Quantcast
Channel: CISA All NCAS Products
Viewing all 3440 articles
Browse latest View live

Apache Releases Security Update for Apache HTTP Server

April 4, 2019, 9:48 am
$
0
0
Original release date: April 04, 2019

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

SB19-098: Vulnerability Summary for the Week of April 1, 2019

April 8, 2019, 3:32 am
$
0
0
Original release date: April 08, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
74cms -- 74cmsApplication/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.2019-04-017.5CVE-2019-10684
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6550
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6552
MISC
airsonic -- airsonicXXE issue in Airsonic before 10.1.2 during parse.2019-04-047.5CVE-2018-20222
CONFIRM
CONFIRM
apple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-039.3CVE-2018-4126
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.2019-04-039.3CVE-2018-4327
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-0310.0CVE-2018-4331
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-0310.0CVE-2018-4332
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4336
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4337
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4340
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4343
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4344
MISC
MISC
MISC
MISC
apple -- iphone_osAn input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-037.1CVE-2018-4363
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.2019-04-037.5CVE-2018-4367
MISC
apple -- iphone_osA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4383
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4401
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4408
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-037.1CVE-2018-4413
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-039.3CVE-2018-4419
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-039.3CVE-2018-4420
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4425
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-039.3CVE-2018-4426
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.2019-04-039.3CVE-2018-4427
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4447
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4461
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-039.3CVE-2018-4465
MISC
MISC
apple -- mac_os_xA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.2019-04-039.3CVE-2017-13911
MISC
MISC
apple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4259
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4268
MISC
apple -- mac_os_xA type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-039.3CVE-2018-4285
MISC
apple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4286
MISC
MISC
apple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4287
MISC
MISC
apple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4288
MISC
MISC
apple -- mac_os_xAn information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-037.1CVE-2018-4289
MISC
apple -- mac_os_xMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-0310.0CVE-2018-4291
MISC
MISC
apple -- mac_os_xAn input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-037.5CVE-2018-4295
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4334
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4350
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-039.3CVE-2018-4393
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4402
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4410
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4415
MISC
apple -- mac_os_xA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4421
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4422
MISC
apple -- mac_os_xA buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-039.3CVE-2018-4424
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4449
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4450
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.2019-04-039.3CVE-2018-4456
MISC
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-039.3CVE-2018-4463
MISC
apple -- xcodeA memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.2019-04-039.3CVE-2018-4357
MISC
audiocodes -- 420hd_ip_phone_firmwareAn issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.2019-04-019.0CVE-2018-5757
MISC
axiomsl -- axiomAxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.2019-04-037.5CVE-2015-5463
MISC
canonical -- ubuntu_linuxIn the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.2019-04-017.2CVE-2019-8956
MISC
MISC
MISC
MISC
UBUNTU
UBUNTU
cobub -- razorWestern Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.2019-03-297.5CVE-2019-10276
MISC
MISC
ctrip -- apolloAn SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.2019-04-017.5CVE-2019-10686
MISC
dell -- emc_networkerEMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.2019-04-0110.0CVE-2017-8023
BID
MISC
dlink -- dsl-3782_firmwareAn issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.2019-04-019.0CVE-2018-17990
MISC
gog -- galaxyAn exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.2019-04-027.2CVE-2018-3974
MISC
gog -- galaxyAn exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's ?Games? directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.2019-04-027.2CVE-2018-4049
MISC
gog -- galaxyAn exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.2019-04-017.2CVE-2018-4050
CONFIRM
grandstream -- gac2500_firmwareGrandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.2019-03-307.5CVE-2019-10655
MISC
MISC
grandstream -- gxp1610_firmwareA Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.2019-04-017.5CVE-2018-17564
MISC
MISC
grandstream -- gxp1610_firmwareShell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.2019-04-0110.0CVE-2018-17565
MISC
MISC
ibm -- db2IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.2019-04-037.2CVE-2018-1936
XF
CONFIRM
ibm -- db2IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.2019-04-037.2CVE-2019-4014
XF
CONFIRM
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.2019-04-029.0CVE-2018-1640
CONFIRM
XF
mitel -- cmg_suiteThe BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.2019-04-0210.0CVE-2018-19275
CONFIRM
CONFIRM
mkcms_project -- mkcmsMKCMS V5.0 has SQL injection via the bplay.php play parameter.2019-04-027.5CVE-2019-10707
MISC
oisf -- libhtphtp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.2019-04-047.5CVE-2018-10243
CONFIRM
overit -- geocallAn issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.2019-04-019.0CVE-2019-5890
MISC
plataformatec -- devisePlataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.2019-04-037.5CVE-2019-5421
MISC
MISC
postgresql -- postgresqlIn PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS.2019-04-019.0CVE-2019-9193
MISC
MISC
provisio -- sitekioskAn elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.2019-03-297.5CVE-2018-18766
CONFIRM
qualcomm -- mdm9150_firmwareUndefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR11302019-04-047.2CVE-2018-11966
CONFIRM
qualcomm -- mdm9150_firmwarekernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM71502019-04-047.2CVE-2018-13918
CONFIRM
qualcomm -- mdm9206_firmwareImproper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A2019-04-047.2CVE-2018-11830
CONFIRM
qualcomm -- mdm9206_firmwareTZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR11302019-04-047.2CVE-2018-11970
CONFIRM
robocode_project -- robocodeRobocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.2019-03-307.5CVE-2019-10648
MISC
MISC
s-cms -- s-cmsS-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.2019-04-027.5CVE-2019-10708
MISC
salesagility -- suitecrmSuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.2019-04-027.5CVE-2019-6506
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sony -- neural_network_librariesnbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.2019-04-047.5CVE-2019-10844
MISC
suricata-ids -- suricataSuricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.2019-04-047.5CVE-2018-10244
CONFIRM
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.2019-04-057.5CVE-2019-10877
MISC
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.2019-04-057.5CVE-2019-10878
MISC
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.2019-04-057.5CVE-2019-10879
MISC
tongda2000 -- office_anywhereAn issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.2019-04-027.5CVE-2019-9759
MISC
ultimatemember -- ultimate_memberA CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.2019-04-039.3CVE-2019-10673
MISC
zzzcms -- zzzphpZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).2019-03-307.5CVE-2019-10647
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
3m -- detcon_sitewatch_gatewayDetcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.2019-04-025.0CVE-2017-6047
MISC
3m -- detcon_sitewatch_gatewayDetcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.2019-04-025.0CVE-2017-6049
MISC
abine -- blurAbine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component.2019-03-295.0CVE-2019-6481
MISC
FULLDISC
MISC
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.2019-04-055.0CVE-2019-6554
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.2019-04-036.8CVE-2018-4145
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4191
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4197
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4261
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4263
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4264
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4265
MISC
MISC
MISC
MISC
MISC
apple -- icloudA race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4266
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4267
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4269
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4270
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4271
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4272
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-034.3CVE-2018-4273
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-036.8CVE-2018-4284
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.2019-04-035.0CVE-2018-4293
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4299
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4306
MISC
MISC
MISC
MISC
MISC
apple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-034.3CVE-2018-4309
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4314
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4315
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4316
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4317
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4318
MISC
MISC
MISC
MISC
MISC
apple -- icloudA cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-035.8CVE-2018-4319
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4323
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4328
MISC
MISC
MISC
MISC
MISC
apple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-034.3CVE-2018-4345
MISC
MISC
MISC
MISC
MISC
apple -- icloudA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4347
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4358
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4359
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4360
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4361
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4372
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4373
MISC
MISC
MISC
MISC
MISC
apple -- icloudA logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4374
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4375
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4376
MISC
MISC
MISC
MISC
MISC
apple -- icloudA cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4377
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4378
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4382
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4386
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4392
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudAn issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-035.0CVE-2018-4398
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-034.3CVE-2018-4409
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-036.8CVE-2018-4414
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.2019-04-036.8CVE-2018-4416
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4437
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4438
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-034.3CVE-2018-4439
MISC
MISC
MISC
MISC
apple -- icloudA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-034.3CVE-2018-4440
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4441
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4442
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4443
MISC
MISC
MISC
MISC
MISC
MISC
apple -- icloudMultiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.2019-04-036.8CVE-2018-4464
MISC
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-035.0CVE-2018-4203
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1.2019-04-034.3CVE-2018-4216
MISC
apple -- iphone_osAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.2019-04-035.0CVE-2018-4248
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.2019-04-036.8CVE-2018-4275
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.2019-04-036.8CVE-2018-4280
MISC
MISC
MISC
MISC
apple -- iphone_osAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.2019-04-034.9CVE-2018-4282
MISC
MISC
MISC
apple -- iphone_osA denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.2019-04-034.3CVE-2018-4290
MISC
MISC
apple -- iphone_osAn input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-036.8CVE-2018-4303
MISC
MISC
MISC
MISC
apple -- iphone_osA denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-034.3CVE-2018-4304
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.2019-04-035.0CVE-2018-4321
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-036.8CVE-2018-4326
MISC
MISC
MISC
apple -- iphone_osA validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-034.3CVE-2018-4333
MISC
MISC
apple -- iphone_osA validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.2019-04-034.3CVE-2018-4335
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.8CVE-2018-4341
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.8CVE-2018-4354
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-034.3CVE-2018-4355
MISC
MISC
apple -- iphone_osA permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.2019-04-035.0CVE-2018-4356
MISC
apple -- iphone_osAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.2019-04-034.3CVE-2018-4365
MISC
apple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.2019-04-035.0CVE-2018-4366
MISC
apple -- iphone_osA denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-034.0CVE-2018-4368
MISC
MISC
MISC
MISC
apple -- iphone_osA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-035.0CVE-2018-4369
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.2019-04-036.8CVE-2018-4384
MISC
MISC
apple -- iphone_osA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.2019-04-034.3CVE-2018-4385
MISC
apple -- iphone_osAn access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-034.3CVE-2018-4399
