 cisco -- device. The vulnerability is due to -01- calcuCISC 900_series_aggregation_services_router insufficient handling of certain 11 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed CVE- email, causing the filtering process 2018- to crash and restart again. A not 15453 cisco -- successful exploit could allow the 2019 yet BID cisco_asyncos_software_for_cisco_emai attacker to cause a permanent DoS -01- calcuCISC l_security_appliance condition. This vulnerability may 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info require manual intervention to recover the ESA. A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful CVE- exploit could allow the attacker to 2018- cause a sustained DoS condition that not 15460 cisco -- could force the affected device to 2019 yet BID cisco_asyncos_software_for_cisco_emai stop scanning and forwarding email -01- calcuCISC l_security_appliance messages. 10 lated O A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An CVE- attacker could exploit this 2018- vulnerability by sending a steady not 15458 stream of remote authentication 2019 yet BID requests to the appliance when the -01- calcuCISC cisco -- firepower_management_center specific configuration is applied. 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains CVE- sensitive data. An exploit could 2018- allow the attacker to recover not 15456 passwords for unauthorized use and 2019 yet BID expose those accounts to further -01- calcuCISC cisco -- identity_services_engine attack. 10 lated O A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the CVE- HTTP server. An attacker could 2018- exploit this vulnerability by sending not 0282 specific HTTP requests at a 2019 yet BID sustained rate to a reachable IP -01- calcuCISC cisco -- ios_and_ios_xe_software address of the affected software. A 09 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF CVE- instance. Once connected, the not 2018- attacker would still need to provide 2019 yet 0484 valid credentials to access the -01- calcuCISC cisco -- ios_and_ios_xe_software device. 10 lated O A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an CVE- affected device. A successful exploit 2018- could allow an attacker to execute not 0461 arbitrary script code in the context of 2019 yet BID the user interface or access sensitive -01- calcuCISC cisco -- ip_phone_8800_series_software system-based information, which 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info under normal circumstances should be prohibited. A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac CVE- client to perform such actions, 2018- allowing files to be created in an not 0449 arbitrary location on the disk or an 2019 yet BID arbitrary file to be corrupted when it -01- calcuCISC cisco -- jabber_client_framework is appended to or overwritten. 10 lated O A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user- supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could CVE- allow the attacker to execute 2018- arbitrary script code in the context of not 0483 the targeted client or allow the 2019 yet BID attacker to access sensitive client- -01- calcuCISC cisco -- jabber_client_framework based information. 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short- lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to CVE- reduce the efficiency of the Cisco not 2018- cisco -- Policy Suite for Mobile and Cisco 2019 yet 0181 policy_suite_for_mobile_and_policy_sui Policy Suite Diameter Routing -01- calcuCISC te_diameter_routing_agent_software Agent software. 09 lated O A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An CVE- exploit could allow the attacker to 2018- access various statistics and Key not 15466 Performance Indicators (KPIs) 2019 yet BID cisco -- policy_suite regarding the Cisco Policy Suite -01- calcuCISC environment. 11 lated O A vulnerability in the web-based not CVE- management interface of Cisco 2019 yet 2018- Prime Infrastructure could allow an -01- calcu15457 cisco -- prime_infrastructure unauthenticated, remote attacker to 10 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info conduct a cross-site scripting (XSS) CISC attack against a user of the web- O based management interface of an affected system. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross- site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit CVE- could allow the attacker to execute 2018- arbitrary script code in the context of not 0482 the web-based management interface 2019 yet BID or allow the attacker to access -01- calcuCISC cisco -- prime_network_control_system sensitive browser-based information. 