Vulnerability Summary for the Week of January 7, 2019

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities Primary Vendor -- CVSS Source & Product Description Published Score Patch Info A remote code execution vulnerability exists when CVE-2019- Microsoft Edge improperly accesses objects in 0565 microsoft -- memory, aka "Microsoft Edge Memory Corruption 2019-01- BID edge Vulnerability." This affects Microsoft Edge. 08 7.6 CONFIRM Back to top

Medium Vulnerabilities Primary Vendor -- CVSS Source & Product Description Published Score Patch Info CVE-2015- 9275 arc_project -- ARC 5.21q allows directory traversal via a full 2019-01- MISC arc pathname in an archive file. 07 5.0 MISC CVE-2016- 10735 MISC MISC In Bootstrap 3.x before 3.4.0 and 4.x-beta before MISC 4.0.0-beta.2, XSS is possible in the data-target MISC getbootstrap -- attribute, a different vulnerability than CVE-2018- 2019-01- MISC bootstrap 14041. 09 4.3 MISC CVE-2018- ibm -- IBM API Connect 5.0.0.0 through 5.0.8.4 could 2019-01- 1859 api_connect allow a user authenticated as an administrator with 04 6.5 BID Primary Vendor -- CVSS Source & Product Description Published Score Patch Info limited rights to escalate their privileges. IBM X- XF Force ID: 151258. CONFIRM A denial of service vulnerability exists when CVE-2019- ASP.NET Core improperly handles web requests, 0564 aka "ASP.NET Core Denial of Service BID microsoft -- Vulnerability." This affects ASP.NET Core 2.1. 2019-01- REDHAT asp.net_core This CVE ID is unique from CVE-2019-0548. 08 5.0 CONFIRM An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types CVE-2019- of messages, aka "Microsoft Outlook Information 0559 microsoft -- Disclosure Vulnerability." This affects Office 365 2019-01- BID office ProPlus, Microsoft Office, Microsoft Outlook. 08 4.3 CONFIRM An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents CVE-2019- of its memory, aka "Microsoft Office Information 0560 microsoft -- Disclosure Vulnerability." This affects Office 365 2019-01- BID office ProPlus, Microsoft Office. 08 4.3 CONFIRM YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as CVE-2019- yunucms -- demonstrated by site_title in an admin/system/basic 2019-01- 5310 yunucms POST request. 04 4.3 MISC An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS CVE-2019- yunucms -- vulnerability via the index.php/index/show/index cw 2019-01- 5311 yunucms parameter. 04 4.3 MISC Back to top

Low Vulnerabilities Primary CVSS Source & Vendor -- Product Description Published Score Patch Info CVE-2018- frog_cms_project -- Frog CMS 0.9.5 has XSS in the 2019-01- 20680 frog_cms admin/?/page/edit/1 body field. 09 3.5 MISC IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows CVE-2018- users to embed arbitrary JavaScript 1657 code in the Web UI thus altering the BID ibm -- intended functionality potentially 2019-01- XF rational_publishing_engine leading to credentials disclosure within 04 3.5 CONFIRM Primary CVSS Source & Vendor -- Product Description Published Score Patch Info a trusted session. IBM X-force ID: 144883. IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the CVE-2018- intended functionality potentially 1951 leading to credentials disclosure within BID ibm -- a trusted session. IBM X-Force ID: 2019-01- XF rational_publishing_engine 153494. 04 3.5 CONFIRM Back to top

Severity Not Yet Assigned CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject CVE- external XML entities in Apache not 2018- Karaf version prior to 4.1.7 or 4.2.2. 2019 yet 11788 apache -- karaf It has been fixed in Apache Karaf -01- calcuMISC 4.1.7 and 4.2.2 releases. 07 lated BID Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTran sport class. An assert used to determine if the SASL handshake not CVE- had successfully completed could be 2019 yet 2018- disabled in production settings -01- calcu1320 apache -- thrift making the validation incomplete. 07 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to CVE- contain a security vulnerability in not 2018- which a remote user has the ability 2019 yet 11798 to access files outside the set -01- calcuBID apache -- thrift webservers docroot path. 07 lated MISC An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file not CVE- system as root. An attacker would 2019 yet 2018- need local access to the machine for -01- calcu4043 apple -- cleanmymac_x a successful exploit. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4047 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file not CVE- system as root. An attacker would 2019 yet 2018- need local access to the machine for -01- calcu4032 apple -- cleanmymac_x a successful exploit. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4033 apple -- cleanmymac_x system as root. 10 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4034 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4045 apple -- cleanmymac_x system as root. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use not CVE- this vulnerability to modify the 2019 yet 2018- running kernel extensions on the -01- calcu4036 apple -- cleanmymac_x system. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An not CVE- attacker with local access can use 2019 yet 2018- this vulnerability to modify the file -01- calcu4037 apple -- cleanmymac_x system as root. 10 lated MISC The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An not CVE- attacker with local access could use 2019 yet 2018- this vulnerability to modify the file -01- calcu4035 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable denial-of-service vulnerability exists in the helper not CVE- service of Clean My Mac X, version 2019 yet 2018- 4.04, due to improper input -01- calcu4046 apple -- cleanmymac_x validation. A user with local access 10 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4041 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4042 apple -- cleanmymac_x system as root. 10 lated MISC An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local not CVE- access could exploit this 2019 yet 2018- vulnerability to modify the file -01- calcu4044 apple -- cleanmymac_x system as root. 10 lated MISC CVE- In iOS before 11.2, exchange rates not 2017- were retrieved from HTTP rather 2019 yet 2411 than HTTPS. This was addressed by -01- calcuCONF apple -- ios enabling HTTPS for exchange rates. 11 lated IRM CVE- 2018- In iOS before 11.4 and macOS High 4404 Sierra before 10.13.5, a memory not MISC corruption issue exists and was 2019 yet CONF addressed with improved memory -01- calcuIRM apple -- ios handling. 11 lated EXPL CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info OIT- DB CVE- not 2017- In iOS before 11.2, an inconsistent 2019 yet 13891 user interface issue was addressed -01- calcuCONF apple -- ios through improved state management. 11 lated IRM CVE- not 2017- In iOS before 11.2, a type confusion 2019 yet 13888 issue was addressed with improved -01- calcuCONF apple -- ios memory handling. 11 lated IRM CVE- 2018- 4330 BID SECT In iOS before 11.4, a memory not RAC corruption issue exists and was 2019 yet K addressed with improved memory -01- calcuCONF apple -- ios handling. 11 lated IRM CVE- In iOS before 9.3.3, a memory not 2016- corruption issue existed in the 2019 yet 7576 kernel. This issue was addressed -01- calcuCONF apple -- ios through improved memory handling. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, a buffer overflow was 2019 yet 4257 addressed with improved size -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, an out-of-bounds read was 2019 yet 4255 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM In macOS High Sierra before CVE- 10.13.5, an input validation issue not 2018- existed in the kernel. This issue was 2019 yet 4254 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In macOS High Sierra before CVE- 10.13.5, a privacy issue in the not 2018- handling of Open Directory records 2019 yet 4217 was addressed with improved -01- calcuCONF apple -- macos_high_sierra indexing. 11 lated IRM CVE- 2018- 4183 In macOS High Sierra before not CONF 10.13.5, an access issue was 2019 yet IRM addressed with additional sandbox -01- calcuDEBI apple -- macos_high_sierra restrictions. 11 lated AN CVE- 2018- 4182 In macOS High Sierra before not CONF 10.13.5, an access issue was 2019 yet IRM addressed with additional sandbox -01- calcuDEBI apple -- macos_high_sierra restrictions on CUPS. 11 lated AN CVE- 2018- 4181 MLIS T CONF IRM In macOS High Sierra before not UBU 10.13.5, an issue existed in CUPS. 2019 yet NTU This issue was addressed with -01- calcuDEBI apple -- macos_high_sierra improved access restrictions. 11 lated AN CVE- 2018- 4180 MLIS T CONF IRM In macOS High Sierra before not UBU 10.13.5, an issue existed in CUPS. 2019 yet NTU This issue was addressed with -01- calcuDEBI apple -- macos_high_sierra improved access restrictions. 11 lated AN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- In macOS High Sierra before not 2018- 10.13.5, a buffer overflow was 2019 yet 4258 addressed with improved bounds -01- calcuCONF apple -- macos_high_sierra checking. 11 lated IRM CVE- In macOS High Sierra before not 2018- 10.13.5, an out-of-bounds read was 2019 yet 4256 addressed with improved input -01- calcuCONF apple -- macos_high_sierra validation. 11 lated IRM In macOS High Sierra before CVE- 10.13.4, there was an issue with the not 2018- handling of smartcard PINs. This 2019 yet 4179 issue was addressed with additional -01- calcuCONF apple -- macos_high_sierra logic. 11 lated IRM In macOS High Sierra before 10.13.2, an access issue existed with CVE- privileged WiFi system not 2017- configuration. This issue was 2019 yet 13886 addressed with additional -01- calcuCONF apple -- macos_high_sierra restrictions. 11 lated IRM In macOS High Sierra before CVE- 10.13.2, a logic issue existed in not 2017- APFS when deleting keys during 2019 yet 13887 hibernation. This was addressed with -01- calcuCONF apple -- macos_high_sierra improved state management. 11 lated IRM CVE- 2018- In iOS before 11.4, iCloud for 4194 Windows before 7.5, watchOS MISC before 4.3.1, iTunes before 12.7.5 CONF for Windows, and macOS High not IRM Sierra before 10.13.5, an out-of- 2019 yet MISC bounds read was addressed with -01- calcuMISC apple -- multiple_products improved input validation. 11 lated MISC In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018- CVE- 001 El Capitan, a logic error existed not 2017- in the validation of credentials. This 2019 yet 13889 was addressed with improved -01- calcuCONF apple -- multiple_products credential validation. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In macOS High Sierra before 10.13.3, Security Update 2018-001 CVE- Sierra, and Security Update 2018- not 2018- 001 El Capitan, an out-of-bounds 2019 yet 4169 read was addressed with improved -01- calcuCONF apple -- multiple_products input validation. 11 lated IRM CVE- 2018- 4278 SECT RAC K GENT OO In Safari before 11.1.2, iTunes CONF before 12.8 for Windows, iOS IRM before 11.4.1, tvOS before 11.4.1, MISC iCloud for Windows before 7.6, MISC sound fetched through audio not MISC elements may be exfiltrated cross- 2019 yet MISC origin. This issue was addressed -01- calcuUBU apple -- multiple_products with improved audio taint tracking. 11 lated NTU CVE- 2018- 4277 SECT RAC In iOS before 11.4.1, watchOS K before 4.3.2, tvOS before 11.4.1, MISC Safari before 11.1.1, macOS High MISC Sierra before 10.13.6, a spoofing not MISC issue existed in the handling of 2019 yet CONF URLs. This issue was addressed -01- calcuIRM apple -- multiple_products with improved input validation. 11 lated MISC CVE- In Safari before 11.1.2, iTunes 2018- before 12.8 for Windows, iOS 4262 before 11.4.1, tvOS before 11.4.1, SECT iCloud for Windows before 7.6, not RAC multiple memory corruption issues 2019 yet K were addressed with improved -01- calcuGENT apple -- multiple_products memory handling. 11 lated OO CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info MISC CONF IRM MISC UBU NTU CVE- 2018- 4213 GENT OO In iOS before 11.3, Safari before MISC 11.1, iCloud for Windows before CONF 7.4, tvOS before 11.3, watchOS IRM before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU In macOS High Sierra before 10.13.3, Security Update 2018-001 CVE- Sierra, and Security Update 2018- 2018- 001 El Capitan, a permissions issue not 4298 existed in Remote Management. 2019 yet CONF This issue was addressed through -01- calcuIRM apple -- multiple_products improved permission validation. 11 lated MISC CVE- 2018- 4212 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 4210 GENT OO In iOS before 11.3, Safari before MISC 11.1, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, an array indexing issue not CONF existed in the handling of a function 2019 yet IRM in javascript core. This issue was -01- calcuUBU apple -- multiple_products addressed with improved checks. 11 lated NTU CVE- 2018- 4209 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVE- 2018- 4208 GENT OO MISC In iOS before 11.3, Safari before MISC 11.1, iCloud for Windows before MISC 7.4, tvOS before 11.3, watchOS CONF before 4.3, iTunes before 12.7.4 for IRM Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 4207 GENT OO MISC In iOS before 11.3, Safari before CONF 11.1, iCloud for Windows before IRM 7.4, tvOS before 11.3, watchOS MISC before 4.3, iTunes before 12.7.4 for MISC Windows, unexpected interaction not MISC causes an ASSERT failure. This 2019 yet MISC issue was addressed with improved -01- calcuUBU apple -- multiple_products checks. 11 lated NTU In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security CVE- Update 2018-001 Sierra, and 2018- Security Update 2018-001 El 4189 Capitan, watchOS before 4.2.2, and CONF tvOS before 11.2.5, a memory not IRM corruption issue exists and was 2019 yet MISC addressed with improved memory -01- calcuMISC apple -- multiple_products handling. 