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.2019-04-034.3CVE-2018-4400
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-036.5CVE-2018-4407
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.2019-04-034.3CVE-2018-4429
MISC
MISC
apple -- iphone_osA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-034.9CVE-2018-4431
MISC
MISC
MISC
MISC
apple -- iphone_osA logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-036.8CVE-2018-4435
MISC
MISC
MISC
MISC
apple -- iphone_osA certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.2019-04-035.0CVE-2018-4436
MISC
MISC
MISC
apple -- iphone_osThis issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.2019-04-034.3CVE-2018-4446
MISC
apple -- itunesA race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.2019-04-035.1CVE-2017-7151
MISC
MISC
MISC
MISC
MISC
MISC
apple -- itunesA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.2019-04-036.8CVE-2018-4394
MISC
MISC
MISC
MISC
MISC
apple -- mac_os_xAn injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4153
MISC
MISC
apple -- mac_os_xA null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-035.0CVE-2018-4276
MISC
apple -- mac_os_xAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-034.9CVE-2018-4283
MISC
apple -- mac_os_xAn out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4308
MISC
MISC
apple -- mac_os_xA permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4324
MISC
apple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4338
MISC
apple -- mac_os_xA validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4346
MISC
MISC
apple -- mac_os_xA memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4351
MISC
apple -- mac_os_xAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-034.3CVE-2018-4389
MISC
apple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4396
MISC
MISC
apple -- mac_os_xThis issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-034.3CVE-2018-4403
MISC
apple -- mac_os_xA denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.0CVE-2018-4406
MISC
MISC
apple -- mac_os_xA memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2019-04-036.8CVE-2018-4411
MISC
MISC
apple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4417
MISC
MISC
apple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2019-04-034.3CVE-2018-4418
MISC
MISC
apple -- mac_os_xA logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-036.8CVE-2018-4423
MISC
apple -- mac_os_xAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-036.6CVE-2018-4434
MISC
apple -- mac_os_xA validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.2019-04-034.3CVE-2018-4462
MISC
apple -- mac_os_xA privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.2019-04-034.3CVE-2018-4470
MISC
apple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.2019-04-034.3CVE-2018-4195
MISC
apple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.2019-04-034.3CVE-2018-4260
MISC
MISC
apple -- safariA spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.2019-04-035.0CVE-2018-4274
MISC
MISC
apple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.2019-04-035.0CVE-2018-4279
MISC
apple -- safariA logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.2019-04-034.3CVE-2018-4307
MISC
MISC
apple -- safariClearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.2019-04-035.0CVE-2018-4329
MISC
MISC
apple -- safariAn inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.2019-04-034.3CVE-2018-4362
MISC
MISC
apple -- safari"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.2019-04-034.0CVE-2018-4445
MISC
MISC
atlassian -- crowdThe console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.2019-03-296.8CVE-2017-18105
MISC
atlassian -- crowdThe identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.2019-03-296.0CVE-2017-18106
MISC
atlassian -- crowdThe administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.2019-03-296.5CVE-2017-18108
MISC
atlassian -- crowdThe login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.2019-03-295.8CVE-2017-18109
MISC
atlassian -- crowdThe administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.2019-03-294.0CVE-2017-18110
MISC
axway -- vordel_xml_gatewayVordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.2019-04-035.0CVE-2015-5606
MISC
buttle_project -- buttleXSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.2019-04-034.3CVE-2019-5422
MISC
coapthon3_project -- coapthon3The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.2019-04-025.0CVE-2018-12679
MISC
coapthon_project -- coapthonThe Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.2019-04-025.0CVE-2018-12680
MISC
domoticz -- domoticzDomoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.2019-03-315.0CVE-2019-10678
MISC
flatcore -- flatcoreAn issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.2019-03-306.5CVE-2019-10652
MISC
fusioninventory -- fusioninventoryThe FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.2019-03-295.0CVE-2019-10477
MISC
MISC
MISC
MISC
MISC
gnu -- gnutlsIt was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.2019-04-015.0CVE-2019-3836
CONFIRM
CONFIRM
FEDORA
gog -- galaxyAn exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.2019-04-024.9CVE-2018-4051
MISC
grandstream -- gxp1610_firmwareA Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.2019-04-015.0CVE-2018-17563
MISC
MISC
harmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.2019-03-296.5CVE-2019-9920
MISC
MISC
harmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.2019-03-294.0CVE-2019-9921
MISC
MISC
harmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.2019-03-295.0CVE-2019-9922
MISC
MISC
http-live-simulator_project -- http-live-simulatorPath traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.2019-04-035.0CVE-2019-5423
MISC
hyphp -- hybbsAn issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.2019-03-296.8CVE-2019-10644
MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.2019-04-024.0CVE-2018-1906
BID
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.2019-04-024.0CVE-2018-1917
BID
XF
CONFIRM
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.2019-04-025.0CVE-2018-1618
CONFIRM
XF
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.2019-04-026.8CVE-2018-1622
CONFIRM
XF
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410.2019-04-024.0CVE-2018-1625
CONFIRM
XF
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.2019-04-024.0CVE-2018-1626
CONFIRM
XF
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.2019-04-025.0CVE-2018-1680
CONFIRM
XF
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.2019-04-025.5CVE-2019-4043
BID
XF
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.2019-04-026.8CVE-2019-4080
BID
XF
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.2019-03-304.3CVE-2019-10649
BID
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.2019-03-305.8CVE-2019-10650
BID
MISC
imagemagick -- imagemagickLocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.2019-04-024.3CVE-2019-10714
MISC
MISC
MISC
MISC
kakaocorp -- kakaotalkRemote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower.2019-04-016.8CVE-2019-9132
CONFIRM
kubernetes -- kubernetesIn all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.2019-04-014.0CVE-2019-1002100
BID
CONFIRM
CONFIRM
kubernetes -- kubernetesCloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.2019-04-025.0CVE-2019-9946
CONFIRM
lrzip_project -- lrzipThe lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.2019-03-304.3CVE-2019-10654
MISC
microfocus -- content_managerAn unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.2019-04-015.0CVE-2019-3489
MISC
mybb -- mybbA reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.2019-03-294.3CVE-2018-19201
MISC
online_lottery_php_readymade_script_project -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.2019-03-296.8CVE-2019-9604
MISC
open-emr -- openemrA vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.2019-04-024.3CVE-2018-18035
CONFIRM
openmicroscopy -- omeroOMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.2019-03-316.8CVE-2014-7198
MISC
MISC
opensynergy -- blue_sdkThe L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.2019-03-295.4CVE-2018-20378
MISC
CONFIRM
overit -- geocallMultiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.2019-04-014.3CVE-2019-5888
MISC
overit -- geocallAn log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.2019-04-015.0CVE-2019-5889
MISC
overit -- geocallAn issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.2019-04-015.0CVE-2019-5891
MISC
pivotal_software -- concoursePivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.2019-04-015.0CVE-2019-3792
BID
CONFIRM
podofo_project -- podofoAn issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.2019-04-034.3CVE-2019-10723
MISC
pronestor -- pronestor_health_monitoringThe Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.2019-04-014.4CVE-2018-19113
MISC
MISC
qasymphony -- qtest_managerqTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter.2019-04-025.8CVE-2018-15180
MISC
qualcomm -- mdm9206_firmwareInsufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_20162019-04-044.9CVE-2018-11958
CONFIRM
qualcomm -- mdm9206_firmwareInterrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR11302019-04-044.9CVE-2018-11971
CONFIRM
redhat -- openshift_container_platformA flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.2019-04-014.3CVE-2019-3876
BID
CONFIRM
suricata-ids -- suricataSuricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.2019-04-045.0CVE-2018-10242
CONFIRM
synology -- calendarRelative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.2019-04-014.0CVE-2018-13299
CONFIRM
synology -- driveInformation exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.2019-04-015.0CVE-2018-13297
CONFIRM
synology -- file_stationInformation exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.2019-04-015.0CVE-2018-13288
CONFIRM
synology -- mailplus_serverUncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.2019-04-015.0CVE-2018-13296
CONFIRM
synology -- ssl_vpn_clientLack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.2019-04-015.8CVE-2018-13283
CONFIRM
tp-link -- tl-wr840n_firmwareTP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.2019-03-295.0CVE-2018-15840
MISC
ukcms -- ukcmsA CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.2019-04-056.8CVE-2019-10888
MISC
wolfcms -- wolfcmsWolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.2019-03-294.3CVE-2019-10646
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osAn input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-033.3CVE-2018-4305
MISC
MISC
MISC
apple -- iphone_osA consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.2019-04-032.1CVE-2018-4313
MISC
MISC
MISC
apple -- iphone_osThis issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4322
MISC
apple -- iphone_osA logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4325
MISC
apple -- iphone_osA consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.2019-04-032.1CVE-2018-4352
MISC
apple -- iphone_osA lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.2019-04-032.1CVE-2018-4379
MISC
apple -- iphone_osA lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.2019-04-032.1CVE-2018-4387
MISC
apple -- iphone_osA lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.2019-04-032.1CVE-2018-4388
MISC
apple -- iphone_osA lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.2019-04-032.1CVE-2018-4430
MISC
apple -- mac_os_xA permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.2019-04-032.1CVE-2018-4178
MISC
apple -- mac_os_xA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.2019-04-032.1CVE-2018-4342
MISC
apple -- mac_os_xA validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.2019-04-032.1CVE-2018-4348
MISC
MISC
centos-webpanel -- centos_web_panelCentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.2019-04-033.5CVE-2019-10261
BID
MISC
EXPLOIT-DB
dlink -- dsl-3782_firmwareA stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested.2019-04-013.5CVE-2018-17989
MISC
gog -- galaxyAn exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.2019-04-022.1CVE-2018-4052
MISC
gog -- galaxyAn exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.2019-04-022.1CVE-2018-4053
MISC
harmistechnology -- je_messengerAn issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.2019-03-293.5CVE-2019-9919
MISC
MISC
ibm -- api_connectIBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.2019-04-022.1CVE-2018-1874
BID
XF
CONFIRM
ibm -- security_privileged_identity_managerIBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.2019-04-022.1CVE-2018-1623
CONFIRM
XF
ibm -- spectrum_protectIBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.2019-04-023.2CVE-2019-4093
CONFIRM
XF
linux -- linux_kernelThe hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.2019-04-042.1CVE-2018-20449
CONFIRM
MISC
online_lottery_php_readymade_script_project -- online_lottery_php_readymade_scriptPHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.2019-03-293.5CVE-2019-9605
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
amazon -- aws_sdk_for_androidAmazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).2019-04-04not yet calculatedCVE-2018-19981
MISC
MISC
MISC
MISC
apple -- ios_and_macos_and_mojaveAn access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.2019-04-03not yet calculatedCVE-2018-4310
MISC
MISC
MISC
apple -- macos_and_mojaveA configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.2019-04-03not yet calculatedCVE-2018-4353
MISC
apple -- apple_support_for_iosAnalytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.2019-04-03not yet calculatedCVE-2018-4397
MISC
apple -- cupsThe session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.2019-04-03not yet calculatedCVE-2018-4300
BID
MISC
apple -- iosA lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.2019-04-03not yet calculatedCVE-2018-4380
MISC
apple -- multiple_productsA denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.2019-04-03not yet calculatedCVE-2018-4460
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4412
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.2019-04-03not yet calculatedCVE-2018-4395
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.2019-04-03not yet calculatedCVE-2018-4371
MISC
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4312
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.2019-04-03not yet calculatedCVE-2018-4311
MISC
MISC
MISC
MISC
MISC
atlassian -- application_linksThe OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.2019-03-29not yet calculatedCVE-2017-18111
MISC
avaya -- ip_office_contact_centerA SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.2019-04-04not yet calculatedCVE-2019-7001
CONFIRM
axiomsl -- axiom_google_web_toolkit_moduleAxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.2019-04-03not yet calculatedCVE-2015-5384
MISC
axiomsl -- axiom_google_web_toolkit_moduleAxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.2019-04-03not yet calculatedCVE-2015-5462
MISC
bolt -- cmsCross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.2019-04-05not yet calculatedCVE-2019-10874
MISC
MISC
bootstrap -- bootstrap-sass
 		Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.2019-04-04not yet calculatedCVE-2019-10842
MISC
MISC
MISC
burrow-wheeler_aligner -- burrow-wheeler_alignerBWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.2019-03-29not yet calculatedCVE-2019-10269
MISC

cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers

A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.2019-04-04not yet calculatedCVE-2019-1827
BID
CISCO

cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.2019-04-04not yet calculatedCVE-2019-1828
BID
CISCO
domoticz -- domoticzDomoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.2019-03-31not yet calculatedCVE-2019-10664
MISC
eclipse -- hawkbitEclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.2019-04-03not yet calculatedCVE-2019-10240
CONFIRM
gitlab -- community_and_enterprise_editionGitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.2019-04-04not yet calculatedCVE-2018-20229
CONFIRM
CONFIRM
glory -- rbw-100_devicesAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.2019-04-05not yet calculatedCVE-2019-10478
MISC
glory -- rbw-100_devicesAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.2019-04-05not yet calculatedCVE-2019-10479
MISC
grandstream -- gwn7000_and_gwn7610_devicesGrandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.2019-03-30not yet calculatedCVE-2019-10657
MISC
grandstream -- gwn7000_devicesGrandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10656
MISC
grandstream -- gwn7610_devicesGrandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.2019-03-30not yet calculatedCVE-2019-10658
MISC
grandstream -- gxv3370_and_wp820_devicesGrandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.2019-03-30not yet calculatedCVE-2019-10659
MISC
grandstream -- gxv3611ir_hdGrandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.2019-03-30not yet calculatedCVE-2019-10660
MISC
grandstream -- gxv3611ir_hdOn Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.2019-03-30not yet calculatedCVE-2019-10661
MISC
grandstream -- ucm6204Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10662
MISC
grandstream -- ucm6204Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.2019-03-30not yet calculatedCVE-2019-10663
MISC
ibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147710.2019-04-03not yet calculatedCVE-2018-1731
CONFIRM
BID
XF
ibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737.2019-04-03not yet calculatedCVE-2018-1913
CONFIRM
BID
XF
ivanti -- workspace_controlAn issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.2019-04-05not yet calculatedCVE-2019-10885
MISC
jenkins -- jenkinsJenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10298
MISC
jenkins -- jenkinsA missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003099
MISC
jenkins -- jenkinsJenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003095
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003098
MISC
jenkins -- jenkinsJenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003097
MISC
jenkins -- jenkinsJenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003096
MISC
jenkins -- jenkinsJenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10297
MISC
jenkins -- jenkinsJenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003094
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003086
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003092
MISC
jenkins -- jenkinsA missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003091
MISC
jenkins -- jenkinsA missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003087
MISC
jenkins -- jenkinsJenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003089
MISC
jenkins -- jenkinsJenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003088
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003090
MISC
jenkins -- jenkinsA missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003093
MISC
jenkins -- jenkinsJenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10277
MISC
jenkins -- jenkinsJenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10288
MISC
jenkins -- jenkinsJenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10294
MISC
jenkins -- jenkinsA missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10293
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10292
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003084
MISC
jenkins -- jenkinsJenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10291
MISC
jenkins -- jenkinsA missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10290
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10289
MISC
jenkins -- jenkinsJenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10287
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10278
MISC
jenkins -- jenkinsJenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10286
MISC
jenkins -- jenkinsJenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10285
MISC
jenkins -- jenkinsJenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10284
MISC
jenkins -- jenkinsJenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10283
MISC
jenkins -- jenkinsJenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10282
MISC
jenkins -- jenkinsJenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10281
MISC
jenkins -- jenkinsJenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10280
MISC
jenkins -- jenkinsA missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-10279
MISC
jenkins -- jenkinsA missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003085
MISC
jenkins -- jenkinsJenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003066
MISC
jenkins -- jenkinsA missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003083
MISC
jenkins -- jenkinsJenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003057
MISC
jenkins -- jenkinsJenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003063
MISC
jenkins -- jenkinsJenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003062
MISC
jenkins -- jenkinsJenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003061
MISC
jenkins -- jenkinsJenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003060
MISC
jenkins -- jenkinsA missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003059
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003058
MISC
jenkins -- jenkinsJenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003056
MISC
jenkins -- jenkinsJenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003065
MISC
jenkins -- jenkinsJenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003055
MISC
jenkins -- jenkinsJenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003054
MISC
jenkins -- jenkinsJenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003053
MISC
jenkins -- jenkinsJenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003052
MISC
jenkins -- jenkinsJenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003051
MISC
jenkins -- jenkinsJenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10299
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003082
MISC
jenkins -- jenkinsJenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003064
MISC
jenkins -- jenkinsJenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-10296
MISC
jenkins -- jenkinsJenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003075
MISC
jenkins -- jenkinsA missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003081
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003080
MISC
jenkins -- jenkinsA missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003079
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003078
MISC
jenkins -- jenkinsA missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003077
MISC
jenkins -- jenkinsJenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003067
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.2019-04-04not yet calculatedCVE-2019-1003076
MISC
jenkins -- jenkinsJenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003074
MISC
jenkins -- jenkinsJenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003073
MISC
jenkins -- jenkinsJenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003072
MISC
jenkins -- jenkinsJenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003071
MISC
jenkins -- jenkinsJenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003070
MISC
jenkins -- jenkinsJenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-04-04not yet calculatedCVE-2019-1003069
MISC
jenkins -- jenkinsJenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-1003068
MISC
jenkins -- jenkinsJenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-04-04not yet calculatedCVE-2019-10295
MISC
kubernetes -- kubectlThe kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.2019-04-01not yet calculatedCVE-2019-1002101
BID
MISC
kunbus -- pr100088_modbus_gatewayAn attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.2019-04-02not yet calculatedCVE-2019-6531
MISC
libmysofa -- libmysofatreeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.2019-03-31not yet calculatedCVE-2019-10672
MISC
MISC
MISC
libvirt -- libvirtAn incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.2019-04-04not yet calculatedCVE-2019-3886
BID
CONFIRM
norton -- coreNorton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.2019-03-29not yet calculatedCVE-2019-9695
BID
CONFIRM
nouveau_project -- nouveau_display_driverA remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).2019-04-01not yet calculatedCVE-2018-3979
CONFIRM
openstack -- neutronAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.2019-04-05not yet calculatedCVE-2019-10876
MISC
MISC
pallets -- jinjaIn Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.2019-04-06not yet calculatedCVE-2019-10906