10 lated O A vulnerability in the web-based CVE- management interface of Cisco 2018- TelePresence Management Suite not 15467 (TMS) could allow an 2019 yet BID unauthenticated, remote attacker to -01- calcuCISC cisco -- telepresence_management_suite conduct a cross-site scripting (XSS) 11 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attack against a user of the web- based management interface of an affected device. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A CVE- successful exploit could allow the not 2018- attacker to recover passwords and 2019 yet 0474 cisco -- expose those accounts to further -01- calcuCISC unified_communications_manager attack. 10 lated O A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to CVE- conduct a cross-site scripting (XSS) 2018- attack. The vulnerability is due to not 15461 insufficient validation of user- 2019 yet BID supplied input. An attacker could -01- calcuCISC cisco -- webex_business_suite exploit this vulnerability by 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. CVE- Directory traversal vulnerability in not 2018- Cybozu Dezie 8.0.2 to 8.1.2 allows 2019 yet 0705 remote attackers to read arbitrary -01- calcuJVN cybozu -- dezie files via HTTP requests. 09 lated MISC Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass CVE- access restriction to view not 2018- information available only for a 2019 yet 16178 sign-on user via Single sign-on -01- calcuJVN cybozu -- garoon function. 09 lated MISC Directory traversal vulnerability in CVE- Cybozu Mailwise 5.0.0 to 5.4.5 not 2018- allows remote attackers to delete 2019 yet 0702 arbitrary files via unspecified -01- calcuJVN cybozu -- mailwise vectors. 09 lated MISC CVE- Directory traversal vulnerability in not 2018- Cybozu Office 10.0.0 to 10.8.1 2019 yet 0703 allows remote attackers to delete -01- calcuJVN cybozu -- office arbitrary files via HTTP requests. 09 lated MISC CVE- Directory traversal vulnerability in not 2018- Cybozu Office 10.0.0 to 10.8.1 2019 yet 0704 allows remote attackers to delete -01- calcuJVN cybozu -- office arbitrary files via Keitai Screen. 09 lated MISC Cybozu Remote Service 3.0.0 to CVE- 3.1.0 allows remote authenticated not 2018- attackers to upload and execute Java 2019 yet 16169 code file on the server via -01- calcuJVN cybozu -- remote_service unspecified vectors. 09 lated MISC Improper countermeasure against not clickjacking attack in client 2019 yet CVE- certificates management screen was -01- calcu2018- cybozu -- remote_service discovered in Cybozu Remote 09 lated 16172 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Service 3.0.0 to 3.1.8, that allows JVN remote attackers to trick a user to MISC delete the registered client certificate. Directory traversal vulnerability in CVE- Cybozu Remote Service 3.0.0 to not 2018- 3.1.8 allows remote attackers to 2019 yet 16171 execute Java code file on the server -01- calcuJVN cybozu -- remote_service via unspecified vectors. 09 lated MISC Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to CVE- 3.1.8 for Windows allows remote not 2018- authenticated attackers to read 2019 yet 16170 arbitrary files via unspecified -01- calcuJVN cybozu -- remote_service vectors. 09 lated MISC D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* not CVE- before v2.22B03Beta, and DIR- 2019 yet 2018- 880L A* before v1.20B02Beta -01- calcu20675 d-link -- multiple_devices devices allow authentication bypass. 08 lated MISC D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR- not CVE- 880L A* before v1.20B02Beta 2019 yet 2018- devices allow authenticated remote -01- calcu20674 d-link -- multiple_devices command execution. 08 lated MISC HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting CVE- attacks that may result in an arbitrary not 2018- script injection or setting an arbitrary 2019 yet 16181 cookie values via unspecified -01- calcuMISC digital_arts -- i-filter vectors. 09 lated JVN Cross-site scripting vulnerability in 2019 CVE- i-FILTER Ver.9.50R05 and earlier -01- not 2018- digital_arts -- i-filter allows remote attackers to inject 09 yet 16180 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info arbitrary web script or HTML via calcuMISC unspecified vectors. lated JVN CVE- 2019- In Django 1.11.x before 1.11.18, 3498 2.0.x before 2.0.10, and 2.1.x before BID 2.1.5, an Improper Neutralization of MISC Special Elements in Output Used by MISC a Downstream Component issue MLIS exists in T django.views.defaults.page_not_fou UBU nd(), leading to content spoofing (in not NTU a 404 error page) if a user fails to 2019 yet DEBI django -- django recognize that a crafted URL has -01- calcuAN malicious content. 