11 lated MISC CVE- 2018- 4147 In iCloud for Windows before 7.3, CONF Safari before 11.0.3, iTunes before IRM 12.7.3 for Windows, and iOS before not MISC 11.2.5, multiple memory corruption 2019 yet MISC issues exist and were addressed with -01- calcuMISC apple -- multiple_products improved memory handling. 11 lated MISC In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016- CVE- 004, a downgrade issue existed with 2016- HTTP authentication credentials 4644 saved in Keychain. This issue was not MISC addressed by storing the 2019 yet MISC authentication types with the -01- calcuCONF apple -- multiple_products credentials. 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info In iOS before 9.3.3, tvOS before CVE- 9.2.2, and OS X El Capitan before 2016- v10.11.6 and Security Update 2016- 4643 004, a validation issue existed in the not MISC parsing of 407 responses. This issue 2019 yet MISC was addressed through improved -01- calcuCONF apple -- multiple_products response validation. 11 lated IRM CVE- In iOS before 11.3, tvOS before 2018- 11.3, watchOS before 4.3, and 4185 macOS before High Sierra 10.13.4, MISC an information disclosure issue not MISC existed in the transition of program 2019 yet CONF state. This issue was addressed with -01- calcuIRM apple -- multiple_products improved state handling. 11 lated MISC In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before CVE- v10.11.6 and Security Update 2016- 2016- 004, proxy authentication incorrectly 4642 reported HTTP proxies received not MISC credentials securely. This issue was 2019 yet MISC apple -- multiple_products addressed through improved -01- calcuCONF warnings. 11 lated IRM In Safari before 11.1, an information CVE- leakage issue existed in the handling not 2018- of downloads in Safari Private 2019 yet 4186 Browsing. This issue was addressed -01- calcuCONF apple -- safari with additional validation. 11 lated IRM CVE- not 2018- In SwiftNIO before 1.8.0, a buffer 2019 yet 4281 overflow was addressed with -01- calcuCONF apple -- swiftnio improved size validation. 11 lated IRM Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated not CVE- by mutool. This is related to page- 2019 yet 2019- number mishandling in cbz/mucbz.c, -01- calcu6130 artifex -- mupdf cbz/muimg.c, and svg/svg-doc.c. 11 lated MISC svg-run.c in Artifex MuPDF 1.14.0 2019 has infinite recursion with stack -01- not CVE- artifex -- mupdf consumption in 11 yet 2019- CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info svg_run_use_symbol, calcu6131 svg_run_element, and svg_run_use, lated MISC as demonstrated by mutool. Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- FactoryPassword parameter or 2019 yet 0634 bootmode parameter of a certain -01- calcuMISC aterm -- hc100rc URL. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0635 arbitrary OS commands via filename -01- calcuMISC aterm -- hc100rc parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- FactoryPassword parameter of a 2019 yet 0636 certain URL, different URL from -01- calcuMISC aterm -- hc100rc CVE-2018-0634. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0638 arbitrary OS commands via -01- calcuMISC aterm -- hc100rc import.cgi encKey parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute CVE- arbitrary OS commands via not 2018- tools_firmware.cgi date parameter, 2019 yet 0639 time parameter, and offset -01- calcuMISC aterm -- hc100rc parameter. 09 lated JVN Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker CVE- with administrator rights to execute not 2018- arbitrary code via netWizard.cgi date 2019 yet 0640 parameter, time parameter, and -01- calcuMISC aterm -- hc100rc offset parameter. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker CVE- with administrator rights to execute not 2018- arbitrary code via tools_system.cgi 2019 yet 0641 date parameter, time parameter, and -01- calcuMISC aterm -- hc100rc offset parameter. 09 lated JVN Aterm HC100RC Ver1.0.1 and CVE- earlier allows attacker with not 2018- administrator rights to execute 2019 yet 0637 arbitrary OS commands via -01- calcuMISC aterm -- hc100rc export.cgi encKey parameter. 09 lated JVN Buffer overflow in Aterm W300P CVE- Ver1.0.13 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0633 arbitrary code via submit-url -01- calcuMISC aterm -- w300p parameter. 09 lated JVN Buffer overflow in Aterm W300P CVE- Ver1.0.13 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0632 arbitrary code via HTTP request and -01- calcuMISC aterm -- w300p response. 09 lated JVN Aterm W300P Ver1.0.13 and earlier CVE- allows attacker with administrator not 2018- rights to execute arbitrary OS 2019 yet 0631 commands via targetAPSsid -01- calcuMISC aterm -- w300p parameter. 09 lated JVN Aterm W300P Ver1.0.13 and earlier CVE- allows attacker with administrator not 2018- rights to execute arbitrary OS 2019 yet 0629 commands via HTTP request and -01- calcuMISC aterm -- w300p response. 09 lated JVN CVE- Aterm W300P Ver1.0.13 and earlier not 2018- allows attacker with administrator 2019 yet 0630 rights to execute arbitrary OS -01- calcuMISC aterm -- w300p commands via sysCmd parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0628 arbitrary OS commands via HTTP -01- calcuMISC aterm -- wg1200hp_firmware request and response. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0627 arbitrary OS commands via -01- calcuMISC aterm -- wg1200hp_firmware targetAPSsid parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0626 arbitrary OS commands via sysCmd -01- calcuMISC aterm -- wg1200hp_firmware in formWsc parameter. 09 lated JVN Aterm WG1200HP firmware CVE- Ver1.0.31 and earlier allows attacker not 2018- with administrator rights to execute 2019 yet 0625 arbitrary OS commands via -01- calcuMISC aterm -- wg1200hp_firmware formSysCmd parameter. 09 lated JVN An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDesc riptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the not CVE- AP4_EsdsAtom class in 2019 yet 2019- bento4 -- bento4 Core/Ap4EsdsAtom.cpp, as -01- calcu6132 demonstrated by mp42aac. 11 lated MISC CVE- 2017- Bodhi 2.9.0 and lower is vulnerable not 10021 to cross-site scripting resulting in 2019 yet 52 bodhi -- bodhi code injection caused by incorrect -01- calcuCONF validation of bug titles. 10 lated IRM CVE- 2018- 20677 MISC not MISC In Bootstrap before 3.4.0, XSS is 2019 yet MISC possible in the affix configuration -01- calcuMISC bootstrap -- bootstrap target property. 09 lated MISC In Bootstrap before 3.4.0, XSS is 2019 CVE- bootstrap -- bootstrap possible in the tooltip data-viewport -01- not 2018- attribute. 09 yet 20676 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info calcuMISC lated MISC MISC MISC MISC An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4- CVE- byte length when decoding not 2019- DHCP_SUBNET. NOTE: this issue 2019 yet 5747 busybox -- busybox exists because of an incomplete fix -01- calcuMISC for CVE-2018-20679. 09 lated MISC An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack CVE- by sending a crafted DHCP message. 2018- This is related to verification in not 20679 udhcp_get_option() in 2019 yet MISC busybox -- busybox networking/udhcp/common.c that 4- -01- calcuMISC byte options are indeed 4 bytes. 09 lated MISC CVE- In CIMTechniques CIMScan 6.x not 2018- through 6.2, the SOAP WSDL 2019 yet 16803 parser allows attackers to execute -01- calcuMISC cimtechniques -- cimscan SQL code. 10 lated MISC A vulnerability in Cisco 900 Series Aggregation Services (ASR) software could allow an unauthenticated, remote attacker to CVE- cause a partial denial of service not 2018- (DoS) condition on an affected 2019 yet 15464 cisco -- device. The vulnerability is due to -01- calcuCISC 900_series_aggregation_services_router insufficient handling of certain 11 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed CVE- email, causing the filtering process 2018- to crash and restart again. A not 15453 cisco -- successful exploit could allow the 2019 yet BID cisco_asyncos_software_for_cisco_emai attacker to cause a permanent DoS -01- calcuCISC l_security_appliance condition. This vulnerability may 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info require manual intervention to recover the ESA. A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful CVE- exploit could allow the attacker to 2018- cause a sustained DoS condition that not 15460 cisco -- could force the affected device to 2019 yet BID cisco_asyncos_software_for_cisco_emai stop scanning and forwarding email -01- calcuCISC l_security_appliance messages. 10 lated O A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An CVE- attacker could exploit this 2018- vulnerability by sending a steady not 15458 stream of remote authentication 2019 yet BID requests to the appliance when the -01- calcuCISC cisco -- firepower_management_center specific configuration is applied. 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains CVE- sensitive data. An exploit could 2018- allow the attacker to recover not 15456 passwords for unauthorized use and 2019 yet BID expose those accounts to further -01- calcuCISC cisco -- identity_services_engine attack. 10 lated O A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the CVE- HTTP server. An attacker could 2018- exploit this vulnerability by sending not 0282 specific HTTP requests at a 2019 yet BID sustained rate to a reachable IP -01- calcuCISC cisco -- ios_and_ios_xe_software address of the affected software. A 09 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF CVE- instance. Once connected, the not 2018- attacker would still need to provide 2019 yet 0484 valid credentials to access the -01- calcuCISC cisco -- ios_and_ios_xe_software device. 10 lated O A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an CVE- affected device. A successful exploit 2018- could allow an attacker to execute not 0461 arbitrary script code in the context of 2019 yet BID the user interface or access sensitive -01- calcuCISC cisco -- ip_phone_8800_series_software system-based information, which 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info under normal circumstances should be prohibited. A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac CVE- client to perform such actions, 2018- allowing files to be created in an not 0449 arbitrary location on the disk or an 2019 yet BID arbitrary file to be corrupted when it -01- calcuCISC cisco -- jabber_client_framework is appended to or overwritten. 10 lated O A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user- supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could CVE- allow the attacker to execute 2018- arbitrary script code in the context of not 0483 the targeted client or allow the 2019 yet BID attacker to access sensitive client- -01- calcuCISC cisco -- jabber_client_framework based information. 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short- lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to CVE- reduce the efficiency of the Cisco not 2018- cisco -- Policy Suite for Mobile and Cisco 2019 yet 0181 policy_suite_for_mobile_and_policy_sui Policy Suite Diameter Routing -01- calcuCISC te_diameter_routing_agent_software Agent software. 09 lated O A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An CVE- exploit could allow the attacker to 2018- access various statistics and Key not 15466 Performance Indicators (KPIs) 2019 yet BID cisco -- policy_suite regarding the Cisco Policy Suite -01- calcuCISC environment. 11 lated O A vulnerability in the web-based not CVE- management interface of Cisco 2019 yet 2018- Prime Infrastructure could allow an -01- calcu15457 cisco -- prime_infrastructure unauthenticated, remote attacker to 10 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info conduct a cross-site scripting (XSS) CISC attack against a user of the web- O based management interface of an affected system. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross- site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit CVE- could allow the attacker to execute 2018- arbitrary script code in the context of not 0482 the web-based management interface 2019 yet BID or allow the attacker to access -01- calcuCISC cisco -- prime_network_control_system sensitive browser-based information. 10 lated O A vulnerability in the web-based CVE- management interface of Cisco 2018- TelePresence Management Suite not 15467 (TMS) could allow an 2019 yet BID unauthenticated, remote attacker to -01- calcuCISC cisco -- telepresence_management_suite conduct a cross-site scripting (XSS) 11 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attack against a user of the web- based management interface of an affected device. The vulnerability is due to insufficient validation of user- supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A CVE- successful exploit could allow the not 2018- attacker to recover passwords and 2019 yet 0474 cisco -- expose those accounts to further -01- calcuCISC unified_communications_manager attack. 10 lated O A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to CVE- conduct a cross-site scripting (XSS) 2018- attack. The vulnerability is due to not 15461 insufficient validation of user- 2019 yet BID supplied input. An attacker could -01- calcuCISC cisco -- webex_business_suite exploit this vulnerability by 10 lated O CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. CVE- Directory traversal vulnerability in not 2018- Cybozu Dezie 8.0.2 to 8.1.2 allows 2019 yet 0705 remote attackers to read arbitrary -01- calcuJVN cybozu -- dezie files via HTTP requests. 09 lated MISC Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass CVE- access restriction to view not 2018- information available only for a 2019 yet 16178 sign-on user via Single sign-on -01- calcuJVN cybozu -- garoon function. 