MISC
parsedown -- parsedownParsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.2019-04-06not yet calculatedCVE-2019-10905
MISC
MISC
pimcore -- pimcoreAn issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.2019-04-04not yet calculatedCVE-2019-10867
MISC
MISC
pinterest -- ktlintUsing ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261.2019-04-02not yet calculatedCVE-2019-1010260
MISC
poppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.2019-04-05not yet calculatedCVE-2019-10873
MISC
poppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.2019-04-05not yet calculatedCVE-2019-10872
MISC
poppler -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.2019-04-05not yet calculatedCVE-2019-10871
MISC
project_jupyter -- jupyter_notebookIn Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.2019-04-04not yet calculatedCVE-2019-10856
MISC
MISC
rasberry_pi_foundation -- pi_3The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.2019-04-04not yet calculatedCVE-2018-18068
MISC
MISC
rockwell_automation -- powerflex_525_ac_drivesRockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.2019-04-04not yet calculatedCVE-2018-19282
MISC
MISC
rockwell_automation -- rslinx_classicA vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.2019-04-04not yet calculatedCVE-2019-6553
MISC
roundup -- roundupRoundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.2019-04-06not yet calculatedCVE-2019-10904
MLIST
MISC
MISC
MLIST
MISC
salesagility -- suitecrmAn XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.2019-04-05not yet calculatedCVE-2018-20816
MISC
MISC
MISC
salicru -- slc-20-cube3(5)_devicesA reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.2019-04-05not yet calculatedCVE-2019-10887
MISC
shibboleth -- identity_provider_and_opensaml_javaThe (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2019-04-04not yet calculatedCVE-2014-3603
SECUNIA
CONFIRM
CONFIRM
sonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7477
CONFIRM
sonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7475
CONFIRM
sonicwall -- sonicos_and_sonicosvA vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-04-02not yet calculatedCVE-2019-7474
CONFIRM
sqlite -- sqliteSQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).2019-04-03not yet calculatedCVE-2018-20505
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sqlite -- sqlite
 		SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.2019-04-03not yet calculatedCVE-2018-20506
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
synology -- android_momentsChannel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.2019-04-01not yet calculatedCVE-2018-13298
CONFIRM
synology -- application_serviceInformation exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.2019-04-01not yet calculatedCVE-2018-13294
CONFIRM
synology -- application_serviceInformation exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.2019-04-01not yet calculatedCVE-2018-13295
CONFIRM
synology -- diskstation_managerInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13291
CONFIRM
synology -- diskstation_managerCross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.2019-04-01not yet calculatedCVE-2018-13293
CONFIRM
synology -- diskstation_managerCross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.2019-04-01not yet calculatedCVE-2017-16774
CONFIRM
synology -- diskstation_managerCommand injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.2019-04-01not yet calculatedCVE-2018-13284
CONFIRM
synology -- diskstation_managerIncorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13286
CONFIRM
synology -- router_managerInformation exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.2019-04-01not yet calculatedCVE-2018-13290
CONFIRM
synology -- router_managerCommand injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.2019-04-01not yet calculatedCVE-2018-13285
CONFIRM
synology -- router_managerIncorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13287
CONFIRM
synology -- router_managerInformation exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.2019-04-01not yet calculatedCVE-2018-13292
CONFIRM
synology -- router_managerInformation exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.2019-04-01not yet calculatedCVE-2018-13289
CONFIRM
synology -- sso_serverImproper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2019-04-01not yet calculatedCVE-2017-16775
CONFIRM
synology -- web_stationMissing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.2019-04-01not yet calculatedCVE-2018-8913
CONFIRM
teemip -- teemipA command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.2019-04-04not yet calculatedCVE-2019-10863
MISC
MISC
trend_micro -- apex_one_and_officescan_and_worry-free_business_securityA directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.2019-04-05not yet calculatedCVE-2019-9489
CONFIRM
trend_micro -- interscan_web_security_virtual_applianceA vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.2019-04-05not yet calculatedCVE-2019-9490
CONFIRM
tryton -- trytonIn trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.2019-04-04not yet calculatedCVE-2019-10868
MISC
MISC
BUGTRAQ
DEBIAN
uniqkey -- password_manager Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.2019-04-05not yet calculatedCVE-2019-10884
MISC
vmware -- esxi_and_workstation_and_fusionVMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.2019-04-01not yet calculatedCVE-2019-5518
MISC
CONFIRM
vmware -- esxi_and_workstation_and_fusionVMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.2019-04-01not yet calculatedCVE-2019-5519
MISC
CONFIRM
vmware -- fusionVMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.2019-04-01not yet calculatedCVE-2019-5514
MISC
BID
CONFIRM
vmware -- vcloud_director_for_service_providers
 		VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.2019-04-01not yet calculatedCVE-2019-5523
MISC
BID
CONFIRM
vmware -- workstation_and_fusioinVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.2019-04-02not yet calculatedCVE-2019-5515
MISC
BID
CONFIRM
MISC
vmware -- workstation_and_fusionVMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.2019-04-02not yet calculatedCVE-2019-5524
MISC
BID
CONFIRM
wordpress -- wordpresspub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.2019-04-01not yet calculatedCVE-2019-6715
MISC
wordpress -- wordpressIn the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.2019-04-02not yet calculatedCVE-2019-10692
MISC
MISC
xiaomi -- mi_browserA URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.2019-04-05not yet calculatedCVE-2019-10875
MISC
MISC
MISC
zoho -- manageengine_servicedesk_plusInformation leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.2019-04-04not yet calculatedCVE-2019-10273
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

April 8, 2019, 10:47 am
$
0
0
Original release date: April 08, 2019

The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-3870 and CVE-2019-3880 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Intel Releases Security Updates, Mitigations for Multiple Products

April 9, 2019, 10:59 am
$
0
0
Original release date: April 09, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

April 9, 2019, 11:08 am
$
0
0
Original release date: April 09, 2019

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases April 2019 Security Updates

April 9, 2019, 11:44 am
$
0
0
Original release date: April 09, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


AR19-100A: MAR-10135536-8 – North Korean Trojan: HOPLIGHT

April 10, 2019, 6:22 am
$
0
0
Original release date: April 10, 2019

Description

Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise.

This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.

Summary

Description

This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as HOPLIGHT. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.

DHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This report provides analysis of nine malicious executable files. Seven of these files are proxy applications that mask traffic between the malware and the remote operators. The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors. One file contains a public SSL certificate and the payload of the file appears to be encoded with a password or key. The remaining file does not contain any of the public SSL certificates, but attempts outbound connections and drops four files. The dropped files primarily contain IP addresses and SSL certificates.

For a downloadable copy of IOCs, see:

Submitted Files (9)

05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461 (23E27E5482E3F55BF828DAB8855690...)

12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d (868036E102DF4CE414B0E6700825B3...)

2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525 (5C3898AC7670DA30CF0B22075F3E8E...)

4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761 (42682D4A78FE5C2EDA988185A34463...)

4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818 (C5DC53A540ABE95E02008A04A0D56D...)

70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3 (61E3571B8D9B2E9CCFADC3DDE10FB6...)

83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a (3021B9EF74c&BDDF59656A035F94FD...)

d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39 (F8D26F2B8DD2AC4889597E1F2FD1F2...)

ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d (BE588CD29B9DC6F8CFC4D0AA5E5C79...)