09 lated MISC Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or CVE- --cpuset-cpus value, related to not 2018- daemon/daemon_unix.go, 2019 yet 20699 docker_engine -- docker_engine pkg/parsers/parsers.go, and -01- calcuMISC pkg/sysinfo/sysinfo.go. 11 lated MISC Dokan, versions between 1.0.0.5000 CVE- and 1.2.0.1000, are vulnerable to a 2018- stack-based buffer overflow in the 5410 dokan1.sys driver. An attacker can BID create a device handle to the system MISC driver and send arbitrary input that not CONF will trigger the vulnerability. This 2019 yet IRM dokan -- dokan vulnerability was introduced in the -01- calcuCERT 1.0.0.5000 version update. 07 lated -VN php/elFinder.class.php in elFinder CVE- before 2.1.45 leaks information if not 2019- PHP's curl extension is enabled and 2019 yet 5884 elfinder -- elfinder safe_mode or open_basedir is not -01- calcuMISC set. 10 lated MISC Fork CMS 5.0.6 allows stored XSS via the private/en/settings not CVE- facebook_admin_ids parameter (aka 2019 yet 2018- fork -- fork_cms "Admin ids" input in the Facebook -01- calcu20682 section). 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info not CVE- Frog CMS 0.9.5 allows XSS via the 2019 yet 2019- forgot password page (aka the -01- calcu6243 frog_cms -- frog_cms /admin/?/login/forgot URI). 11 lated MISC includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database not CVE- of the application via the 2019 yet 2019- frontaccounting -- frontaccounting void_transaction.php filterType -01- calcu5720 parameter. 08 lated MISC bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used CVE- for Virtual Network Control, allows 2019- remote attackers to cause a denial of 5892 service (peering session flap) via CONF attribute 255 in a BGP UPDATE IRM packet. This occurred during Disco MISC in January 2019 because FRR does MISC not implement RFC 7606, and not MISC therefore the packets with 255 were 2019 yet MISC frrouting -- frrouting considered invalid VNC data and the -01- calcuMISC BGP session was closed. 10 lated MISC CVE- commands/rsync in Gitolite before 2018- 3.6.11, if .gitolite.rc enables rsync, 20683 mishandles the rsync command line, not MISC which allows attackers to have a 2019 yet MISC gitolite -- gitolite "bad" impact by triggering use of an -01- calcuMISC option other than -v, -n, -q, or -P. 09 lated MISC load_specific_debug_section in CVE- objdump.c in GNU Binutils through 2018- 2.31.1 contains an integer overflow not 20671 vulnerability that can trigger a heap- 2019 yet BID based buffer overflow via a crafted -01- calcuMISC gnu -- binutils section size. 04 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array CVE- for saving the template argument not 2018- values") that can trigger a heap- 2019 yet 20673 based buffer overflow, as -01- calcuBID gnu -- binutils demonstrated by nm. 04 lated MISC CVE- 2018- 16084 BID The default selected dialog button in REDH CustomHandlers in Google Chrome AT prior to 69.0.3497.81 allowed a CONF remote attacker who convinced the not IRM user to perform certain operations to 2019 yet MISC open external programs via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO Failure to prevent navigation to top frame to data URLs in Navigation in CVE- Google Chrome on iOS prior to 2018- 71.0.3578.80 allowed a remote not 20069 attacker to confuse the user about the 2019 yet CONF origin of the current page via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC Incorrect handling of 304 status codes in Navigation in Google CVE- Chrome prior to 71.0.3578.80 2018- allowed a remote attacker to confuse not 20068 the user about the origin of the 2019 yet CONF current page via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation CVE- in Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20067 attacker to confuse the user about the 2019 yet CONF origin of the current page via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- Incorrect object lifecycle in 2018- Extensions in Google Chrome prior not 20066 to 71.0.3578.80 allowed a remote 2019 yet CONF attacker to potentially exploit heap -01- calcuIRM google -- chrome corruption