09 lated MISC Directory traversal vulnerability in CVE- Cybozu Mailwise 5.0.0 to 5.4.5 not 2018- allows remote attackers to delete 2019 yet 0702 arbitrary files via unspecified -01- calcuJVN cybozu -- mailwise vectors. 09 lated MISC CVE- Directory traversal vulnerability in not 2018- Cybozu Office 10.0.0 to 10.8.1 2019 yet 0703 allows remote attackers to delete -01- calcuJVN cybozu -- office arbitrary files via HTTP requests. 09 lated MISC CVE- Directory traversal vulnerability in not 2018- Cybozu Office 10.0.0 to 10.8.1 2019 yet 0704 allows remote attackers to delete -01- calcuJVN cybozu -- office arbitrary files via Keitai Screen. 09 lated MISC Cybozu Remote Service 3.0.0 to CVE- 3.1.0 allows remote authenticated not 2018- attackers to upload and execute Java 2019 yet 16169 code file on the server via -01- calcuJVN cybozu -- remote_service unspecified vectors. 09 lated MISC Improper countermeasure against not clickjacking attack in client 2019 yet CVE- certificates management screen was -01- calcu2018- cybozu -- remote_service discovered in Cybozu Remote 09 lated 16172 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Service 3.0.0 to 3.1.8, that allows JVN remote attackers to trick a user to MISC delete the registered client certificate. Directory traversal vulnerability in CVE- Cybozu Remote Service 3.0.0 to not 2018- 3.1.8 allows remote attackers to 2019 yet 16171 execute Java code file on the server -01- calcuJVN cybozu -- remote_service via unspecified vectors. 09 lated MISC Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to CVE- 3.1.8 for Windows allows remote not 2018- authenticated attackers to read 2019 yet 16170 arbitrary files via unspecified -01- calcuJVN cybozu -- remote_service vectors. 09 lated MISC D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* not CVE- before v2.22B03Beta, and DIR- 2019 yet 2018- 880L A* before v1.20B02Beta -01- calcu20675 d-link -- multiple_devices devices allow authentication bypass. 08 lated MISC D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR- not CVE- 880L A* before v1.20B02Beta 2019 yet 2018- devices allow authenticated remote -01- calcu20674 d-link -- multiple_devices command execution. 08 lated MISC HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting CVE- attacks that may result in an arbitrary not 2018- script injection or setting an arbitrary 2019 yet 16181 cookie values via unspecified -01- calcuMISC digital_arts -- i-filter vectors. 09 lated JVN Cross-site scripting vulnerability in 2019 CVE- i-FILTER Ver.9.50R05 and earlier -01- not 2018- digital_arts -- i-filter allows remote attackers to inject 09 yet 16180 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info arbitrary web script or HTML via calcuMISC unspecified vectors. lated JVN CVE- 2019- In Django 1.11.x before 1.11.18, 3498 2.0.x before 2.0.10, and 2.1.x before BID 2.1.5, an Improper Neutralization of MISC Special Elements in Output Used by MISC a Downstream Component issue MLIS exists in T django.views.defaults.page_not_fou UBU nd(), leading to content spoofing (in not NTU a 404 error page) if a user fails to 2019 yet DEBI django -- django recognize that a crafted URL has -01- calcuAN malicious content. 09 lated MISC Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or CVE- --cpuset-cpus value, related to not 2018- daemon/daemon_unix.go, 2019 yet 20699 docker_engine -- docker_engine pkg/parsers/parsers.go, and -01- calcuMISC pkg/sysinfo/sysinfo.go. 11 lated MISC Dokan, versions between 1.0.0.5000 CVE- and 1.2.0.1000, are vulnerable to a 2018- stack-based buffer overflow in the 5410 dokan1.sys driver. An attacker can BID create a device handle to the system MISC driver and send arbitrary input that not CONF will trigger the vulnerability. This 2019 yet IRM dokan -- dokan vulnerability was introduced in the -01- calcuCERT 1.0.0.5000 version update. 07 lated -VN php/elFinder.class.php in elFinder CVE- before 2.1.45 leaks information if not 2019- PHP's curl extension is enabled and 2019 yet 5884 elfinder -- elfinder safe_mode or open_basedir is not -01- calcuMISC set. 10 lated MISC Fork CMS 5.0.6 allows stored XSS via the private/en/settings not CVE- facebook_admin_ids parameter (aka 2019 yet 2018- fork -- fork_cms "Admin ids" input in the Facebook -01- calcu20682 section). 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info not CVE- Frog CMS 0.9.5 allows XSS via the 2019 yet 2019- forgot password page (aka the -01- calcu6243 frog_cms -- frog_cms /admin/?/login/forgot URI). 11 lated MISC includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database not CVE- of the application via the 2019 yet 2019- frontaccounting -- frontaccounting void_transaction.php filterType -01- calcu5720 parameter. 08 lated MISC bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used CVE- for Virtual Network Control, allows 2019- remote attackers to cause a denial of 5892 service (peering session flap) via CONF attribute 255 in a BGP UPDATE IRM packet. This occurred during Disco MISC in January 2019 because FRR does MISC not implement RFC 7606, and not MISC therefore the packets with 255 were 2019 yet MISC -- frrouting considered invalid VNC data and the -01- calcuMISC BGP session was closed. 10 lated MISC CVE- commands/rsync in Gitolite before 2018- 3.6.11, if .gitolite.rc enables rsync, 20683 mishandles the rsync command line, not MISC which allows attackers to have a 2019 yet MISC gitolite -- gitolite "bad" impact by triggering use of an -01- calcuMISC option other than -v, -n, -q, or -P. 09 lated MISC load_specific_debug_section in CVE- objdump.c in GNU Binutils through 2018- 2.31.1 contains an integer overflow not 20671 vulnerability that can trigger a heap- 2019 yet BID based buffer overflow via a crafted -01- calcuMISC gnu -- binutils section size. 04 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array CVE- for saving the template argument not 2018- values") that can trigger a heap- 2019 yet 20673 based buffer overflow, as -01- calcuBID gnu -- binutils demonstrated by nm. 04 lated MISC CVE- 2018- 16084 BID The default selected dialog button in REDH CustomHandlers in Google Chrome AT prior to 69.0.3497.81 allowed a CONF remote attacker who convinced the not IRM user to perform certain operations to 2019 yet MISC open external programs via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO Failure to prevent navigation to top frame to data URLs in Navigation in CVE- Google Chrome on iOS prior to 2018- 71.0.3578.80 allowed a remote not 20069 attacker to confuse the user about the 2019 yet CONF origin of the current page via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC Incorrect handling of 304 status codes in Navigation in Google CVE- Chrome prior to 71.0.3578.80 2018- allowed a remote attacker to confuse not 20068 the user about the origin of the 2019 yet CONF current page via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation CVE- in Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20067 attacker to confuse the user about the 2019 yet CONF origin of the current page via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- Incorrect object lifecycle in 2018- Extensions in Google Chrome prior not 20066 to 71.0.3578.80 allowed a remote 2019 yet CONF attacker to potentially exploit heap -01- calcuIRM google -- chrome corruption via a crafted HTML page. 09 lated MISC Handling of URI action in PDFium CVE- in Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20065 attacker to initiate potentially unsafe 2019 yet CONF navigations without a user gesture -01- calcuIRM google -- chrome via a crafted PDF file. 09 lated MISC CVE- 2018- 6166 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6163 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN Incorrect handling of reloads in not CVE- Navigation in Google Chrome prior 2019 yet 2018- to 68.0.3440.75 allowed a remote -01- calcu6165 google -- chrome attacker to spoof the contents of the 09 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Omnibox (URL bar) via a crafted REDH HTML page. AT CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6164 BID REDH AT CONF IRM Insufficient origin checks for CSS MISC content in Blink in Google Chrome not GENT prior to 68.0.3440.75 allowed a 2019 yet OO remote attacker to leak cross-origin -01- calcuDEBI google -- chrome data via a crafted HTML page. 09 lated AN CVE- 2018- 6162 BID REDH AT CONF IRM Improper deserialization in WebGL MISC in Google Chrome on Mac prior to not GENT 68.0.3440.75 allowed a remote 2019 yet OO attacker to potentially exploit heap -01- calcuDEBI google -- chrome corruption via a crafted HTML page. 09 lated AN A heap buffer overflow in GPU in CVE- Google Chrome prior to 2018- 70.0.3538.67 allowed a remote 17470 attacker who had compromised the not BID renderer process to potentially 2019 yet REDH perform a sandbox escape via a -01- calcuAT google -- chrome crafted HTML page. 09 lated CONF CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info IRM MISC GENT OO DEBI AN CVE- An out of bounds read in PDFium in 2018- Google Chrome prior to not 17461 68.0.3440.75 allowed a remote 2019 yet CONF attacker to perform an out of bounds -01- calcuIRM google -- chrome memory read via a crafted PDF file. 09 lated MISC CVE- 2018- Incorrect handling of clicks in the 17459 omnibox in Navigation in Google REDH Chrome prior to 69.0.3497.92 not AT allowed a remote attacker to spoof 2019 yet CONF the contents of the Omnibox (URL -01- calcuIRM google -- chrome bar) via a crafted HTML page. 09 lated MISC CVE- An improper update of the 2018- WebAssembly dispatch table in 17458 WebAssembly in Google Chrome REDH prior to 69.0.3497.92 allowed a not AT remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC An object lifecycle issue in Blink could lead to a use after free in CVE- WebAudio in Google Chrome prior 2018- to 69.0.3497.81 allowed a remote not 17457 attacker to execute arbitrary code 2019 yet CONF inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC CVE- JavaScript alert handling in Prompts 2018- in Google Chrome prior to 6160 68.0.3440.75 allowed a remote not BID attacker to spoof the contents of the 2019 yet CONF Omnibox (URL bar) via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info GENT OO Incorrect handling of confusable characters in URL Formatter in CVE- Google Chrome prior to 2018- 71.0.3578.80 allowed a remote not 20070 attacker to spoof the contents of the 2019 yet CONF Omnibox (URL bar) via a crafted -01- calcuIRM google -- chrome domain name. 09 lated MISC CVE- 2018- 6167 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior CVE- to 70.0.3538.67 allowed a remote 2018- attacker to install a service worker not 20071 for a domain that can host attacker 2019 yet CONF controled files via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write CVE- access in V8 in Google Chrome 2017- prior to 62.0.3202.94 and allowed a not 15428 remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC A missing check for whether a not CVE- property of a JS object is private in 2019 yet 2016- V8 in Google Chrome prior to -01- calcu9651 google -- chrome 55.0.2883.75 allowed a remote 09 lated REDH CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker to execute arbitrary code AT inside a sandbox via a crafted BID HTML page. CONF IRM MISC GENT OO EXPL OIT- DB A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in CVE- WebAssembly in Google Chrome 2017- prior to 62.0.3202.62 allowed a not 15401 remote attacker to execute arbitrary 2019 yet CONF code inside a sandbox via a crafted -01- calcuIRM google -- chrome HTML page. 09 lated MISC Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior CVE- to 62.0.3202.74 allowed a remote 2017- attacker who had compromised the not 15402 renderer process to potentially 2019 yet CONF perform a sandbox escape via a -01- calcuIRM google -- chrome crafted HTML page. 09 lated MISC Insufficient data validation in crosh could lead to a command injection under chronos privileges in CVE- Networking in Google Chrome on 2017- Chrome OS prior to 61.0.3163.113 not 15403 allowed a local attacker to execute 2019 yet CONF arbitrary code via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC An ability to process crash dumps under root privileges and not CVE- inappropriate symlinks handling 2019 yet 2017- could lead to a local privilege -01- calcu15404 google -- chrome escalation in Crash Reporting in 09 lated CONF CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Google Chrome on Chrome OS prior IRM to 61.0.3163.113 allowed a local MISC attacker to perform privilege escalation via a crafted HTML page. Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in CVE- cryptohomed in Google Chrome on 2017- Chrome OS prior to 61.0.3163.113 not 15405 allowed a local attacker to execute 2019 yet CONF arbitrary code via a crafted HTML -01- calcuIRM google -- chrome page. 09 lated MISC CVE- 2018- 6179 BID Insufficient enforcement of file REDH access permission in the activeTab AT case in Extensions in Google CONF Chrome prior to 68.0.3440.75 IRM allowed an attacker who convinced a MISC user to install a malicious extension not GENT to access files on the local file 2019 yet OO system via a crafted Chrome -01- calcuDEBI google -- chrome Extension. 09 lated AN CVE- 2018- 6153 BID REDH AT CONF A precision error in Skia in Google IRM Chrome prior to 68.0.3440.75 MISC allowed a remote attacker who had not GENT compromised the renderer process to 2019 yet OO perform an out of bounds memory -01- calcuDEBI google -- chrome write via a crafted HTML page. 09 lated AN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 6178 BID REDH AT Eliding from the wrong side in an CONF infobar in DevTools in Google IRM Chrome prior to 68.0.3440.75 MISC allowed an attacker who convinced a not GENT user to install a malicious extension 2019 yet OO to Hide Chrome Security UI via a -01- calcuDEBI google -- chrome crafted Chrome Extension. 