Additional Files (4)

49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359 (rdpproto.dll)

70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289 (udbcgiut.dat)

96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 (MSDFMAPI.INI)

cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f (UDPTrcSvc.dll)

IPs (15)

112.175.92.57

113.114.117.122

128.200.115.228

137.139.135.151

181.39.135.126

186.169.2.237

197.211.212.59

21.252.107.198

26.165.218.44

47.206.4.145

70.224.36.194

81.94.192.10

81.94.192.147

84.49.242.125

97.90.44.200

Findings

05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461

Tags

trojan

Details
Name23E27E5482E3F55BF828DAB885569033
Size242688 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD523e27e5482e3f55bf828dab885569033
SHA1139b25e1ae32a8768238935a8c878bfbe2f89ef4
SHA25605feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
SHA5122c481ef42dfc9a7a30575293d09a6f81943e307836ec5b8a346354ab5832c15046dd4015a65201311e33f944763fc55dd44fbe390245be5be7a216026ecfb28b
ssdeep6144:YnDlYMzUvLFOL9wqk6+pqC8iooIBgajvQlm/Z0cp1:alYiXiooIKajvQeZ3
Entropy6.537337
Antivirus
ESETa variant of Win32/NukeSped.AI trojan
SymantecHeur.AdvML.B
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-05 21:57:29-04:00
Import Hashff390ec082b48263a3946814ea18ba46
PE Sections
MD5NameRaw SizeEntropy
c06924120c87e2cb79505e4ab0c2e192header10242.542817
3368eda2d5820605a055596c7c438f0f.text1971206.441545
ec1f06839fa9bc10ad8e183b6bf7c1b5.rdata271365.956914
1e62b7d9f7cc48162e0651f7de314c8a.data81924.147893
980effd28a6c674865537f313318733a.rsrc5125.090362
696fd5cac6e744f336e8ab68a4708fcf.reloc87045.247502
Packers/Compilers/Cryptors
Microsoft Visual C++ ?.?
Description

This artifact is a malicious PE32 executable. When executed the malware will collect system information about the victim machine including OS Version, Volume Information, and System Time, as well as enumerate the system drives and partitions.

The malware is capable of the following functions:

---Begin Malware Capability---

Read, Write, and Move Files
Enumerate System Drives
Create and Terminate Processes
Inject into Running Processes
Create, Start and Stop Services
Modify Registry Settings
Connect to a Remote Host
Upload and Download Files

---End Malware Capability---

The malware is capable of opening and binding to a socket. The malware uses a public SSL certificate for secure communication. This certificate is from www.naver.com. Naver.com is the largest search engine in Korea and provides a variety of web services to clients around the world.

---Begin SSL Certificate Header---

1 0     UNL10U
PolarSSL10UPolarSSL Test CA0
110212144407Z
2102121144407Z0<1 0 UNL10U
PolarSSL10UPolarSSL Client 200

---End SSL Certificate Header---

When executed, the malware will attempt a TLS Handshake with one of four hardcoded IP addresses embedded in the malware. These IP addresses are referenced in 'udbcgiut.dat' below. The malware also contains an embedded Zlib compression library that appears to further obfuscate the communications payload.

The following notable strings have been linked to the use of the SSL certificates and can be used to identify the malware:

---Begin Notable Strings---

fjiejffndxklfsdkfjsaadiepwn
ofuierfsdkljffjoiejftyuir
reykfgkodfgkfdskgdfogpdokgsdfpg
ztretrtireotreotieroptkierert
etudjfirejer
yrty
uiyy
uiyiyj lildvucv
erfdfe poiiumwq

---End Notable Strings---

The next four artifacts contain identical characteristics as those described above. Therefore, only capability that is unique will be described for the following four artifacts.

2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525

Tags

trojan

Details
Name5C3898AC7670DA30CF0B22075F3E8ED6
Size221184 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD55c3898ac7670da30cf0b22075f3e8ed6
SHA191110c569a48b3ba92d771c5666a05781fdd6a57
SHA2562151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
SHA512700ec4d923cf0090f4428ac3d4d205b551c3e48368cf90d37f9831d8a57e73c73eb507d1731662321c723362c9318c3f019716991073dc9a4cc829ce01540337
ssdeep3072:nKBzqEHcJw0sqz7vLFOLBAqui1mqLK1VaU9BzNRyHmdMaF0QqWN0Qjpthmu:nKg0cJ19z7vLFOLSqp0q7syHeFhnhm
Entropy6.346504
Antivirus
ESETa variant of Win32/NukeSped.AI trojan
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-05-16 02:35:55-04:00
Import Hash6ffc5804961e26c43256df683fea6922
PE Sections
MD5NameRaw SizeEntropy
adb596d3ceae66510778e3bf5d4d9582header40960.695660
6453931a0b6192e0bbd6476e736ca63f.text1843206.343388
0ba1433cc62ba7903ada2f1e57603e83.rdata163846.246206
76a08265777f68f08e5e6ed2102cb31d.data122884.050945
cb8939d6bc1cd076acd850c3850bdf78.rsrc40963.289605
Packers/Compilers/Cryptors
Microsoft Visual C++ v6.0
Relationships
2151c1977b...Connected_To81.94.192.147
2151c1977b...Connected_To112.175.92.57
2151c1977b...Related_To181.39.135.126
2151c1977b...Related_To197.211.212.59
2151c1977b...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
2151c1977b...Dropped96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
Description

This artifact is a malicious PE32 executable with similar characteristics of those described in 23E27E5482E3F55BF828DAB885569033 above.

When this artifact is executed, it will write the file 'udbcgiut.dat' to C:\Users\<user>\AppData\Local\Temp.

The malware will then attempt outbound SSL connections to 81.94.192.147 and 112.175.92.57. Both connection attempts are over TCP Port 443.
The two IP addresses above, as well as the IP addresses 181.39.135.126 and 197.211.212.59 are hard-coded into the malware. However, only connections to the first two IP addresses were attempted during analysis.

197.211.212.59

Ports
  • 7443 TCP
Whois

inetnum:        197.211.208.0 - 197.211.215.255
netname:        ZOL-16e-MOBILE-CUSTOMERS
descr:         ZOL Customers on ZTE Mobile WiMAX Platform
country:        ZW
admin-c:        BS10-AFRINIC
admin-c:        GJ1-AFRINIC
admin-c:        JHM1-AFRINIC
tech-c:         BS10-AFRINIC
tech-c:         GJ1-AFRINIC
tech-c:         JHM1-AFRINIC
status:         ASSIGNED PA
mnt-by:         LIQUID-TOL-MNT
source:         AFRINIC # Filtered
parent:         197.211.192.0 - 197.211.255.255

person:         B Siwela
address:        3rd Floor Greenbridge South
address:        Eastgate Center
address:        R. Mugabe Road
address:        Harare
address:        Zimbabwe
phone:         +263774673452
fax-no:         +2634702375
nic-hdl:        BS10-AFRINIC
mnt-by:         GENERATED-DVCNVXWBH3VN3XZXTRPHOT0OJ77GUNN3-MNT
source:         AFRINIC # Filtered

person:         G Jaya
address:        3rd Floor Greenbridge South
address:        Eastgate Center
address:        R. Mugabe Road
address:        Harare
address:        Zimbabwe
phone:         +263773373135
fax-no:         +2634702375
nic-hdl:        GJ1-AFRINIC
mnt-by:         GENERATED-QPEEUIPPW1WPRZ5HLHRXAVHDOKWLC9UC-MNT
source:         AFRINIC # Filtered

person:         John H Mwangi
address:        Liquid Telecom Kenya
address:        P.O.Box 62499 - 00200
address:        Nairobi Kenya
address:        Nairobi, Kenya
address:        Kenya
phone:         + 254 20 556 755

Relationships
197.211.212.59Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
197.211.212.59Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
197.211.212.59Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
Description

This IP address is listed in the file 'udbcgiut.dat'. Outbound SSL connection attempts are made to this IP by Malware2.exe, Malware3.exe, and Malware5.exe. The domain, zol-ad-bdc.zol.co.zw is associated with the IP address, however, no DNS query is made for the name.

181.39.135.126

Ports
  • 7443 TCP
Whois

inetnum:     181.39.135.120/29
status:     reallocated
owner:     Clientes Guayaquil
ownerid:     EC-CLGU1-LACNIC
responsible: Tomislav Topic
address:     Kennedy Norte Mz. 109 Solar 21, 5, Piso 2
address:     5934 - Guayaquil - GY
country:     EC
phone:     +593 4 2680555 [101]
owner-c:     SEL
tech-c:     SEL
abuse-c:     SEL
created:     20160720
changed:     20160720
inetnum-up: 181.39/16

nic-hdl:     SEL
person:     Carlos Montero
e-mail:     networking@TELCONET.EC
address:     Kennedy Norte MZ, 109, Solar 21
address:     59342 - Guayaquil -
country:     EC
phone:     +593 42680555 [4601]
created:     20021004
changed:     20170323

Relationships
181.39.135.126Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
181.39.135.126Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
181.39.135.126Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
Description

This IP address is listed in the file 'udbcgiut.dat'. Outbound SSL connection attempts are made to this IP by Malware2.exe, Malware3.exe, and Malware5.exe. No domain is associated with the IP address.