via a crafted HTML page. 09 lated MISC Handling of URI action in PDFium CVE- in Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20065 attacker to initiate potentially unsafe 2019 yet CONF navigations without a user gesture -01- calcuIRM google -- chrome via a crafted PDF file. 09 lated MISC CVE- 2018- 6166 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6163 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN Incorrect handling of reloads in not CVE- Navigation in Google Chrome prior 2019 yet 2018- to 68.0.3440.75 allowed a remote -01- calcu6165 google -- chrome attacker to spoof the contents of the 09 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Omnibox (URL bar) via a crafted REDH HTML page. AT CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6164 BID REDH AT CONF IRM Insufficient origin checks for CSS MISC content in Blink in Google Chrome not GENT prior to 68.0.3440.75 allowed a 2019 yet OO remote attacker to leak cross-origin -01- calcuDEBI google -- chrome data via a crafted HTML page. 09 lated AN CVE- 2018- 6162 BID REDH AT CONF IRM Improper deserialization in WebGL MISC in Google Chrome on Mac prior to not GENT 68.0.3440.75 allowed a remote 2019 yet OO attacker to potentially exploit heap -01- calcuDEBI google -- chrome corruption via a crafted HTML page. 09 lated AN A heap buffer overflow in GPU in CVE- Google Chrome prior to 2018- 70.0.3538.67 allowed a remote 17470 attacker who had compromised the not BID renderer process to potentially 2019 yet REDH perform a sandbox escape via a -01- calcuAT google -- chrome crafted HTML page. 09 lated CONF CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info IRM MISC GENT OO DEBI AN CVE- An out of bounds read in PDFium in 2018- Google Chrome prior to not 17461 68.0.3440.75 allowed a remote 2019 yet CONF attacker to perform an out of bounds -01- calcuIRM google -- chrome memory read via a crafted PDF file. 09 lated MISC CVE- 2018- Incorrect handling of clicks in the 17459 omnibox in Navigation in Google REDH Chrome prior to 69.0.3497.92 not AT allowed a remote attacker to spoof 2019 yet CONF the contents of the Omnibox (URL -01- calcuIRM google -- chrome bar) via a crafted HTML page. 09 lated MISC CVE- An improper update of the 2018- WebAssembly dispatch table in 17458 WebAssembly in Google Chrome REDH prior to 69.0.3497.92 allowed a not AT remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC An object lifecycle issue in Blink could lead to a use after free in CVE- WebAudio in Google Chrome prior 2018- to 69.0.3497.81 allowed a remote not 17457 attacker to execute arbitrary code 2019 yet CONF inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC CVE- JavaScript alert handling in Prompts 2018- in Google Chrome prior to 6160 68.0.3440.75 allowed a remote not BID attacker to spoof the contents of the 2019 yet CONF Omnibox (URL bar) via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info GENT OO Incorrect handling of confusable characters in URL Formatter in CVE- Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20070 attacker to spoof the contents of the 2019 yet CONF Omnibox (URL bar) via a crafted -01- calcuIRM google -- chrome domain name. 09 lated MISC CVE- 2018- 6167 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior CVE- to 70.0.3538.67 allowed a remote 2018- attacker to install a service worker not 20071 for a domain that can host attacker 2019 yet CONF controled files via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write CVE- access in V8 in Google Chrome 2017- prior to 62.0.3202.94 and allowed a not 15428 remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC A missing check for whether a not CVE- property of a JS object is private in 2019 yet 2016- V8 in Google Chrome prior to -01- calcu9651 google -- chrome 55.0.2883.75 allowed a remote 09 lated REDH CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker to execute arbitrary code AT inside a sandbox via a crafted BID HTML page. CONF IRM MISC GENT OO EXPL OIT- DB A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in CVE- WebAssembly in Google Chrome 2017- prior to 62.0.3202.62 allowed a not 15401 remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior CVE- to 62.0.3202.74 allowed a remote 2017- attacker who had compromised the not 15402 renderer process to potentially 2019 yet CONF perform a sandbox escape via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC Insufficient data validation in crosh could lead to a