09 lated AN CVE- 2018- 6175 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6174 BID REDH AT CONF IRM Integer overflows in Swiftshader in MISC Google Chrome prior to not GENT 68.0.3440.75 potentially allowed a 2019 yet OO remote attacker to execute arbitrary -01- calcuDEBI google -- chrome code via a crafted HTML page. 09 lated AN Incorrect handling of confusable 2019 CVE- characters in URL Formatter in -01- not 2018- google -- chrome Google Chrome prior to 09 yet 6173 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 68.0.3440.75 allowed a remote calcuBID attacker to perform domain spoofing lated REDH via IDN homographs via a crafted AT domain name. CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6172 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome prior to MISC 68.0.3440.75 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6170 BID REDH AT CONF IRM A bad cast in PDFium in Google MISC Chrome prior to 68.0.3440.75 not GENT allowed a remote attacker to 2019 yet OO potentially exploit heap corruption -01- calcuDEBI google -- chrome via a crafted PDF file. 09 lated AN Lack of timeout on extension install CVE- prompt in Extensions in Google 2018- Chrome prior to 68.0.3440.75 not 6169 allowed a remote attacker to trigger 2019 yet BID installation of an unwanted -01- calcuREDH google -- chrome extension via a crafted HTML page. 09 lated AT CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6158 BID REDH AT CONF IRM A race condition in Oilpan in Google MISC Chrome prior to 68.0.3440.75 not GENT allowed a remote attacker to 2019 yet OO potentially exploit heap corruption -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 6151 BID REDH AT Bad cast in DevTools in Google CONF Chrome on Win, Linux, Mac, IRM Chrome OS prior to 66.0.3359.117 MISC allowed an attacker who convinced a not GENT user to install a malicious extension 2019 yet OO to perform an out of bounds memory -01- calcuDEBI google -- chrome read via a crafted Chrome Extension. 09 lated AN CVE- 2018- 16085 A use after free in BID ResourceCoordinator in Google REDH Chrome prior to 69.0.3497.81 not AT allowed a remote attacker to 2019 yet CONF potentially exploit heap corruption -01- calcuIRM google -- chrome via a crafted HTML page. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info GENT OO CVE- 2018- 16080 BID A missing check for popup window REDH handling in Fullscreen in Google AT Chrome on macOS prior to CONF 69.0.3497.81 allowed a remote not IRM attacker to spoof the contents of the 2019 yet MISC Omnibox (URL bar) via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO CVE- 2018- 16078 BID REDH Unsafe handling of credit card AT details in Autofill in Google Chrome CONF prior to 69.0.3497.81 allowed a not IRM remote attacker to obtain potentially 2019 yet MISC sensitive information from process -01- calcuGENT google -- chrome memory via a crafted HTML page. 09 lated OO CVE- 2018- 6097 BID REDH AT Incorrect handling of asynchronous CONF methods in Fullscreen in Google IRM Chrome on macOS prior to MISC 66.0.3359.117 allowed a remote not GENT attacker to enter full screen without 2019 yet OO showing a warning via a crafted -01- calcuDEBI google -- chrome HTML page. 09 lated AN A race condition between permission CVE- prompts and navigations in Prompts not 2018- in Google Chrome prior to 2019 yet 16079 69.0.3497.81 allowed a remote -01- calcuBID google -- chrome attacker to spoof the contents of the 09 lated REDH CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Omnibox (URL bar) via a crafted AT HTML page. CONF IRM MISC GENT OO CVE- 2018- 6100 BID REDH AT Incorrect handling of confusable CONF characters in URL Formatter in IRM Google Chrome on macOS prior to MISC 66.0.3359.117 allowed a remote not GENT attacker to perform domain spoofing 2019 yet OO via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- 6106 BID REDH AT CONF An asynchronous generator may IRM return an incorrect state in V8 in MISC Google Chrome prior to not GENT 66.0.3359.117 allowing a remote 2019 yet OO attacker to potentially exploit object -01- calcuDEBI google -- chrome corruption via a crafted HTML page. 09 lated AN CVE- readAsText() can indefinitely read 2018- the file picked by the user, rather 6109 than only once at the time the file is BID picked in File API in Google REDH Chrome prior to 66.0.3359.117 AT allowed a remote attacker to access not CONF data on the user file system without 2019 yet IRM explicit consent via a crafted HTML -01- calcuMISC google -- chrome page. 09 lated GENT CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info OO DEBI AN CVE- 2018- 6110 BID REDH AT CONF IRM Parsing documents as HTML in MISC Downloads in Google Chrome prior not GENT to 66.0.3359.117 allowed a remote 2019 yet OO attacker to cause Chrome to execute -01- calcuDEBI google -- chrome scripts via a local non-HTML page. 09 lated AN CVE- 2018- 6111 BID REDH AT CONF An object lifetime issue in the IRM developer tools network handler in MISC Google Chrome prior to not GENT 66.0.3359.117 allowed a local 2019 yet OO attacker to execute arbitrary code via -01- calcuDEBI google -- chrome a crafted HTML page. 09 lated AN CVE- 2018- Allowing the chrome.debugger API 16081 to run on file:// URLs in DevTools BID in Google Chrome prior to REDH 69.0.3497.81 allowed an attacker AT who convinced a user to install a CONF malicious extension to access files not IRM on the local file system without file 2019 yet MISC access permission via a crafted -01- calcuGENT google -- chrome Chrome Extension. 09 lated OO CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 6096 BID REDH AT CONF A JavaScript focused window could IRM overlap the fullscreen notification in MISC Fullscreen in Google Chrome prior not GENT to 66.0.3359.117 allowed a remote 2019 yet OO attacker to obscure the full screen -01- calcuDEBI google -- chrome warning via a crafted HTML page. 09 lated AN CVE- 2018- 16082 BID REDH An out of bounds read in AT Swiftshader in Google Chrome prior CONF to 69.0.3497.81 allowed a remote not IRM attacker to potentially perform out of 2019 yet MISC bounds memory access via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO CVE- 2018- 16083 BID REDH AT CONF An out of bounds read in forward IRM error correction code in WebRTC in MISC Google Chrome prior to GENT 69.0.3497.81 allowed a remote not OO attacker to perform an out of bounds 2019 yet EXPL memory read via a crafted HTML -01- calcuOIT- google -- chrome page. 09 lated DB Making URLs clickable and not CVE- allowing them to be styled in 2019 yet 2018- DevTools in Google Chrome prior to -01- calcu6112 google -- chrome 66.0.3359.117 allowed a remote 09 lated BID CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker to bypass navigation REDH restrictions via a crafted HTML AT page. CONF IRM MISC GENT OO DEBI AN CVE- 2018- 6113 BID REDH AT CONF Improper handling of pending IRM navigation entries in Navigation in MISC Google Chrome on iOS prior to not GENT 66.0.3359.117 allowed a remote 2019 yet OO attacker to perform domain spoofing -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 6114 BID REDH AT CONF Incorrect enforcement of CSP for IRM tags in Blink in Google MISC Chrome prior to 66.0.3359.117 not GENT allowed a remote attacker to bypass 2019 yet OO content security policy via a crafted -01- calcuDEBI google -- chrome HTML page. 09 lated AN CVE- Confusing settings in Autofill in 2018- Google Chrome prior to 6117 66.0.3359.117 allowed a remote not BID attacker to obtain potentially 2019 yet REDH sensitive information from process -01- calcuAT google -- chrome memory via a crafted HTML page. 09 lated CONF CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info IRM MISC GENT OO DEBI AN CVE- 2018- 6120 BID REDH An integer overflow that could lead AT to an attacker-controlled heap out- CONF of-bounds write in PDFium in IRM Google Chrome prior to MISC 66.0.3359.170 allowed a remote not GENT attacker to execute arbitrary code 2019 yet OO inside a sandbox via a crafted PDF -01- calcuDEBI google -- chrome file. 09 lated AN CVE- 2018- 16088 REDH A missing check for JS-simulated AT input events in Blink in Google CONF Chrome prior to 69.0.3497.81 not IRM allowed a remote attacker to 2019 yet MISC download arbitrary files with no user -01- calcuGENT google -- chrome input via a crafted HTML page. 09 lated OO CVE- 2018- 16087 REDH Lack of proper state tracking in AT Permissions in Google Chrome prior CONF to 69.0.3497.81 allowed a remote not IRM attacker to bypass navigation 2019 yet MISC restrictions via a crafted HTML -01- calcuGENT google -- chrome page. 09 lated OO Missing bounds check in PDFium in 2019 CVE- Google Chrome prior to -01- not 2018- google -- chrome 69.0.3497.81 allowed a remote 09 yet 16076 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker to perform an out of bounds calcuBID memory read via a crafted PDF file. lated REDH AT CONF IRM MISC GENT OO CVE- 2018- 6093 BID REDH AT CONF IRM Insufficient origin checks in Blink in MISC Google Chrome prior to not GENT 66.0.3359.117 allowed a remote 2019 yet OO attacker to leak cross-origin data via -01- calcuDEBI google -- chrome a crafted HTML page. 09 lated AN CVE- 2018- 6147 BID SECT RAC K REDH Lack of secure text entry mode in AT Browser UI in Google Chrome on CONF Mac prior to 67.0.3396.62 allowed a not IRM local attacker to obtain potentially 2019 yet MISC sensitive information from process -01- calcuDEBI google -- chrome memory via a local process. 09 lated AN Early free of object in use in CVE- IndexDB in Google Chrome prior to 2018- 67.0.3396.62 allowed a remote 6127 attacker who had compromised the not BID renderer process to potentially 2019 yet SECT perform a sandbox escape via a -01- calcuRAC google -- chrome crafted HTML page. 09 lated K CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info REDH AT CONF IRM MISC DEBI AN CVE- 2018- 6144 BID SECT RAC K REDH AT Off-by-one error in PDFium in CONF Google Chrome prior to not IRM 67.0.3396.62 allowed a remote 2019 yet MISC attacker to perform an out of bounds -01- calcuDEBI google -- chrome memory write via a crafted PDF file. 09 lated AN CVE- 2018- 6143 BID SECT RAC K REDH Insufficient validation in V8 in AT Google Chrome prior to CONF 67.0.3396.62 allowed a remote not IRM attacker to perform an out of bounds 2019 yet MISC memory read via a crafted HTML -01- calcuDEBI google -- chrome page. 09 lated AN Insufficient validation of an image CVE- filter in Skia in Google Chrome prior 2018- to 67.0.3396.62 allowed a remote 6141 attacker who had compromised the not BID renderer process to perform an out of 2019 yet SECT bounds memory read via a crafted -01- calcuRAC google -- chrome HTML page. 09 lated K CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info REDH AT CONF IRM MISC DEBI AN CVE- 2018- 6140 BID SECT RAC Allowing the chrome.debugger API K to attach to Web UI pages in REDH DevTools in Google Chrome prior to AT 67.0.3396.62 allowed an attacker CONF who convinced a user to install a not IRM malicious extension to execute 2019 yet MISC arbitrary code via a crafted Chrome -01- calcuDEBI google -- chrome Extension. 09 lated AN CVE- 2018- 6139 BID SECT RAC Insufficient target checks on the K chrome.debugger API in DevTools REDH in Google Chrome prior to AT 67.0.3396.62 allowed an attacker CONF who convinced a user to install a not IRM malicious extension to execute 2019 yet MISC arbitrary code via a crafted Chrome -01- calcuDEBI google -- chrome Extension. 09 lated AN CVE- 2018- CSS Paint API in Blink in Google 6137 Chrome prior to 67.0.3396.62 not BID allowed a remote attacker to leak 2019 yet SECT cross-origin data via a crafted -01- calcuRAC google -- chrome HTML page. 09 lated K CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info REDH AT CONF IRM MISC DEBI AN CVE- 2018- 6135 BID SECT RAC K REDH Lack of clearing the previous site AT before loading alerts from a new one CONF in Blink in Google Chrome prior to not IRM 67.0.3396.62 allowed a remote 2019 yet MISC attacker to perform domain spoofing -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 6133 BID SECT RAC K Incorrect handling of confusable REDH characters in URL Formatter in AT Google Chrome prior to CONF 67.0.3396.62 allowed a remote not IRM attacker to perform domain spoofing 2019 yet MISC via IDN homographs via a crafted -01- calcuDEBI google -- chrome domain name. 09 lated AN CVE- 2018- A precision error in Skia in Google 6126 Chrome prior to 67.0.3396.62 not BID allowed a remote attacker to perform 2019 yet BID an out of bounds memory write via a -01- calcuSECT google -- chrome crafted HTML page. 09 lated RAC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info K SECT RAC K REDH AT REDH AT REDH AT CONF IRM MISC GENT OO DEBI AN DEBI AN EXPL OIT- DB CVE- 2018- 6091 BID REDH AT Service Workers can intercept any CONF request made by an or IRM tag in Fetch API in Google MISC Chrome prior to 66.0.3359.117 not GENT allowed a remote attacker to leak 2019 yet OO cross-origin data via a crafted -01- calcuDEBI google -- chrome HTML page. 09 lated AN CVE- 2018- Type confusion in ReadableStreams 6124 in Blink in Google Chrome prior to not BID 67.0.3396.62 allowed a remote 2019 yet SECT attacker to potentially exploit object -01- calcuRAC google -- chrome corruption via a crafted HTML page. 09 lated K CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info REDH AT CONF IRM MISC DEBI AN CVE- 2018- 6123 BID SECT RAC K REDH AT A use after free in Blink in Google CONF Chrome prior to 67.0.3396.62 not IRM allowed a remote attacker to 2019 yet MISC potentially exploit heap corruption -01- calcuDEBI google -- chrome via a crafted HTML page. 09 lated AN CVE- 2018- 16065 BID REDH AT A Javascript reentrancy issues that CONF caused a use-after-free in V8 in IRM Google Chrome