Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7569 | 1 Wdoyo | 1 Doyo | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. | |||||
| CVE-2018-20332 | 1 Openwebif Project | 1 Openwebif | 2019-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project. | |||||
| CVE-2015-3194 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2019-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. | |||||
| CVE-2019-7566 | 1 Cszcms | 1 Csz Cms | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | |||||
| CVE-2018-1000843 | 1 Spotify | 1 Luigi | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. | |||||
| CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 8.6 HIGH |
| WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | |||||
| CVE-2018-8033 | 1 Apache | 1 Ofbiz | 2019-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host. | |||||
| CVE-2019-7350 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.9 MEDIUM | 7.3 HIGH |
| Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins. | |||||
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | |||||
| CVE-2018-20129 | 1 Dedecms | 1 Dedecms | 2019-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value. | |||||
| CVE-2018-19960 | 1 Onionshare | 1 Onionshare | 2019-02-05 | 4.4 MEDIUM | 7.0 HIGH |
| The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname. | |||||
| CVE-2018-7063 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2019-02-05 | 6.8 MEDIUM | 8.1 HIGH |
| In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts. | |||||
| CVE-2018-7065 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2019-02-05 | 6.5 MEDIUM | 7.2 HIGH |
| An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | |||||
| CVE-2018-7067 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2019-02-05 | 6.5 MEDIUM | 7.2 HIGH |
| A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | |||||
| CVE-2018-17939 | 1 Gitlab | 1 Gitlab | 2019-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. | |||||
| CVE-2018-11347 | 1 Yunohost | 1 Yunohost | 2019-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning. | |||||
| CVE-2019-7298 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2019-02-05 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. | |||||
| CVE-2018-18629 | 1 Keybase | 1 Keybase | 2019-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. | |||||
| CVE-2018-7262 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2019-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | |||||
| CVE-2018-16185 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. | |||||
| CVE-2018-16186 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-02-04 | 8.3 HIGH | 8.8 HIGH |
| RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. | |||||
| CVE-2018-5197 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2019-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute. | |||||
| CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | |||||
| CVE-2018-19520 | 2 Php, Sdcms | 2 Php, Sdcms | 2019-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | |||||
| CVE-2019-5725 | 1 Qibosoft | 1 Qibosoft | 2019-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. | |||||
| CVE-2018-20717 | 1 Prestashop | 1 Prestashop | 2019-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | |||||
| CVE-2018-15772 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2019-02-04 | 3.6 LOW | 7.1 HIGH |
| Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. | |||||
| CVE-2018-18920 | 1 Ethereum | 1 Py-evm | 2019-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." | |||||
| CVE-2018-1000839 | 1 Librehealth | 1 Librehealth Ehr | 2019-02-01 | 6.5 MEDIUM | 8.8 HIGH |
| LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | |||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | |||||
| CVE-2018-20720 | 1 Abb | 2 Relion 630, Relion 630 Firmware | 2019-02-01 | 7.8 HIGH | 7.5 HIGH |
| ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | |||||
| CVE-2018-4186 | 1 Apple | 1 Safari | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. | |||||
| CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | |||||
| CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | 7.8 HIGH | 7.5 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | |||||
| CVE-2018-16528 | 1 Amazon | 1 Amazon Web Services Freertos | 2019-02-01 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules. | |||||
| CVE-2018-2477 | 1 Sap | 1 Netweaver | 2019-02-01 | 6.5 MEDIUM | 8.8 HIGH |
| Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-2491 | 1 Sap | 1 Fiori Client | 2019-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | |||||
| CVE-2018-3956 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2019-02-01 | 5.8 MEDIUM | 8.1 HIGH |
| An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-19244 | 1 Charlesproxy | 1 Charles | 2019-02-01 | 5.0 MEDIUM | 8.6 HIGH |
| An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked. | |||||
| CVE-2019-7235 | 1 Idreamsoft | 1 Icms | 2019-02-01 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | |||||
| CVE-2019-7233 | 1 Libdoc Project | 1 Libdoc | 2019-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. | |||||
| CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2019-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | |||||
| CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | |||||
| CVE-2018-17186 | 1 Apache | 1 Syncope | 2019-01-31 | 6.5 MEDIUM | 7.2 HIGH |
| An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | |||||
| CVE-2018-17187 | 1 Apache | 1 Qpid Proton-j | 2019-01-31 | 5.8 MEDIUM | 7.4 HIGH |
| The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise. | |||||
| CVE-2018-20303 | 1 Gogs | 1 Gogs | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | |||||
| CVE-2019-3575 | 1 Sqla Yaml Fixtures Project | 1 Sqla Yaml Fixtures | 2019-01-31 | 4.6 MEDIUM | 7.8 HIGH |
| Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. | |||||
| CVE-2018-20658 | 1 Coreftp | 1 Core Ftp | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | |||||
| CVE-2018-20166 | 1 Rukovoditel | 1 Rukovoditel | 2019-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension. | |||||
| CVE-2019-7237 | 2 Idreamsoft, Microsoft | 2 Icms, Windows | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||||