command injection under chronos privileges in CVE- Networking in Google Chrome on 2017- Chrome OS prior to 61.0.3163.113 not 15403 allowed a local attacker to execute 2019 yet CONF arbitrary code via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC An ability to process crash dumps under root privileges and not CVE- inappropriate symlinks handling 2019 yet 2017- could lead to a local privilege -01- calcu15404 google -- chrome escalation in Crash Reporting in 09 lated CONF CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Google Chrome on Chrome OS prior IRM to 61.0.3163.113 allowed a local MISC attacker to perform privilege escalation via a crafted HTML page. Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in CVE- cryptohomed in Google Chrome on 2017- Chrome OS prior to 61.0.3163.113 not 15405 allowed a local attacker to execute 2019 yet CONF arbitrary code via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC CVE- 2018- 6179 BID Insufficient enforcement of file REDH access permission in the activeTab AT case in Extensions in Google CONF Chrome prior to 68.0.3440.75 IRM allowed an attacker who convinced a MISC user to install a malicious extension not GENT to access files on the local file 2019 yet OO system via a crafted Chrome -01- calcuDEBI google -- chrome Extension. 09 lated AN CVE- 2018- 6153 BID REDH AT CONF A precision error in Skia in Google IRM Chrome prior to 68.0.3440.75 MISC allowed a remote attacker who had not GENT compromised the renderer process to 2019 yet OO perform an out of bounds memory -01- calcuDEBI google -- chrome write via a crafted HTML page. 09 lated AN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 6178 BID REDH AT Eliding from the wrong side in an CONF infobar in DevTools in Google IRM Chrome prior to 68.0.3440.75 MISC allowed an attacker who convinced a not GENT user to install a malicious extension 2019 yet OO to Hide Chrome Security UI via a -01- calcuDEBI google -- chrome crafted Chrome Extension. 09 lated AN CVE- 2018- 6175 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6174 BID REDH AT CONF IRM Integer overflows in Swiftshader in MISC Google Chrome prior to not GENT 68.0.3440.75 potentially allowed a 2019 yet OO remote attacker to execute arbitrary -01- calcuDEBI google -- chrome code via a crafted HTML page. 09 lated AN Incorrect handling of confusable 2019 CVE- characters in URL Formatter in -01- not 2018- google -- chrome Google Chrome prior to 09 yet 6173 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 68.0.3440.75 allowed a remote calcuBID attacker to perform domain spoofing lated REDH via IDN homographs via a crafted AT domain name. CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6172 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6170 BID REDH AT CONF IRM A bad cast in PDFium in Google MISC Chrome prior to 68.0.3440.75 not GENT allowed a remote attacker to 2019 yet OO potentially exploit heap corruption -01- calcuDEBI google -- chrome via a crafted PDF file. 09 lated AN Lack of timeout on extension install CVE- prompt in Extensions in Google 2018- Chrome prior to 68.0.3440.75 not 6169 allowed a remote attacker to trigger 2019 yet BID installation of an unwanted -01- calcuREDH google -- chrome extension via a crafted HTML page. 09 lated AT CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6158 BID REDH AT CONF IRM A race condition in Oilpan in Google MISC Chrome prior to 68.0.3440.75 not GENT allowed a remote attacker to 2019 yet OO potentially exploit heap corruption -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 6151 BID REDH AT Bad cast in DevTools in Google CONF Chrome on Win, Linux, Mac, IRM Chrome OS prior to 66.0.3359.117 MISC allowed an attacker who convinced a not GENT user to install a malicious extension 2019 yet OO to perform an out of bounds memory -01- calcuDEBI google -- chrome read via a crafted Chrome Extension. 