prior to MISC 69.0.3497.81 allowed a remote not GENT attacker to execute arbitrary code 2019 yet OO inside a sandbox via a crafted -01- calcuDEBI google -- chrome HTML page. 09 lated AN CVE- 2018- 16066 A use after free in Blink in Google BID Chrome prior to 69.0.3497.81 not REDH allowed a remote attacker to 2019 yet AT potentially exploit heap corruption -01- calcuCONF google -- chrome via a crafted HTML page. 09 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info MISC GENT OO DEBI AN CVE- 2018- 16068 BID REDH AT CONF Missing validation in Mojo in IRM Google Chrome prior to MISC 69.0.3497.81 allowed a remote not GENT attacker to potentially perform a 2019 yet OO sandbox escape via a crafted HTML -01- calcuDEBI google -- chrome page. 09 lated AN CVE- 2018- 16071 BID REDH AT CONF IRM MISC A use after free in WebRTC in GENT Google Chrome prior to not OO 69.0.3497.81 allowed a remote 2019 yet EXPL attacker to potentially exploit heap -01- calcuOIT- google -- chrome corruption via a crafted video file. 09 lated DB CVE- 2018- 16072 A missing origin check related to BID HLS manifests in Blink in Google CONF Chrome prior to 69.0.3497.81 not IRM allowed a remote attacker to bypass 2019 yet MISC same origin policy via a crafted -01- calcuGENT google -- chrome HTML page. 09 lated OO CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- 2018- 6056 BID REDH Type confusion could lead to a heap AT out-of-bounds write in V8 in Google CONF Chrome prior to 64.0.3282.168 not IRM allowing a remote attacker to 2019 yet MISC execute arbitrary code inside a -01- calcuDEBI google -- chrome sandbox via a crafted HTML page. 09 lated AN CVE- 2018- 6084 BID BID Insufficiently sanitized distributed CONF objects in Updater in Google IRM Chrome on macOS prior to not MISC 66.0.3359.117 allowed a local 2019 yet EXPL attacker to execute arbitrary code via -01- calcuOIT- google -- chrome an executable file. 09 lated DB CVE- 2018- 16067 BID REDH AT CONF IRM A use after free in WebAudio in MISC Google Chrome prior to not GENT 69.0.3497.81 allowed a remote 2019 yet OO attacker to potentially exploit heap -01- calcuDEBI google -- chrome corruption via a crafted HTML page. 09 lated AN Insufficient data validation on image CVE- data in PDFium in Google Chrome 2016- prior to 51.0.2704.63 allowed a not 10403 remote attacker to perform an out of 2019 yet CONF google -- chrome bounds memory read via a crafted -01- calcuIRM PDF file. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info IBM API Connect 5.0.0.0 through CVE- 5.0.8.4 is affected by a vulnerability 2018- in the role-based access control in 1932 the management server that could not CONF allow an authenticated user to obtain 2019 yet IRM highly sensitive information. IBM -01- calcuBID ibm -- api_connect X-Force ID: 153175. 08 lated XF An untrusted search path vulnerability in IBM i Access for CVE- Windows versions 7.1 and earlier on 2018- Windows can allow arbitrary code 1888 execution via a Trojan horse DLL in not BID the current working directory, 2019 yet XF related to use of the LoadLibrary -01- calcuCONF ibm -- i_access_for_windows function. IBM X-Force ID: 152079. 04 lated IRM IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to CVE- embed arbitrary JavaScript code in 2018- the Web UI thus altering the 1918 intended functionality potentially not CONF leading to credentials disclosure 2019 yet IRM within a trusted session. IBM X- -01- calcuBID ibm -- jazz_reporting_service Force ID: 152785. 08 lated XF IBM Spectrum Scale (GPFS) 4.1.1, CVE- 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 2018- where the use of Local Read Only 1993 Cache (LROC) is enabled may not BID caused read operation on a file to 2019 yet XF return data from a different file. IBM -01- calcuCONF ibm -- spectrum_scale X-Force ID: 154440. 08 lated IRM CVE- 2018- Imperva SecureSphere running not 5412 v12.0.0.50 is vulnerable to local 2019 yet EXPL arbitrary code execution, escaping -01- calcuOIT- imperva -- securesphere sealed-mode. 10 lated DB not CVE- Imperva SecureSphere running 2019 yet 2018- v13.0, v12.0, or v11.5 allows low -01- calcu5413 imperva -- securesphere privileged users to add SSH login 10 lated EXPL CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info keys to the admin user, resulting in OIT- privilege escalation. DB Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows CVE- the basic authentication passwords, 2018- the GW may be vulnerable to RCE not 5403 through specially crafted requests, 2019 yet EXPL from the web access management -01- calcuOIT- imperva -- securesphere_gateway interface. 10 lated DB Improper setting of device configuration in system firmware for CVE- Intel(R) NUC kits may allow a not 2017- privileged user to potentially enable 2019 yet 3718 intel -- nuc_firmware escalation of privilege via physical -01- calcuCONF access. 10 lated IRM Firmware update routine in bootloader for Intel(R) Optane(TM) CVE- SSD DC P4800X before version not 2018- E2010435 may allow a privileged 2019 yet 12167 user to potentially enable a denial of -01- calcuCONF intel -- optane_ssd_dc_p4800x service via local access. 10 lated IRM Insufficient write protection in firmware for Intel(R) Optane(TM) CVE- SSD DC P4800X before version not 2018- E2010435 may allow a privileged 2019 yet 12166 user to potentially enable a denial of -01- calcuCONF intel -- optane_ssd_dc_p4800x service via local access. 10 lated IRM Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software CVE- before version 20.90.0.7 may allow not 2018- an authorized user to potentially 2019 yet 12177 enable escalation of privilege via -01- calcuCONF intel -- proset/wireless_wifi_software local access. 10 lated IRM Improper file verification in install routine for Intel(R) SGX SDK and CVE- Platform Software for Windows not 2018- intel -- before 2.2.100 may allow an 2019 yet 18098 sgx_sdk_and_platform_software_for_wi escalation of privilege via local -01- calcuCONF ndow access. 10 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows CVE- before v3.0.17 may allow not 2018- authenticated users to potentially 2019 yet 3703 intel -- enable an escalation of privilege via -01- calcuCONF ssd_data_center_tool_for_windows local access. 10 lated IRM Insufficient path checking in Intel(R) System Support Utility for Windows CVE- before 2.5.0.15 may allow an not 2019- authenticated user to potentially 2019 yet 0088 intel -- enable an escalation of privilege via -01- calcuCONF system_support_utility_for_windows local access. 10 lated IRM CVE- 2019- not 5882 Irssi 1.1.x before 1.1.2 has a use 2019 yet MISC irssi -- irssi after free when hidden lines are -01- calcuMISC expired from the scroll buffer. 09 lated MISC Untrusted search path vulnerability CVE- in Installer of Mapping Tool 2.0.1.6 not 2018- and 2.0.1.7 allows remote attackers 2019 yet 16176 japan_atomic_energy_agency -- to gain privileges via a Trojan horse -01- calcuMISC mapping_tool DLL in an unspecified directory. 09 lated JVN An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have CVE- Jenkins connect to an attacker- 2018- specified URL using attacker- not 10004 specified credentials IDs obtained 2019 yet 12 through another method, capturing -01- calcuCONF jenkins -- jenkins credentials stored in Jenkins. 09 lated IRM An improper authorization vulnerability exists in Jenkins Crowd CVE- 2 Integration Plugin 2.0.0 and earlier 2018- in CrowdSecurityRealm.java that not 10004 allows attackers to have Jenkins 2019 yet 22 perform a connection test, -01- calcuCONF jenkins -- jenkins connecting to an attacker-specified 09 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info server with attacker-specified credentials and connection settings. A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in CVE- core/src/main/java/hudson/model/Ap 2018- i.java that allows attackers to specify not 10004 URLs to Jenkins that result in 2019 yet 07 rendering arbitrary attacker- -01- calcuCONF jenkins -- jenkins controlled HTML by Jenkins. 09 lated IRM A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/ HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a CVE- specific URL on instances using the 2018- built-in Jenkins user database not 10004 security realm that results in the 2019 yet 08 creation of an ephemeral user record -01- calcuCONF jenkins -- jenkins in memory. 09 lated IRM A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/ CVE- HudsonPrivateSecurityRealm.java 2018- that prevented Jenkins from not 10004 invalidating the existing session and 2019 yet 09 creating a new one when a user -01- calcuCONF jenkins -- jenkins signed up for a new user account. 09 lated IRM A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/su mmary.jelly, GitChangelogLeftsideBuildDecorato CVE- r/badge.jelly, 2018- GitLogJiraFilterPostPublisher/config not 10004 .jelly, 2019 yet 26 GitLogBasicChangelogPostPublishe -01- calcuCONF jenkins -- jenkins r/config.jelly that allows attackers 09 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin CVE- 2.8 and earlier in 2018- SonarInstallation.java that allows not 10004 attackers with local file system 2019 yet 25 access to obtain the credentials used -01- calcuCONF jenkins -- jenkins to connect to SonarQube. 09 lated IRM An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CVE- CrowdConfigurationService.java 2018- that allows attackers with local file not 10004 system access to obtain the 2019 yet 23 credentials used to connect to Crowd -01- calcuCONF jenkins -- jenkins 2. 09 lated IRM An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an CVE- attacker-specified Mesos server with 2018- attacker-specified credentials IDs not 10004 obtained through another method, 2019 yet 21 capturing credentials stored in -01- calcuCONF jenkins -- jenkins Jenkins. 09 lated IRM CVE- A cross-site request forgery 2018- vulnerability exists in Jenkins JUnit not 10004 Plugin 1.25 and earlier in 2019 yet 11 TestObject.java that allows setting -01- calcuCONF jenkins -- jenkins the description of a test result. 09 lated IRM An improper authorization not CVE- vulnerability exists in Jenkins Mesos 2019 yet 2018- Plugin 0.17.1 and earlier in -01- calcu10004 jenkins -- jenkins MesosCloud.java that allows 09 lated 20 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attackers with Overall/Read access CONF to obtain credentials IDs for IRM credentials stored in Jenkins. An improper authorization vulnerability exists in Jenkins CVE- HipChat Plugin 2.2.0 and earlier in 2018- HipChatNotifier.java that allows not 10004 attackers with Overall/Read access 2019 yet 19 to obtain credentials IDs for -01- calcuCONF jenkins -- jenkins credentials stored in Jenkins. 09 lated IRM An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an CVE- attacker-specified HipChat server 2018- with attacker-specified credentials not 10004 IDs obtained through another 2019 yet 18 method, capturing credentials stored -01- calcuCONF jenkins -- jenkins in Jenkins. 09 lated IRM A cross-site request forgery vulnerability exists in Jenkins Email CVE- Extension Template Plugin 1.0 and 2018- earlier in not 10004 ExtEmailTemplateManagement.java 2019 yet 17 that allows creating or removing -01- calcuCONF jenkins -- jenkins templates. 09 lated IRM A reflected cross-site scripting vulnerability exists in Jenkins Job CVE- Config History Plugin 2.18 and 2018- earlier in all Jelly files that shows not 10004 arbitrary attacker-specified HTML 2019 yet 16 in Jenkins to users with -01- calcuCONF jenkins -- jenkins Job/Configure access. 09 lated IRM An information exposure vulnerability exists in Jenkins 2.145 CVE- and earlier, LTS 2.138.1 and earlier, 2018- and the Stapler framework used by not 10004 these releases, in 2019 yet 10 core/src/main/java/org/kohsuke/stapl -01- calcuCONF jenkins -- jenkins er/RequestImpl.java, 09 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info core/src/main/java/hudson/model/De scriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and CVE- earlier in 2018- ConfigFilesManagement.java, not 10004 FolderConfigFileAction.java that 2019 yet 14 allows creating and editing -01- calcuCONF jenkins -- jenkins configuration file definitions. 09 lated IRM A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in CVE- configfiles.jelly, providerlist.jelly 2018- that allows users with the ability to not 10004 configure configuration files to 2019 yet 13 insert arbitrary HTML into some -01- calcuCONF jenkins -- jenkins pages in Jenkins. 09 lated IRM A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterVa lue.jelly, RebuildAction/ExtendedChoicePara meterValue.jelly, RebuildAction/FileParameterValue.j elly, RebuildAction/LabelParameterValue .jelly, RebuildAction/ListSubversionTagsP arameterValue.jelly, RebuildAction/MavenMetadataPara CVE- meterValue.jelly, 2018- RebuildAction/NodeParameterValue not 10004 .jelly, 2019 yet 15 RebuildAction/PasswordParameterV -01- calcuCONF jenkins -- jenkins alue.jelly, 09 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info RebuildAction/RandomStringParam eterValue.jelly, RebuildAction/RunParameterValue.j elly, RebuildAction/StringParameterValu e.jelly, RebuildAction/TextParameterValue. jelly, RebuildAction/ValidatingStringPara meterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CVE- CredentialsConfig.java that allows 2018- attackers with local file system not 10004 access to obtain old credentials 2019 yet 24 configured for the plugin before it -01- calcuCONF jenkins -- jenkins integrated with Credentials Plugin. 09 lated IRM A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Fil eParameterValue.java that allows attackers with Job/Configure CVE- permission to define a file parameter 2018- with a file name outside the intended not 10004 directory, resulting in an arbitrary 2019 yet 06 jenkins -- jenkins file write on the Jenkins master -01- calcuCONF when scheduling a build. 