112.175.92.57

Ports
  • 443 TCP
Whois

inetnum:        112.160.0.0 - 112.191.255.255
netname:        KORNET
descr:         Korea Telecom
admin-c:        IM667-AP
tech-c:         IM667-AP
country:        KR
status:         ALLOCATED PORTABLE
mnt-by:         MNT-KRNIC-AP
mnt-irt:        IRT-KRNIC-KR
last-modified: 2017-02-03T02:21:58Z
source:         APNIC

irt:            IRT-KRNIC-KR
address:        Seocho-ro 398, Seocho-gu, Seoul, Korea
e-mail:         hostmaster@nic.or.kr
abuse-mailbox: hostmaster@nic.or.kr
admin-c:        IM574-AP
tech-c:         IM574-AP
auth:         # Filtered
mnt-by:         MNT-KRNIC-AP
last-modified: 2017-10-19T07:36:36Z
source:         APNIC

person:         IP Manager
address:        Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90
country:        KR
phone:         +82-2-500-6630
e-mail:         kornet_ip@kt.com
nic-hdl:        IM667-AP
mnt-by:         MNT-KRNIC-AP
last-modified: 2017-03-28T06:37:04Z
source:         APNIC

Relationships
112.175.92.57Connected_From2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
112.175.92.57Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
112.175.92.57Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
112.175.92.57Connected_From83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
Description

This IP address is listed in the file 'udbcgiut.dat'. Outbound SSL connection attempts are made to this IP by Malware2.exe, Malware3.exe, and Malware5.exe. The domain, mail.everzone.co.kr is associated with the IP address, however, no DNS query is made for the name.

81.94.192.147

Ports
  • 443 TCP
Whois

inetnum:        81.94.192.0 - 81.94.192.255
netname:        IOMARTHOSTING
descr:         iomart Hosting Limited
country:        GB
admin-c:        RA1415-RIPE
tech-c:         RA1415-RIPE
status:         ASSIGNED PA
remarks:        ABUSE REPORTS: abuse@redstation.com
mnt-by:         REDSTATION-MNT
mnt-domains:    REDSTATION-MNT
mnt-routes:     REDSTATION-MNT
created:        2016-02-14T11:44:25Z
last-modified: 2016-02-14T11:44:25Z
source:         RIPE

role:         Redstation Admin Role
address:        Redstation Limited
address:        2 Frater Gate Business Park
address:        Aerodrome Road
address:        Gosport
address:        Hampshire
address:        PO13 0GW
address:        UNITED KINGDOM
abuse-mailbox: abuse@redstation.com
e-mail:         abuse@redstation.com
nic-hdl:        RA1415-RIPE
mnt-by:         REDSTATION-MNT
created:        2005-04-22T17:34:33Z
last-modified: 2017-05-02T09:47:13Z
source:         RIPE

% Information related to '81.94.192.0/24AS20860'

route:         81.94.192.0/24
descr:         Wayne Dalton - Redstation Ltd
origin:         AS20860
mnt-by:         GB10488-RIPE-MNT
created:        2015-11-03T12:58:00Z
last-modified: 2015-11-03T12:58:00Z
source:         RIPE

Relationships
81.94.192.147Connected_From2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
81.94.192.147Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
81.94.192.147Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
Description

This IP address is listed in the file 'udbcgiut.dat'. Outbound SSL connection attempts are made to this IP by Malware2.exe, Malware3.exe, and Malware5.exe. No domain is associated with the IP address.

70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289

Details
Nameudbcgiut.dat
Size1171 bytes
Typedata
MD5ae829f55db0198a0a36b227addcdeeff
SHA104833210fa57ea70a209520f4f2a99d049e537f2
SHA25670902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
SHA5121b4509102ac734ce310b6f8631b1bedd772a38582b4feda9fee09f1edd096006cf5ba528435c844effa97f95984b07bd2c111aa480bb22f4bcfbc751f069868d
ssdeep3:ElclFUl8GlFcmzkXIil23X1ll:ElcUXmQkXQ3
Entropy0.395693
Antivirus

No matches found.

Yara Rules

No matches found.

ssdeep Matches

No matches found.

Relationships
70902623c9...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
70902623c9...Related_Toddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
70902623c9...Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
70902623c9...Related_To70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
70902623c9...Related_To12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
Description

'udbcgiut.dat' is dropped by three of the four PE32 executables. This file contains a 32byte unicode string uniquely generated for the infected system, as well as four socket pairs in hexidecimal.

---Begin Decoded Socket Pairs---

197.211.212.59:443
181.39.135.126:443
112.175.92.57:7443
81.94.192.147:7443

---End Decoded Socket Pairs---

The unicode string generated during this analysis was '8a9b11762b96c4b6'. The socket pairs remain the same for all instances of the malware.
For the PE32 executables, 'udbcgiut.dat' was dropped in the victim's profile at %AppData%\Local\Temp. For the 64bit executables, 'udbcgiut.dat' was dropped in C:\Windows.

4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818

Tags

trojan

Details
NameC5DC53A540ABE95E02008A04A0D56D6C
Size241152 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD5c5dc53a540abe95e02008a04a0d56d6c
SHA14cfe9e353b1a91a2add627873846a3ad912ea96b
SHA2564c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
SHA512fc33c99facfbc98d164e63167353bdcff7c1704810e4bb64f7e56812412d84099b224086c04aea66e321cd546d8cf6f14196f5b58d5e931c68064d659c33b6a2
ssdeep6144:LA5cWD93YuzTvLFOLoqbWbnuX7ZEAV6efA/Pawzq:Xc93YbLZEAV6mX
Entropy6.534884
Antivirus
ESETa variant of Win32/NukeSped.AS trojan
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-04 21:31:07-04:00
Import Hashc76f6bb3f2ce6f4ce3e83448836f3ddd
PE Sections
MD5NameRaw SizeEntropy
64cb3246aafa83129f7fd6b25d572a9fheader10242.625229
e8c15e136370c12020eb23545085b9f6.text1960966.431942
cf0eb4ad22ac1ca687b87a0094999ac8.rdata266245.990247
b246681e20b3c8ff43e1fcf6c0335287.data81924.116777
6545248a1e3449e95314cbc874837096.rsrc5125.112624
31a7ab6f707799d327b8425f6693c220.reloc87045.176231
Packers/Compilers/Cryptors
Microsoft Visual C++ ?.?
Description

This artifact is a malicious PE32 executable with similar characteristics of those described in 23E27E5482E3F55BF828DAB885569033 above.

This artifact appears to be named 'lamp.exe'. The malware contains the following debug pathway:

---Begin Debug Pathway---

Z:\Develop\41.LampExe\Release\LampExe.pdb

---End Debug Pathway---

ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d

Tags

adwaretrojan

Details
NameBE588CD29B9DC6F8CFC4D0AA5E5C79AA
Nameddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
Size267776 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD5be588cd29b9dc6f8cfc4d0aa5e5c79aa
SHA106be4fe1f26bc3e4bef057ec83ae81bd3199c7fc
SHA256ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
SHA512c074ec876350b3ee3f82208041152c0ecf25cc8600c8277eec389c253c12372e78da59182a6df8331b05e0eefb07c142172951115a582606f68b824e1d48f30d
ssdeep6144:UEFpmt3md/iA3uiyzOvLFOLYqnHGZlDwf/OYy85eqmJKRPg:/PQ3mJxeigqi/OYy+/g
Entropy6.554499
Antivirus
ESETa variant of Win32/NukeSped.AI trojan
FilseclabAdware.Amonetize.heur.xjym.mg
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-06 10:33:38-04:00
Import Hash8184d5d35e3a4640bb5d21698a4b6021
PE Sections
MD5NameRaw SizeEntropy
59b5d567b9b7b9da0ca0936675fd95feheader10242.658486
c0b6929e0f01a7b61bde3d7400a801e0.text2186246.470188
ce1e5ab830fcfaa2d7bea92f56e9026e.rdata271365.962575
006bad003b65738ed203a576205cc546.data81924.157373
992987e022da39fcdbeede8ddd48f226.rsrc30725.511870
4be460324f0f4dc1f6a0983752094cce.reloc97285.303151
Packers/Compilers/Cryptors
Microsoft Visual C++ ?.?
Relationships
ddea408e17...Connected_To81.94.192.147
ddea408e17...Connected_To112.175.92.57
ddea408e17...Connected_To181.39.135.126
ddea408e17...Connected_To197.211.212.59
ddea408e17...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
ddea408e17...Connected_To81.94.192.10
Description

This artifact is a malicious PE32 executable with similar characteristics of those described in 23E27E5482E3F55BF828DAB885569033 above.

This program attempts to initiate a TLS Handshake to the four IP/Port pairs listed in 'udbcgiut.dat'. If the program is unable to establish a connection, the file 'udbcgiut.dat' is deleted.

After 'udbcgiut.dat' is deleted, an outbound SSL connection is made to 81.94.192.10. The IP address is hard coded in the malware and are not randomly generated.

This artifact also loads several APIs that are commonly associated with Pass-The-Hash (PTH) toolkits, indicating a capability to harvest user credentials and passwords.