09 lated AN CVE- 2018- 16085 A use after free in BID ResourceCoordinator in Google REDH Chrome prior to 69.0.3497.81 not AT allowed a remote attacker to 2019 yet CONF potentially exploit heap corruption -01- calcuIRM google -- chrome via a crafted HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info GENT OO CVE- 2018- 16080 BID A missing check for popup window REDH handling in Fullscreen in Google AT Chrome on macOS prior to CONF 69.0.3497.81 allowed a remote not IRM attacker to spoof the contents of the 2019 yet MISC Omnibox (URL bar) via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO CVE- 2018- 16078 BID REDH Unsafe handling of credit card AT details in Autofill in Google Chrome CONF prior to 69.0.3497.81 allowed a not IRM remote attacker to obtain potentially 2019 yet MISC sensitive information from process -01- calcuGENT google -- chrome memory via a crafted HTML page. 09 lated OO CVE- 2018- 6097 BID REDH AT Incorrect handling of asynchronous CONF methods in Fullscreen in Google IRM Chrome on macOS prior to MISC 66.0.3359.117 allowed a remote not GENT attacker to enter full screen without 2019 yet OO showing a warning via a crafted -01- calcuDEBI google -- chrome HTML page. 09 lated AN A race condition between permission CVE- prompts and navigations in Prompts not 2018- in Google Chrome prior to 2019 yet 16079 69.0.3497.81 allowed a remote -01- calcuBID google -- chrome attacker to spoof the contents of the 09 lated REDH CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Omnibox (URL bar) via a crafted AT HTML page. CONF IRM MISC GENT OO CVE- 2018- 6100 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome on macOS prior to MISC 66.0.3359.117 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6106 BID REDH AT CONF An asynchronous generator may IRM return an incorrect state in V8 in MISC Google Chrome prior to not GENT 66.0.3359.117 allowing a remote 2019 yet OO attacker to potentially exploit object -01- calcuDEBI google -- chrome corruption via a crafted HTML page. 09 lated AN CVE- readAsText() can indefinitely read 2018- the file picked by the user, rather 6109 than only once at the time the file is BID picked in File API in Google REDH Chrome prior to 66.0.3359.117 AT allowed a remote attacker to access not CONF data on the user file system without 2019 yet IRM explicit consent via a crafted HTML -01- calcuMISC google -- chrome page. 09 lated GENT CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info OO DEBI AN CVE- 2018- 6110 BID REDH AT CONF IRM Parsing documents as HTML in MISC Downloads in Google Chrome prior not GENT to 66.0.3359.117 allowed a remote 2019 yet OO attacker to cause Chrome to execute -01- calcuDEBI google -- chrome scripts via a local non-HTML page. 09 lated AN CVE- 2018- 6111 BID REDH AT CONF An object lifetime issue in the IRM developer tools network handler in MISC Google Chrome prior to not GENT 66.0.3359.117 allowed a local 2019 yet OO attacker to execute arbitrary code via -01- calcuDEBI google -- chrome a crafted HTML page. 09 lated AN CVE- 2018- Allowing the chrome.debugger API 16081 to run on file:// URLs in DevTools BID in Google Chrome prior to REDH 69.0.3497.81 allowed an attacker AT who convinced a user to install a CONF malicious extension to access files not IRM on the local file system without file 2019 yet MISC access permission via a crafted -01- calcuGENT google -- chrome Chrome Extension. 09 lated OO CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 6096 BID REDH AT CONF A JavaScript focused window could IRM overlap the fullscreen notification in MISC Fullscreen in Google Chrome prior not GENT to 66.0.3359.117 allowed a remote 2019 yet OO attacker to obscure the full screen -01- calcuDEBI google -- chrome warning via a crafted HTML page. 09 lated AN CVE- 2018- 16082 BID REDH An out of bounds read in AT Swiftshader in Google Chrome prior CONF to 69.0.3497.81 allowed a remote not IRM attacker to potentially perform out of 2019 yet MISC bounds memory access via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO CVE- 2018- 16083 BID REDH AT CONF An out of bounds read in forward IRM error correction code in WebRTC in MISC Google Chrome prior to GENT 69.0.3497.81 allowed a remote not OO attacker to perform an out of bounds 2019 yet EXPL memory read via a crafted HTML -01- calcuOIT- google -- chrome page. 09 lated DB Making URLs clickable and not CVE- allowing them to be styled in 2019 yet 2018- DevTools in Google Chrome prior to -01- calcu6112 google -- chrome 66.0.3359.117 allowed a remote 09 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker to bypass navigation REDH restrictions via a crafted HTML AT page. CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6113 BID REDH AT CONF Improper handling of pending IRM navigation entries in Navigation in MISC Google Chrome on iOS prior to not GENT 66.0.3359.117 allowed a remote 2019 yet OO attacker to perform domain spoofing -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 6114 BID REDH AT CONF Incorrect enforcement of CSP for IRM