09 lated IRM CVE- LogonTracer 1.2.0 and earlier allows not 2018- remote attackers to conduct Python 2019 yet 16168 code injection attacks via -01- calcuMISC jpcert_coordination_center -- logontracer unspecified vectors. 09 lated MISC Cross-site scripting vulnerability in 2019 CVE- LogonTracer 1.2.0 and earlier allows -01- not 2018- jpcert_coordination_center -- logontracer remote attackers to inject arbitrary 09 yet 16165 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info web script or HTML via unspecified calcuMISC vectors. lated MISC CVE- LogonTracer 1.2.0 and earlier allows not 2018- remote attackers to conduct XML 2019 yet 16166 External Entity (XXE) attacks via -01- calcuMISC jpcert_coordination_center -- logontracer unspecified vectors. 09 lated MISC CVE- LogonTracer 1.2.0 and earlier allows not 2018- remote attackers to execute arbitrary 2019 yet 16167 OS commands via unspecified -01- calcuMISC jpcert_coordination_center -- logontracer vectors. 09 lated MISC An issue was discovered in lib60870 not CVE- 2.1.1. LinkLayer_setAddress in 2019 yet 2019- lib60870 -- lib60870 link_layer/link_layer.c has a NULL -01- calcu6137 pointer dereference. 11 lated MISC An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c not CVE- has a SEGV, as demonstrated by 2019 yet 2019- sv_subscriber_example.c and -01- calcu6136 libiec61850 -- libiec61850 sv_subscriber.c. 11 lated MISC An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value. c, server/mms_mapping/mms_mapping .c, and server/mms_mapping/mms_sv.c (via not CVE- common/string_utilities.c), as 2019 yet 2019- libiec61850 -- libiec61850 demonstrated by -01- calcu6138 iec61850_9_2_LE_example.c. 11 lated MISC An issue has been found in CVE- libIEC61850 v1.3.1. not 2019- Memory_malloc in 2019 yet 6135 libiec61850 -- libiec61850 hal/memory/lib_memory.c has a -01- calcuMISC memory leak when called from 11 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value .c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. not CVE- png_create_info_struct in png.c in 2019 yet 2019- libpng -- libpng libpng 1.6.36 has a memory leak, as -01- calcu6129 demonstrated by pngcp. 11 lated MISC The TIFFFdOpen function in not CVE- tif_unix.c in LibTIFF 4.0.10 has a 2019 yet 2019- libtiff -- libtiff memory leak, as demonstrated by -01- calcu6128 pal2rgb. 11 lated MISC The mincore() implementation in mm/mincore.c in the through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on CVE- the same system, potentially 2019- allowing sniffing of secret 5489 information. (Fixing this affects the MISC output of the fincore program.) BID Limited remote exploitation may be not MISC possible, as demonstrated by latency 2019 yet MISC linux -- linux_kernel differences in accessing public files -01- calcuMISC from an Apache HTTP Server. 07 lated MISC EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member &at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_ not CVE- db.php may allow retrieving 2019 yet 2019- linux -- linux_kernel sensitive information from the -01- calcu5488 ESPCMS database. 07 lated MISC Open redirect vulnerability in EC- CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE CVE- 3.0.3, EC-CUBE 3.0.4, EC-CUBE not 2018- 3.0.5, EC-CUBE 3.0.6, EC-CUBE 2019 yet 16191 3.0.7, EC-CUBE 3.0.8, EC-CUBE -01- calcuJVN lockon -- ec-cube 3.0.9, EC-CUBE 3.0.10, EC-CUBE 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC- CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical CVE- outputs via HDMI, VGA, DVI, etc.) 2018- the content of a screensaver-locked 20681 session can be revealed. In some not MISC scenarios, the attacker can execute 2019 yet MISC mate_desktop_environment -- mate- applications, such as by clicking -01- calcuMISC screensaver with a mouse. 09 lated MISC Improper input validation in the proxy component of McAfee Web CVE- Gateway 7.8.2.0 and later allows not 2019- remote attackers to cause a denial of 2019 yet 3581 mcafee -- web_gateway service via a crafted HTTP request -01- calcuCONF parameter. 09 lated IRM INplc-RT 3.08 and earlier allows remote attackers to bypass CVE- authentication to execute an arbitrary not 2018- command through the protocol- 2019 yet 0669 compliant traffic. This is a different -01- calcuMISC micronet -- inplc vulnerability than CVE-2018-0670. 09 lated JVN Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers CVE- to cause denial-of-service (DoS) not 2018- condition that may result in 2019 yet 0668 executing arbtrary code via -01- calcuMISC micronet -- inplc unspecified vectors. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an CVE- attacker with administrator rights to not 2018- execute arbitrary code on the 2019 yet 0671 Windows system via unspecified -01- calcuMISC micronet -- inplc vectors. 09 lated JVN INplc-RT 3.08 and earlier allows remote attackers to bypass CVE- authentication to execute an arbitrary not 2018- command through the protocol- 2019 yet 0670 compliant traffic. This is a different -01- calcuMISC micronet -- inplc vulnerability than CVE-2018-0669. 09 lated JVN Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of CVE- INplc SDK Pro+ 3.08 and earlier not 2018- allows an attacker to gain privileges 2019 yet 0667 micronet -- inplc via a Trojan horse DLL in an -01- calcuMISC unspecified directory. 09 lated JVN An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, CVE- Microsoft .NET Framework 2019- 4.7/4.7.1/4.7.2, .NET Core 2.1, 0545 Microsoft .NET Framework BID 4.7.1/4.7.2, Microsoft .NET not REDH Framework 3.5, Microsoft .NET 2019 yet AT Framework 3.5.1, Microsoft .NET -01- calcuCONF microsoft -- .net_framework Framework 4.6/4.6.1/4.6.2, .NET 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Core 2.2, Microsoft .NET Framework 4.7.2. A denial of service vulnerability CVE- exists when ASP.NET Core 2019- improperly handles web requests, 0548 aka "ASP.NET Core Denial of BID Service Vulnerability." This affects not REDH ASP.NET Core 2.2, ASP.NET Core 2019 yet AT 2.1. This CVE ID is unique from -01- calcuCONF microsoft -- asp.net_core CVE-2019-0564. 08 lated IRM An elevation of privilege CVE- vulnerability exists in Microsoft 2019- Edge Browser Broker COM object, not 0566 aka "Microsoft Edge Elevation of 2019 yet BID Privilege Vulnerability." This affects -01- calcuCONF microsoft -- edge Microsoft Edge. 08 lated IRM A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine CVE- Memory Corruption Vulnerability." 2019- This affects Microsoft Edge, not 0568 ChakraCore. This CVE ID is unique 2019 yet BID from CVE-2019-0539, CVE-2019- -01- calcuCONF microsoft -- edge_and_chakracore 0567. 08 lated IRM A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine CVE- Memory Corruption Vulnerability." 2019- This affects Microsoft Edge, not 0539 ChakraCore. This CVE ID is unique 2019 yet BID from CVE-2019-0567, CVE-2019- -01- calcuCONF microsoft -- edge_and_chakracore 0568. 08 lated IRM A remote code execution CVE- vulnerability exists in the way that 2019- the Chakra scripting engine handles not 0567 objects in memory in Microsoft 2019 yet BID Edge, aka "Chakra Scripting Engine -01- calcuCONF microsoft -- edge_and_chakracore Memory Corruption Vulnerability." 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019- 0568. A remote code execution vulnerability exists in Microsoft Exchange software when the CVE- software fails to properly handle 2019- objects in memory, aka "Microsoft not 0586 Exchange Memory Corruption 2019 yet BID Vulnerability." This affects -01- calcuCONF microsoft -- exchange_server Microsoft Exchange Server. 08 lated IRM An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API CVE- grants calendar contributors more 2019- view permissions than intended, aka not 0588 "Microsoft Exchange Information 2019 yet BID microsoft -- exchange_server Disclosure Vulnerability." This -01- calcuCONF affects Microsoft Exchange Server. 08 lated IRM An information disclosure vulnerability exists when Microsoft Word macro buttons are used CVE- improperly, aka "Microsoft Word 2019- Information Disclosure not 0561 Vulnerability." This affects 2019 yet BID Microsoft Word, Office 365 ProPlus, -01- calcuCONF microsoft -- multiple_products Microsoft Office, Word. 08 lated IRM A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects CVE- Microsoft Office, Microsoft Office 2019- Word Viewer, Internet Explorer 9, not 0541 Internet Explorer 11, Microsoft 2019 yet BID Excel Viewer, Internet Explorer 10, -01- calcuCONF microsoft -- multiple_products Office 365 ProPlus. 08 lated IRM A remote code execution 2019 CVE- vulnerability exists in Microsoft -01- not 2019- microsoft -- multiple_products Word software when it fails to 08 yet 0585 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info properly handle objects in memory, calcuBID aka "Microsoft Word Remote Code lated CONF Execution Vulnerability." This IRM affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This CVE- affects Microsoft SharePoint Server, 2019- Microsoft SharePoint, Microsoft not 0558 Business Productivity Servers. This 2019 yet BID CVE ID is unique from CVE-2019- -01- calcuCONF microsoft -- multiple_products 0556, CVE-2019-0557. 08 lated IRM A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint CVE- server, aka "Microsoft Office 2019- SharePoint XSS Vulnerability." This not 0556 affects Microsoft SharePoint. This 2019 yet BID CVE ID is unique from CVE-2019- -01- calcuCONF microsoft -- sharepoint 0557, CVE-2019-0558. 08 lated IRM An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint CVE- server, aka "Microsoft SharePoint 2019- Elevation of Privilege not 0562 Vulnerability." This affects 2019 yet BID Microsoft SharePoint Server, -01- calcuCONF microsoft -- sharepoint Microsoft SharePoint. 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint CVE- server, aka "Microsoft Office 2019- SharePoint XSS Vulnerability." This not 0557 affects Microsoft SharePoint. This 2019 yet BID microsoft -- sharepoint CVE ID is unique from CVE-2019- -01- calcuCONF 0556, CVE-2019-0558. 08 lated IRM An elevation of privilege vulnerability exists when Skype for CVE- Andriod fails to properly handle 2019- specific authentication requests, aka not 0622 "Skype for Android Elevation of 2019 yet BID Privilege Vulnerability." This affects -01- calcuCONF microsoft -- skype_for_android Skype 8.35. 08 lated IRM A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly CVE- handles specific combinations of 2019- C++ constructs, aka "Visual Studio not 0546 Remote Code Execution 2019 yet BID Vulnerability." This affects -01- calcuCONF microsoft -- visual_studio Microsoft Visual Studio. 08 lated IRM An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a CVE- malicious .vscontent file, aka 2019- "Microsoft Visual Studio not 0537 Information Disclosure 2019 yet BID Vulnerability." This affects -01- calcuCONF microsoft -- visual_studio Microsoft Visual Studio. 08 lated IRM An elevation of privilege vulnerability exists when the Windows Data Sharing Service CVE- improperly handles file operations, 2019- aka "Windows Data Sharing Service not 0571 Elevation of Privilege 2019 yet BID Vulnerability." This affects -01- calcuCONF microsoft -- windows Windows Server 2016, Windows 10, 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019- 0573, CVE-2019-0574. An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects CVE- Windows Server 2012 R2, Windows 2019- RT 8.1, Windows Server 2012, not 0570 Windows Server 2019, Windows 2019 yet BID Server 2016, Windows 8.1, -01- calcuCONF microsoft -- windows Windows 10, Windows 10 Servers. 08 lated IRM An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows CVE- 8.1, Windows Server 2016, 2019- Windows Server 2008 R2, Windows not 0569 10, Windows 10 Servers. This CVE 2019 yet BID ID is unique from CVE-2019-0536, -01- calcuCONF microsoft -- windows CVE-2019-0549, CVE-2019-0554. 08 lated IRM A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects CVE- Windows 7, Windows Server 2012 2019- R2, Windows RT 8.1, Windows not 0538 Server 2008, Windows Server 2019, 2019 yet BID Windows Server 2012, Windows -01- calcuCONF microsoft -- windows 8.1, Windows Server 2016, 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows CVE- Hyper-V Remote Code Execution 2019- Vulnerability." This affects not 0550 Windows 10 Servers, Windows 10, 2019 yet BID Windows Server 2019. This CVE ID -01- calcuCONF microsoft -- windows is unique from CVE-2019-0551. 08 lated IRM An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows CVE- 8.1, Windows Server 2016, 2019- Windows Server 2008 R2, Windows not 0549 10, Windows 10 Servers. This CVE 2019 yet BID ID is unique from CVE-2019-0536, -01- calcuCONF microsoft -- windows CVE-2019-0554, CVE-2019-0569. 08 lated IRM An elevation of privilege vulnerability exists when Windows improperly handles authentication CVE- requests, aka "Microsoft Windows 2019- Elevation of Privilege not 0543 Vulnerability." This affects 2019 yet BID Windows 7, Windows Server 2012 -01- calcuCONF microsoft -- windows R2, Windows RT 8.1, Windows 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects CVE- Windows Server 2012 R2, Windows 2019- RT 8.1, Windows Server 2012, not 0555 Windows Server 2019, Windows 2019 yet BID Server 2016, Windows 8.1, -01- calcuCONF microsoft -- windows Windows 10, Windows 10 Servers. 08 lated IRM An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows CVE- 8.1, Windows Server 2016, 2019- Windows Server 2008 R2, Windows not 0554 10, Windows 10 Servers. This CVE 2019 yet BID ID is unique from CVE-2019-0536, -01- calcuCONF microsoft -- windows CVE-2019-0549, CVE-2019-0569. 08 lated IRM An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka CVE- "Windows Subsystem for Linux 2019- Information Disclosure not 0553 Vulnerability." This affects 2019 yet BID Windows 10 Servers, Windows 10, -01- calcuCONF microsoft -- windows Windows Server 2019. 