---Begin Common PTH APIs---

SamiChangePasswordUser
SamFreeMemory
SamCloseHandle
SamOpenUser
SamLookupNamesInDomain
SamOpenDomain
SamConnect

---End Common PTH APIs---

81.94.192.10

Whois

Domain name:
       redstation.net.uk

   Registrant:
       Redstation Limited

   Registrant type:
       UK Limited Company, (Company number: 3590745)

   Registrant's address:
       2 Frater Gate Business Park
       Aerodrome Road
       Gosport
       Hampshire
       PO13 0GW
       United Kingdom

   Data validation:
       Nominet was able to match the registrant's name and address against a 3rd party data source on 21-Feb-2017

   Registrar:
       Easyspace Ltd [Tag = EASYSPACE]
       URL: https://www.easyspace.com/domain-names/extensions/uk

   Relevant dates:
       Registered on: 11-Apr-2005
       Expiry date: 11-Apr-2019
       Last updated: 12-Apr-2017

   Registration status:
       Registered until expiry date.

   Name servers:
       ns1.redstation.com
       ns2.redstation.com

Relationships
81.94.192.10Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
Description

A high port to high port connection attempt is made to this IP address from 'Malware5.dll'. No domain is associated with the IP address.

12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d

Tags

trojan

Details
Name868036E102DF4CE414B0E6700825B319
Size453791 bytes
TypePE32+ executable (GUI) x86-64, for MS Windows
MD5868036e102df4ce414b0e6700825b319
SHA17f1e68d78e455aa14de9020abd2293c3b8ec6cf8
SHA25612480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
SHA512724d83493dbe86cfcee7f655272d2c733baa5470d7da986e956c789aa1b8f518ad94b575e655b4fe5f6f7d426b9aa7d8304fc879b82a385142b8924e0d454363
ssdeep12288:eb/3G8vg+Rg1cvAHtE0MLa07rt5POui6z:+/3G8vg+pvi9Sa07rt4ui6z
Entropy7.713852
Antivirus
NANOAVTrojan.Win64.Crypted.excqpl
Yara Rules

No matches found.

ssdeep Matches
90890d3928be0f36b1f4dcfffb20ac3747a31451ce010caba768974bfccdc26e7c
PE Metadata
Compile Date2017-06-06 10:54:03-04:00
Import Hash947a389c3886c5fa7f3e972fd4d7740c
PE Sections
MD5NameRaw SizeEntropy
e772c7a04c7e3d53c58fdb8a88bb0c02header10242.486400
a6a2750e5b57470403299e0327553042.text348166.297430
cc5d69374e9b0266a4b1119e5274d392.rdata122884.715650
ac4ee21fcb2501656efc217d139ec804.data51201.876950
359af12d4a14ced423d39736dfec613a.pdata25603.878158
097e0e4be076b795a7316f1746bace8a.rsrc30725.514584
5849f380266933d6f3c5c4740334b041.reloc10242.517963
Packers/Compilers/Cryptors
Microsoft Visual C++ 8.0 (DLL)
Relationships
12480585e0...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
12480585e0...Dropped49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

This artifact is a malicious x64 executable with similar characteristics of those described in 23E27E5482E3F55BF828DAB885569033 above.

In addition to the capabilities described above, this variant will hook the Windows Local Security Authority (lsass.exe). 'lsass.exe' will check the registry for the data value 'rdpproto' under the key SYSTEM\CurrentControlSet\Control\Lsa Name: Security Packages. If not found, this value is added by 'lsass.exe'.
Next, the malware will drop the embedded file, 'rdpproto.dll' into the %System32% directory.
The file, 'udbcgiut.dat' is then written to C:\Windows. Outbound connection attempts are made to the socket pairs found within this file as described above.

49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359

Tags

trojan

Details
Namerdpproto.dll
Size391680 bytes
TypePE32+ executable (DLL) (console) x86-64, for MS Windows
MD5dc268b166fe4c1d1c8595dccf857c476
SHA18264556c8a6e460760dc6bb72ecc6f0f966a16b8
SHA25649757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
SHA512b47c4caa0b5c17c982fcd040c7171d36ec962fe32e9b8bec567ee14b187507fe90e026aa05eec17d36c49a924eeaed55e66c95a111cfa9dcae0e305ab9515cac
ssdeep6144:jfsTC8amAXJeZP6BPjIDeLkigDxcvAHjVXjhtBGshMLa1Mj7rtlkiP60dwtudIye:jvg+Rg1cvAHtE0MLa07rt5POui6
Entropy7.893665
Antivirus
AviraTR/Crypt.XPACK.xuqld
BitDefenderTrojan.Generic.22790108
ESETa variant of Generik.MYWMFCM trojan
EmsisoftTrojan.Generic.22790108 (B)
IkarusTrojan.SuspectCRC
NANOAVTrojan.Win64.Crypted.excqpl
Yara Rules

No matches found.

ssdeep Matches
99890d3928be0f36b1f4dcfffb20ac3747a31451ce010caba768974bfccdc26e7c
PE Metadata
Compile Date2017-06-06 11:34:06-04:00
Import Hash360d26520c50825099ec61e97b01a43b
PE Sections
MD5NameRaw SizeEntropy
3bb2a7d6aab283c82ab853f536157ce2header10242.524087
b0bf8ec7b067fd3592c0053702e34504.text235526.180871
6cc98c5fef3ea1b782262e355b5c5862.rdata107524.635336
484d4698d46b3b5ad033c1a80ba83acf.data40962.145716
a07c8f17c18c6789a3e757aec183aea6.pdata20483.729952
fae0d0885944745d98849422bd799457.rsrc3486727.997488
0c1c23e1fb129b1b1966f70fc75cf20e.reloc15361.737829
Relationships
49757cf856...Dropped_By12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
49757cf856...Connected_To21.252.107.198
49757cf856...Connected_To70.224.36.194
49757cf856...Connected_To113.114.117.122
49757cf856...Connected_To47.206.4.145
49757cf856...Connected_To84.49.242.125
49757cf856...Connected_To26.165.218.44
49757cf856...Connected_To137.139.135.151
49757cf856...Connected_To97.90.44.200
49757cf856...Connected_To128.200.115.228
49757cf856...Connected_To186.169.2.237
Description

"rdpproto.dll" is dropped into the %System32% directory by 868036E102DF4CE414B0E6700825B319. When the library is loaded,
"rdpproto.dll" will attempt to send SSL Client Hello packets to any of the following embedded IP addresses:

---Begin Embedded IP Addresses---

21.252.107.198
70.224.36.194
113.114.117.122
47.206.4.145
84.49.242.125
26.165.218.44
137.139.135.151
97.90.44.200
128.200.115.228
186.169.2.237

---End Embedded IP Addresses---

This artifact contains the following notable strings:

---Begin Notable Strings---

CompanyName
Adobe System Incorporated
FileDescription
MicrosoftWindows TransFilter/FilterType : 01 WindowsNT Service
FileVersion
6.1 Build 7601
InternalName
TCP/IP Packet Filter Service
LegalCopyright
Copyright 2015 - Adobe System Incorporated
LegalTrademarks
OriginalFileName
TCP/IP - PacketFilter

---End Notable Strings---

21.252.107.198

Ports
  • 23164 TCP
Whois

NetRange:     21.0.0.0 - 21.255.255.255
CIDR:         21.0.0.0/8
NetName:        DNIC-SNET-021
NetHandle:     NET-21-0-0-0-1
Parent:         ()
NetType:        Direct Allocation
OriginAS:    
Organization: DoD Network Information Center (DNIC)
RegDate:        1991-06-30
Updated:        2009-06-19
Ref:            https://whois.arin.net/rest/net/NET-21-0-0-0-1


OrgName:        DoD Network Information Center
OrgId:         DNIC
Address:        3990 E. Broad Street
City:         Columbus
StateProv:     OH
PostalCode:     43218
Country:        US
RegDate:        
Updated:        2011-08-17
Ref:            https://whois.arin.net/rest/org/DNIC

Relationships
21.252.107.198Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
21.252.107.198Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

70.224.36.194

Ports
  • 59681 TCP
Whois

Domain Name: AMERITECH.NET
Registry Domain ID: 81816_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
Updated Date: 2017-06-09T05:27:34Z
Creation Date: 1996-06-14T04:00:00Z
Registry Expiry Date: 2018-06-13T04:00:00Z
Registrar: CSC Corporate Domains, Inc.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: 8887802723
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.ATTDNS.COM
Name Server: NS2.ATTDNS.COM
Name Server: NS3.ATTDNS.COM
Name Server: NS4.ATTDNS.COM
DNSSEC: unsigned

Domain Name: ameritech.net
Registry Domain ID: 81816_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: www.cscprotectsbrands.com
Updated Date: 2017-06-09T05:27:34Z
Creation Date: 1996-06-14T04:00:00Z
Registrar Registration Expiration Date: 2018-06-13T04:00:00Z
Registrar: CSC CORPORATE DOMAINS, INC.
Registrar IANA ID: 299
Registrar Abuse Contact Email: domainabuse@cscglobal.com
Registrar Abuse Contact Phone: +1.8887802723
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Administrator
Registrant Organization: AT&T SERVICES, INC.
Registrant Street: 801 Chestnut Street
Registrant City: Saint Louis
Registrant State/Province: MO
Registrant Postal Code: 63101
Registrant Country: US
Registrant Phone: +1.3142358168
Registrant Phone Ext:
Registrant Fax: +1.3142358168
Registrant Fax Ext:
Registrant Email: att-domains@att.com
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: AT&T SERVICES, INC.
Admin Street: 801 Chestnut Street
Admin City: Saint Louis
Admin State/Province: MO
Admin Postal Code: 63101
Admin Country: US
Admin Phone: +1.3142358168
Admin Phone Ext:
Admin Fax: +1.3142358168
Admin Fax Ext:
Admin Email: att-domains@att.com
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: AT&T SERVICES, INC.
Tech Street: 801 Chestnut Street
Tech City: Saint Louis
Tech State/Province: MO
Tech Postal Code: 63101
Tech Country: US
Tech Phone: +1.3142358168
Tech Phone Ext:
Tech Fax: +1.3142358168
Tech Fax Ext:
Tech Email: att-domains@att.com
Name Server: ns3.attdns.com
Name Server: ns1.attdns.com
Name Server: ns2.attdns.com
Name Server: ns4.attdns.com
DNSSEC: unsigned