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects CVE- Windows Server 2016, Windows 10, 2019- Windows Server 2019, Windows 10 not 0573 Servers. This CVE ID is unique 2019 yet BID from CVE-2019-0571, CVE-2019- -01- calcuCONF microsoft -- windows 0572, CVE-2019-0574. 08 lated IRM An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects CVE- Windows Server 2012 R2, Windows 2019- RT 8.1, Windows Server 2019, not 0552 Windows Server 2016, Windows 2019 yet BID 8.1, Windows 10, Windows 10 -01- calcuCONF microsoft -- windows Servers. 08 lated IRM A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution CVE- Vulnerability." This affects 2019- Windows Server 2016, Windows 10, not 0551 Windows Server 2019, Windows 10 2019 yet BID Servers. This CVE ID is unique -01- calcuCONF microsoft -- windows from CVE-2019-0550. 08 lated IRM An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, CVE- aka "Windows Data Sharing Service 2019- Elevation of Privilege not 0572 Vulnerability." This affects 2019 yet BID Windows Server 2016, Windows 10, -01- calcuCONF microsoft -- windows Windows Server 2019, Windows 10 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019- 0573, CVE-2019-0574. A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE- CVE-2019-0575, CVE-2019-0577, 2019- CVE-2019-0578, CVE-2019-0579, not 0576 CVE-2019-0580, CVE-2019-0581, 2019 yet BID CVE-2019-0582, CVE-2019-0583, -01- calcuCONF microsoft -- windows CVE-2019-0584. 08 lated IRM An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects CVE- Windows Server 2016, Windows 10, 2019- Windows Server 2019, Windows 10 not 0574 Servers. This CVE ID is unique 2019 yet BID from CVE-2019-0571, CVE-2019- -01- calcuCONF microsoft -- windows 0572, CVE-2019-0573. 08 lated IRM A remote code execution vulnerability exists when the CVE- Windows Jet Database Engine 2019- improperly handles objects in not 0577 memory, aka "Jet Database Engine 2019 yet BID Remote Code Execution -01- calcuCONF microsoft -- windows Vulnerability." This affects 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE- CVE-2019-0575, CVE-2019-0576, 2019- CVE-2019-0577, CVE-2019-0578, not 0581 CVE-2019-0579, CVE-2019-0580, 2019 yet BID CVE-2019-0582, CVE-2019-0583, -01- calcuCONF microsoft -- windows CVE-2019-0584. 08 lated IRM A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in CVE- memory, aka "Jet Database Engine 2019- Remote Code Execution not 0582 Vulnerability." This affects 2019 yet BID Windows 7, Windows Server 2012 -01- calcuCONF microsoft -- windows R2, Windows RT 8.1, Windows 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE- CVE-2019-0575, CVE-2019-0576, 2019- CVE-2019-0577, CVE-2019-0579, not 0578 CVE-2019-0580, CVE-2019-0581, 2019 yet BID CVE-2019-0582, CVE-2019-0583, -01- calcuCONF microsoft -- windows CVE-2019-0584. 08 lated IRM A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution CVE- Vulnerability." This affects 2019- Windows 7, Windows Server 2012 not 0579 R2, Windows RT 8.1, Windows 2019 yet BID Server 2008, Windows Server 2019, -01- calcuCONF microsoft -- windows Windows Server 2012, Windows 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE- CVE-2019-0575, CVE-2019-0576, 2019- CVE-2019-0577, CVE-2019-0578, not 0580 CVE-2019-0579, CVE-2019-0581, 2019 yet BID CVE-2019-0582, CVE-2019-0583, -01- calcuCONF microsoft -- windows CVE-2019-0584. 08 lated IRM A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 CVE- R2, Windows RT 8.1, Windows 2019- Server 2008, Windows Server 2019, not 0583 Windows Server 2012, Windows 2019 yet BID 8.1, Windows Server 2016, -01- calcuCONF microsoft -- windows Windows Server 2008 R2, Windows 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584. A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE- CVE-2019-0575, CVE-2019-0576, 2019- CVE-2019-0577, CVE-2019-0578, not 0584 CVE-2019-0579, CVE-2019-0580, 2019 yet BID CVE-2019-0581, CVE-2019-0582, -01- calcuCONF microsoft -- windows CVE-2019-0583. 08 lated IRM A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, CVE- Windows Server 2012, Windows 2019- 8.1, Windows Server 2016, not 0575 Windows Server 2008 R2, Windows 2019 yet BID 10, Windows 10 Servers. This CVE -01- calcuCONF microsoft -- windows ID is unique from CVE-2019-0538, 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows CVE- 8.1, Windows Server 2016, 2019- Windows Server 2008 R2, Windows not 0536 10, Windows 10 Servers. This CVE 2019 yet BID microsoft -- windows ID is unique from CVE-2019-0549, -01- calcuCONF CVE-2019-0554, CVE-2019-0569. 08 lated IRM The Mizuho Direct App for Android version 3.13.0 and earlier does not CVE- verify server certificates, which not 2018- allows man-in-the-middle attackers 2019 yet 16179 mizuho_bank -- to spoof servers and obtain sensitive -01- calcuMISC mizuho_direct_app_for_android information via a crafted certificate. 09 lated MISC CVE- 2017- modulemd 1.3.1 and earlier uses an not 10021 unsafe function for processing 2019 yet 57 modulemd -- modulemd externally provided data, leading to -01- calcuCONF remote code execution. 10 lated IRM Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an CVE- attacker on the same network not 2018- segment to execute arbitrary OS 2019 yet 16195 nec -- commands via SOAP interface of -01- calcuMISC aterm_wf1200cr_and_aterm_wg1200cr UPnP. 09 lated JVN CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an CVE- attacker on the same network not 2018- segment to obtain information 2019 yet 16192 nec -- registered on the device via -01- calcuMISC aterm_wf1200cr_and_aterm_wg1200cr unspecified vectors. 09 lated JVN Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware CVE- Ver1.0.1 and earlier) allows not 2018- authenticated attackers to inject 2019 yet 16193 nec -- arbitrary web script or HTML via -01- calcuMISC aterm_wf1200cr_and_aterm_wg1200cr unspecified vectors. 09 lated JVN Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware CVE- Ver1.0.1 and earlier) allows not 2018- authenticated attackers to execute 2019 yet 16194 nec -- arbitrary OS commands via -01- calcuMISC aterm_wf1200cr_and_aterm_wg1200cr unspecified vectors. 09 lated JVN CVE- 2019- 5893 Nelson Open Source ERP v6.3.1 not MISC allows SQL Injection via the 2019 yet EXPL nelson -- open_source_erp db/utils/query/data.xml query -01- calcuOIT- parameter. 10 lated DB OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure CVE- attribute in certain circumstances not 2018- netapp -- making it vulnerable to 2019 yet 5481 oncommand_unified_manager_for_7- impersonation via man-in-the- -01- calcuCONF mode middle (MITM) attacks. 07 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for CVE- Security Measures tool allows an not 2018- attacker to gain privileges via a 2019 yet 16177 nippon_telegraph_and_telephone_west_ Trojan horse DLL in an unspecified -01- calcuMISC corporation -- security_measures_tool directory. 09 lated JVN Directory traversal vulnerability in cordova-plugin-ionic-webview CVE- versions prior to 2.2.0 (not including 2018- 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0- not 16202 beta.2, and 2.1.0-0) allows remote 2019 yet MISC attackers to access arbitrary files via -01- calcuJVN npm -- cordova-plugin-ionic-webview unspecified vectors. 09 lated MISC CVE- In OpenSSH 7.9, scp.c in the scp 2018- client allows remote SSH servers to not 20685 bypass intended access restrictions 2019 yet BID openssh -- openssh via the filename of . or an empty -01- calcuMISC filename. 10 lated MISC Buffer overflow in BN-SDWBP3 CVE- firmware version 1.0.9 and earlier not 2018- allows an attacker on the same 2019 yet 0678 network segment to execute arbitrary -01- calcuJVN panasonic -- bn-sdwbp3_firmware code via unspecified vectors. 09 lated MISC BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with CVE- administrator rights on the same not 2018- network segment to execute arbitrary 2019 yet 0677 OS commands via unspecified -01- calcuJVN panasonic -- bn-sdwbp3_firmware vectors. 09 lated MISC BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to CVE- bypass authentication to access to not 2018- the management screen and execute 2019 yet 0676 panasonic -- bn-sdwbp3_firmware an arbitrary command via -01- calcuJVN unspecified vectors. 09 lated MISC An unquoted search path not vulnerability in some pre-installed 2019 yet CVE- applications on Panasonic PC run on -01- calcu2018- panasonic -- multiple_pcs Windows 7 (32bit), Windows 7 09 lated 16183 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info (64bit), Windows 8 (64bit), JVN Windows 8.1 (64bit), Windows 10 MISC (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login CVE- authentication and obtain the not 2018- pgpool -- administrative privilege of the 2019 yet 16203 global_development_group_pgpooladmi PostgreSQL database via -01- calcuJVN n unspecified vectors. 09 lated MISC The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or not CVE- admin/user.php, as demonstrated by 2019 yet 2019- phpscriptsmall.com -- disclosure of information about users -01- calcu6126 advance_peer_to_peer_mlm_script and staff. 11 lated MISC PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script not CVE- phpscriptsmall.com -- 2.0.1 has Reflected XSS via the srch 2019 yet 2019- citysearch_/_hotfrog_/_gelbeseiten_clon parameter, as demonstrated by -01- calcu6248 e_script restaurants-details.php. 12 lated MISC Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote CVE- attacker who gains access to a user's not 2019- browser history could obtain the 2019 yet 3803 access token and use it to -01- calcuCONF pivotal -- concourse authenticate as the user. 11 lated IRM In PolicyKit (aka polkit) 0.115, the CVE- "start time" protection mechanism 2019- can be bypassed because fork() is 6133 not atomic, and therefore not MISC authorization decisions are 2019 yet MISC policykit -- policykit improperly cached. This is related to -01- calcuMISC lack of uid checking in 11 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info polkitbackend/polkitbackendinteracti veauthority.c. qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main not CVE- parameter, as demonstrated by SSRF 2019 yet 2019- qibosoft -- qibosoft to a URL on the same web site to -01- calcu5725 read a .sql file. 08 lated MISC Untrusted search path vulnerability in the installer of MARKET SPEED CVE- Ver.16.4 and earlier allows an not 2018- attacker to gain privileges via a 2019 yet 16182 Trojan horse DLL in an unspecified -01- calcuJVN rakuten_securities -- market_speed directory. 09 lated MISC A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code CVE- execution and extraction of the anti- not 2018- CSRF token of higher privileged 2019 yet 16887 red_hat -- satellite users. Versions before 3.9.0 are -01- calcuCONF vulnerable. 12 lated IRM RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached CVE- (D5520, D6500, D6510, D7500, not 2018- D8400) allows remote attackers to 2019 yet 16184 execute arbitrary commands via -01- calcuJVN ricoh -- interactive_whiteboard unspecified vectors. 09 lated MISC The RICOH Interactive Whiteboard CVE- D2200 V1.3 to V2.2, D5500 V1.3 to not 2018- V2.2, D5510 V1.3 to V2.2, the 2019 yet 16187 display versions with RICOH -01- calcuJVN ricoh -- interactive_whiteboard Interactive Whiteboard Controller 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard- coded credentials, which may allow CVE- an attacker on the same network not 2018- segments to login to the 2019 yet 16186 administrators settings screen and -01- calcuJVN ricoh -- interactive_whiteboard change the configuration. 09 lated MISC RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to CVE- V3.1.10137.0 attached (D5520, not 2018- D6510, D7500, D8400) allows 2019 yet 16185 remote attackers to execute a -01- calcuJVN ricoh -- interactive_whiteboard malicious program. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, CVE- D6510, D7500, D8400) allows not 2018- remote attackers to execute arbitrary 2019 yet 16188 ricoh -- interactive_whiteboard SQL commands via unspecified -01- calcuJVN vectors. 09 lated MISC SAP Business Objects Mobile for Android (before 6.3.5) application CVE- allows an attacker to provide 2019- malicious input in the form of a SAP not 0240 BI link, preventing legitimate users 2019 yet BID sap -- from accessing the application by -01- calcuMISC business_objects_mobile_for_android crashing it. 08 lated MISC Under some circumstances, masterdata maintenance in SAP CVE- BW/4HANA (fixed in DW4CORE 2019- version 1.0 (SP08)) does not perform not 0243 necessary authorization checks for 2019 yet BID an authenticated user, resulting in -01- calcuMISC sap -- bw/4hana escalation of privileges. 08 lated MISC SAP Cloud Connector, before version 2.11.3, allows an attacker to CVE- inject code that can be executed by not 2019- the application. An attacker could 2019 yet 0247 thereby control the behavior of the -01- calcuMISC sap -- cloud_connector application. 08 lated MISC CVE- SAP Cloud Connector, before 2019- version 2.11.3, does not perform any not 0246 authentication checks for 2019 yet BID functionalities that require user -01- calcuMISC sap -- cloud_connector identity. 08 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info SAP Commerce (previously known CVE- as SAP Hybris Commerce), before 2019- version 6.7, does not sufficiently not 0238 encode user-controlled inputs, 2019 yet BID sap -- commerce resulting in Cross-Site Scripting -01- calcuMISC (XSS) vulnerability. 08 lated MISC SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; CVE- WEBCUIF 7.31, 7.46, 7.47, 7.48, 2019- 8.0, 8.01) does not sufficiently not 0244 encode user-controlled inputs, 2019 yet BID resulting in Cross-Site Scripting -01- calcuMISC sap -- crm_webclient_ui (XSS) vulnerability. 08 lated MISC SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; CVE- WEBCUIF 7.31, 7.46, 7.47, 7.48, 2019- 8.0, 8.01) does not sufficiently not 0245 encode user-controlled inputs, 2019 yet BID resulting in Cross-Site Scripting -01- calcuMISC sap -- crm_webclient_ui (XSS) vulnerability. 08 lated MISC SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA- FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, CVE- 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 2018- 8.0; Bank/CFM 4.63_20) does not not 2484 perform necessary authorization 2019 yet BID checks for an authenticated user, -01- calcuMISC sap -- enterprise_financial_services resulting in escalation of privileges. 08 lated MISC A security weakness in SAP CVE- Financial Consolidation Cube 2018- Designer (BOBJ_EADES fixed in not 2499 versions 8.0, 10.1) may allow an 2019 yet BID sap -- attacker to discover the password -01- calcuMISC financial_consolidation_cube_designer hash of an admin user. 08 lated MISC Under certain conditions SAP Gateway of ABAP Application CVE- Server (fixed in SAP_GWFND 7.5, 2019- 7.51, 7.52, 7.53; SAP_BASIS 7.5) not 0248 allows an attacker to access 2019 yet BID sap -- information which would otherwise -01- calcuMISC gateway_of_abap_application_server be restricted. 08 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info CVE- Under certain conditions SAP 2019- Landscape Management (VCM 3.0) not 0249 allows an attacker to access 2019 yet BID information which would otherwise -01- calcuMISC sap -- landscape_management be restricted. 08 lated MISC SAP Work and Inventory Manager CVE- (Agentry_SDK , before 7.0, 7.1) 2019- allows an attacker to prevent not 0241 legitimate users from accessing a 2019 yet BID service, either by crashing or -01- calcuMISC sap -- work_and_inventory_manager flooding the service. 08 lated MISC HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP- 708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware CVE- versions released prior to 2017 not 2018- August 1, EP-978A3 firmware 2019 yet 0689 versions released prior to 2017 -01- calcuJVN seiko_epson -- printers_and_scanners August 7, EP-979A3 firmware 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW- M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX- M840F firmware versions released prior to 2017 November 16, PX- M840FX firmware versions released prior to 2017 December 8, PX- M860F firmware versions released prior to 2017 October 25, PX- S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser. Open redirect vulnerability in SEIKO EPSON printers and CVE- scanners (DS-570W firmware not 2018- versions released prior to 2018 2019 yet 0688 March 13, DS-780N firmware -01- calcuJVN seiko_epson -- printers_and_scanners versions released prior to 2018 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP- 708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW- M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX- M840F firmware versions released prior to 2017 November 16, PX- M840FX firmware versions released prior to 2017 December 8, PX- M860F firmware versions released prior to 2017 October 25, PX- S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product. An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the not CVE- rmdir method. Attackers can delete 2019 yet 2019- arbitrary files by using "../" directory -01- calcu5887 shopxo -- shopxo traversal. 10 lated MISC An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.p hp file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. not CVE- The attacker can write arbitrary code 2019 yet 2019- shopxo -- shopxo to database.php during system -01- calcu5886 reinstallation. 10 lated MISC An issue was discovered in Anti- Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A not CVE- heap-based buffer overflow bug in 2019 yet 2019- svgpp_agg_render may lead to code -01- calcu6247 svgpp -- svgpp execution. In the 12 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap. An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return not CVE- code is used as an address, leading to 2019 yet 2019- an Access Violation because of an -01- calcu6246 svgpp -- svgpp out-of-bounds read. 12 lated MISC An issue was discovered in Anti- Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is not CVE- always bigger than dx_limit during 2019 yet 2019- svgpp -- svgpp the recursion, leading to continual -01- calcu6245 stack consumption. 12 lated MISC CVE- 2018- An out of bounds read was 16866 discovered in systemd-journald in BID the way it parses log messages that CONF terminate with a colon ':'. A local not IRM attacker can use this flaw to disclose 2019 yet UBU process memory data. Versions from -01- calcuNTU systemd-journald -- systemd-journald v221 to v239 are vulnerable. 11 lated MISC An allocation of memory without CVE- limits, that could result in the stack 2018- clashing with another memory not 16865 region, was discovered in systemd- 2019 yet BID journald when many entries are sent -01- calcuCONF systemd-journald -- systemd-journald to the journal socket. A local 11 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info attacker, or a remote one if systemd- UBU journal-remote is used, may use this NTU flaw to crash systemd-journald or MISC execute code with journald privileges. Versions through v240 are vulnerable. An allocation of memory without limits, that could result in the stack CVE- clashing with another memory 2018- region, was discovered in systemd- 16864 journald when a program with long BID command line arguments calls CONF syslog. A local attacker may use this not IRM flaw to crash systemd-journald or 2019 yet UBU systemd-journald -- systemd-journald escalate his privileges. Versions -01- calcuNTU through v240 are vulnerable. 11 lated MISC Toshiba Home gateway HEM- GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the CVE- same network segment to bypass not 2018- toshiba -- toshiba_home_gateway_hem- access restriction to access the 2019 yet 16197 gw16a_and_ information and files stored on the -01- calcuMISC hem-gw26a affected device. 09 lated JVN Toshiba Home gateway HEM- GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on CVE- the same network segment to access not 2018- toshiba -- toshiba_home_gateway_hem- a non-documented developer screen 2019 yet 16198 gw16a_and_ to perform operations on the affected -01- calcuMISC hem-gw26a device. 09 lated JVN Cross-site scripting vulnerability in Toshiba Home gateway HEM- GW16A 1.2.9 and earlier, Toshiba CVE- Home gateway HEM-GW26A 1.2.9 not 2018- toshiba -- toshiba_home_gateway_hem- and earlier allows an remote attacker 2019 yet 16199 gw16a_and_ to inject arbitrary web script or -01- calcuMISC hem-gw26a HTML via unspecified vectors. 09 lated JVN toshiba -- toshiba_home_gateway_hem- Toshiba Home gateway HEM- 2019 CVE- gw16a_and_ GW16A 1.2.9 and earlier, Toshiba -01- not 2018- hem-gw26a Home gateway HEM-GW26A 1.2.9 09 yet 16200 CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info and earlier allows an attacker on the calcuMISC same network segment to execute lated JVN arbitrary OS commands. Toshiba Home gateway HEM- GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network CVE- segment to login to the not 2018- toshiba -- toshiba_home_gateway_hem- administrators settings screen and 2019 yet 16201 gw16a_and_ change the configuration or execute -01- calcuMISC hem-gw26a arbitrary OS commands. 09 lated JVN CVE- not 2019- In Traccar Server version 4.2, 2019 yet 5748 traccar -- traccar_server protocol/SpotProtocolDecoder.java -01- calcuMISC might allow XXE attacks. 09 lated MISC An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and not CVE- consequently execute arbitrary PHP 2019 yet 2019- usualtoolcms -- usualtoolcms code by writing that code into a .php -01- calcu6244 file. 11 lated MISC Cross-site scripting vulnerability in CVE- GROWI v3.2.3 and earlier allows not 2018- remote attackers to inject arbitrary 2019 yet 16205 web script or HTML via New Page -01- calcuJVN weseek -- growi modal. 09 lated MISC Cross-site scripting vulnerability in CVE- GROWI v3.2.3 and earlier allows not 2018- remote attackers to inject arbitrary 2019 yet 0698 weseek -- growi web script or HTML via unspecified -01- calcuJVN vectors. 09 lated MISC A memory corruption vulnerability CVE- exists in the Windows DHCP client 2019- when an attacker sends specially not 0547 crafted DHCP responses to a client, 2019 yet BID aka "Windows DHCP Client Remote -01- calcuCONF windows -- dhcp_client Code Execution Vulnerability." This 08 lated IRM CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info affects Windows 10, Windows 10 Servers. In WinSCP before 5.14 beta, due to missing validation, the scp CVE- implementation would accept 2018- arbitrary files sent by the server, 20684 potentially overwriting unrelated not BID files. This affects 2019 yet MISC winscp -- winscp TSCPFileSystem::SCPSink in -01- calcuMISC core/ScpFileSystem.cpp. 10 lated MISC CVE- In Wireshark 2.6.0 to 2.6.5 and 2.4.0 2019- to 2.4.11, the RTSE dissector and 5718 other ASN.1 dissectors could crash. not BID This was addressed in 2019 yet MISC epan/charsets.c by adding a -01- calcuMISC wireshark -- wireshark get_t61_string length check. 08 lated MISC In Wireshark 2.6.0 to 2.6.5 and 2.4.0 CVE- to 2.4.11, the ISAKMP dissector 2019- could crash. This was addressed in not 5719 epan/dissectors/packet-isakmp.c by 2019 yet MISC properly handling the case of a -01- calcuMISC wireshark -- wireshark missing decryption data block. 08 lated MISC CVE- In Wireshark 2.6.0 to 2.6.5 and 2.4.0 2019- to 2.4.11, the P_MUL dissector 5717 could crash. This was addressed in not BID epan/dissectors/packet-p_mul.c by 2019 yet MISC rejecting the invalid sequence -01- calcuMISC wireshark -- wireshark number of zero. 08 lated MISC In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This CVE- was addressed in 2019- epan/dissectors/packet-enip.c by not 5721 changing the memory-management 2019 yet MISC approach so that a use-after-free is -01- calcuMISC wireshark -- wireshark avoided. 08 lated MISC CVE- In Wireshark 2.6.0 to 2.6.5, the not 2019- 6LoWPAN dissector could crash. 2019 yet 5716 wireshark -- wireshark This was addressed in -01- calcuBID epan/dissectors/packet-6lowpan.c by 08 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info avoiding use of a TVB before its MISC creation. MISC Cross-site scripting vulnerability in WordPress plugin spam-byebye CVE- 2.2.1 and earlier allows remote not 2018- attackers to inject arbitrary web 2019 yet 16206 script or HTML via unspecified -01- calcuJVN wordpress -- wordpress vectors. 12 lated MISC SQL injection vulnerability in the CVE- LearnPress prior to version 3.1.0 not 2018- allows attacker with administrator 2019 yet 16175 rights to execute arbitrary SQL -01- calcuJVN wordpress -- wordpress commands via unspecified vectors. 09 lated MISC Open redirect vulnerability in LearnPress prior to version 3.1.0 CVE- allows remote attackers to redirect not 2018- users to arbitrary web sites and 2019 yet 16174 conduct phishing attacks via -01- calcuJVN wordpress -- wordpress unspecified vectors. 09 lated MISC Cross-site scripting vulnerability in CVE- LearnPress prior to version 3.1.0 not 2018- allows remote attackers to inject 2019 yet 16173 arbitrary web script or HTML via -01- calcuJVN wordpress -- wordpress unspecified vectors. 09 lated MISC The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for not CVE- WordPress allows XSS via the wp- 2019 yet 2016- wordpress -- wordpress admin/admin.php?page=dpsp-toolkit -01- calcu10736 dpsp_message_class parameter. 09 lated MISC CVE- Cross-site scripting vulnerability in 2018- Event Calendar WD version 1.1.21 16164 and earlier allows remote not JVN authenticated attackers to inject 2019 yet MISC wordpress -- wordpress arbitrary web script or HTML via -01- calcuMISC unspecified vectors. 09 lated MISC Cross-site scripting vulnerability in Google XML Sitemaps Version CVE- 4.0.9 and earlier allows remote not 2018- authenticated attackers to inject 2019 yet 16204 wordpress -- wordpress arbitrary web script or HTML via -01- calcuJVN unspecified vectors. 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] not CVE- SQL injection. This can be used for 2019 yet 2019- xiaocms -- xiaocms PHP code execution via "INTO -01- calcu6127 OUTFILE" with a .php filename. 11 lated MISC A remote code execution vulnerability exists in Xterm.js when CVE- the component mishandles special not 2019- characters, aka "Xterm Remote Code 2019 yet 0542 xterm.js -- xterm.js Execution Vulnerability." This -01- calcuBID affects xterm.js. 09 lated MISC Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the CVE- configuration data through a certain 2018- form field of the configuration page, 0665 which may be executed on another not MISC administrative user's web browser. 2019 yet MISC yamaha -- multiple_routers This is a different vulnerability from -01- calcuJVN CVE-2018-0666. 09 lated MISC Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the CVE- configuration data through a certain 2018- form field of the configuration page, 0666 which may be executed on another not MISC administrative user's web browser. 2019 yet MISC yamaha -- multiple_routers This is a different vulnerability from -01- calcuJVN CVE-2018-0665. 09 lated MISC Buffer overflow in the license CVE- management function of 2018- YOKOGAWA products (iDefine for not 0651 ProSafe-RS R1.16.3 and earlier, 2019 yet BID yokogawa -- multiple_products STARDOM VDS R7.50 and earlier, -01- calcuMISC STARDOM FCN/FCJ Simulator 09 lated MISC CVS Sourc S e & Primary Publ Scor Patch Vendor -- Product Description ished e Info R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of CVE- service attack that may result in 2018- stopping Vnet/IP Open not 16196 Communication Driver's 2019 yet BID yokogawa -- multiple_products communication via unspecified -01- calcuMISC vectors. 09 lated MISC Back to top