Relationships
70.224.36.194Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
70.224.36.194Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

113.114.117.122

Ports
  • 23397 TCP
Whois

inetnum:        113.112.0.0 - 113.119.255.255
netname:        CHINANET-GD
descr:         CHINANET Guangdong province network
descr:         Data Communication Division
descr:         China Telecom
country:        CN
admin-c:        CH93-AP
tech-c:         IC83-AP
remarks:        service provider
status:         ALLOCATED PORTABLE
mnt-by:         APNIC-HM
mnt-lower:     MAINT-CHINANET-GD
mnt-routes:     MAINT-CHINANET-GD
last-modified: 2016-05-04T00:15:17Z
source:         APNIC
mnt-irt:        IRT-CHINANET-CN

irt:            IRT-CHINANET-CN
address:        No.31 ,jingrong street,beijing
address:        100032
e-mail:         anti-spam@ns.chinanet.cn.net
abuse-mailbox: anti-spam@ns.chinanet.cn.net
admin-c:        CH93-AP
tech-c:         CH93-AP
auth:         # Filtered
mnt-by:         MAINT-CHINANET
last-modified: 2010-11-15T00:31:55Z
source:         APNIC

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         anti-spam@ns.chinanet.cn.net
address:        No.31 ,jingrong street,beijing
address:        100032
phone:         +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
mnt-by:         MAINT-CHINANET
last-modified: 2014-02-27T03:37:38Z
source:         APNIC

person:         IPMASTER CHINANET-GD
nic-hdl:        IC83-AP
e-mail:         gdnoc_HLWI@189.cn
address:        NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU
phone:         +86-20-87189274
fax-no:         +86-20-87189274
country:        CN
mnt-by:         MAINT-CHINANET-GD
remarks:        IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn
abuse-mailbox: antispam_gdnoc@189.cn
last-modified: 2014-09-22T04:41:26Z
source:         APNIC

Relationships
113.114.117.122Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
113.114.117.122Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

47.206.4.145

Ports
  • 59067 TCP
Whois

Domain Name: FRONTIERNET.NET
Registry Domain ID: 4305589_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2017-09-14T07:53:05Z
Creation Date: 1995-10-14T04:00:00Z
Registry Expiry Date: 2018-10-13T04:00:00Z
Registrar: Register.com, Inc.
Registrar IANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTH.DLLS.PA.FRONTIERNET.NET
Name Server: AUTH.FRONTIERNET.NET
Name Server: AUTH.LKVL.MN.FRONTIERNET.NET
Name Server: AUTH.ROCH.NY.FRONTIERNET.NET
DNSSEC: unsigned

Domain Name: FRONTIERNET.NET
Registry Domain ID: 4305589_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: www.register.com
Updated Date: 2017-09-14T00:53:05.00Z
Creation Date: 1995-10-14T04:00:00.00Z
Registrar Registration Expiration Date: 2018-10-13T04:00:00.00Z
Registrar: REGISTER.COM, INC.
Registrar IANA ID: 9
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: FRONTIERNET HOSTMASTER
Registrant Organization:
Registrant Street: 95 N. FITZHUGH ST.
Registrant City: ROCHESTER
Registrant State/Province: NY
Registrant Postal Code: 14614-1212
Registrant Country: US
Registrant Phone: +1.8664747662
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: HOSTMASTER@FRONTIERNET.NET
Registry Admin ID:
Admin Name: FRONTIERNET HOSTMASTER
Admin Organization:
Admin Street: 95 N. FITZHUGH ST.
Admin City: ROCHESTER
Admin State/Province: NY
Admin Postal Code: 14614-1212
Admin Country: US
Admin Phone: +1.8664747662
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: HOSTMASTER@FRONTIERNET.NET
Registry Tech ID:
Tech Name: FRONTIERNET HOSTMASTER
Tech Organization:
Tech Street: 95 N. FITZHUGH ST.
Tech City: ROCHESTER
Tech State/Province: NY
Tech Postal Code: 14614-1212
Tech Country: US
Tech Phone: +1.8664747662
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: HOSTMASTER@FRONTIERNET.NET
Name Server: AUTH.DLLS.PA.FRONTIERNET.NET
Name Server: AUTH.FRONTIERNET.NET
Name Server: AUTH.LKVL.MN.FRONTIERNET.NET
Name Server: AUTH.ROCH.NY.FRONTIERNET.NET
DNSSEC: unSigned

Relationships
47.206.4.145Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
47.206.4.145Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

84.49.242.125

Ports
  • 17770 TCP
Whois

Domain Name: NEXTGENTEL.COM
Registry Domain ID: 13395561_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.domaininfo.com
Registrar URL: http://www.ports.domains
Updated Date: 2017-11-10T23:44:50Z
Creation Date: 1999-11-17T15:47:51Z
Registry Expiry Date: 2018-11-17T15:47:51Z
Registrar: Ports Group AB
Registrar IANA ID: 73
Registrar Abuse Contact Email: abuse@portsgroup.se
Registrar Abuse Contact Phone: +46.707260017
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: ANYADNS1.NEXTGENTEL.NET
Name Server: ANYADNS2.NEXTGENTEL.NET
DNSSEC: unsigned

Domain Name: nextgentel.com
Registry Domain ID: 13395561_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.domaininfo.com
Registrar URL: ports.domains
Updated Date: 2017-11-10T23:44:50Z
Creation Date: 1999-11-17T15:47:51Z
Registrar Registration Expiration Date: 2018-11-17T15:47:51Z
Registrar: PortsGroup AB
Registrar IANA ID: 73
Registrar Abuse Contact Email: abuse@portsgroup.se
Registrar Abuse Contact Phone: +46.317202000
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Hostmaster
Registrant Organization: NextGenTel AS
Registrant Street: Sandslimarka 31
Registrant City: SANDSLI
Registrant State/Province:
Registrant Postal Code: 5254
Registrant Country: NO
Registrant Phone: +47.55527900
Registrant Fax: +47.55527910
Registrant Email: hostmaster@nextgentel.com
Registry Admin ID:
Admin Name: Hostmaster
Admin Organization: NextGenTel AS
Admin Street: Sandslimarka 31
Admin City: Sandsli
Admin State/Province:
Admin Postal Code: 5254
Admin Country: NO
Admin Phone: +47.55527900
Admin Fax: +47.55527910
Admin Email: hostmaster@nextgentel.com
Registry Tech ID:
Tech Name: Hostmaster v/ Eivind Olsen
Tech Organization: NextGenTel AS
Tech Street: Postboks 3 Sandsli
Tech City: Bergen
Tech State/Province:
Tech Postal Code: 5861
Tech Country: NO
Tech Phone: +47.41649322
Tech Fax: +47.55527910
Tech Email: hostmaster@nextgentel.com
Name Server: ANYADNS1.NEXTGENTEL.NET
Name Server: ANYADNS2.NEXTGENTEL.NET
DNSSEC: unsigned

Relationships
84.49.242.125Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
84.49.242.125Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

26.165.218.44

Ports
  • 2248 TCP
Whois

NetRange:     26.0.0.0 - 26.255.255.255
CIDR:         26.0.0.0/8
NetName:        DISANET26
NetHandle:     NET-26-0-0-0-1
Parent:         ()
NetType:        Direct Allocation
OriginAS:    
Organization: DoD Network Information Center (DNIC)
RegDate:        1995-04-30
Updated:        2009-06-19
Ref:            https://whois.arin.net/rest/net/NET-26-0-0-0-1


OrgName:        DoD Network Information Center
OrgId:         DNIC
Address:        3990 E. Broad Street
City:         Columbus
StateProv:     OH
PostalCode:     43218
Country:        US
RegDate:        
Updated:        2011-08-17
Ref:            https://whois.arin.net/rest/org/DNIC


OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-844-347-2457
OrgTechEmail: disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil
OrgTechRef:    https://whois.arin.net/rest/poc/MIL-HSTMST-ARIN

OrgAbuseHandle: REGIS10-ARIN
OrgAbuseName: Registration
OrgAbusePhone: +1-844-347-2457
OrgAbuseEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil
OrgAbuseRef:    https://whois.arin.net/rest/poc/REGIS10-ARIN

OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-844-347-2457
OrgTechEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil
OrgTechRef:    https://whois.arin.net/rest/poc/REGIS10-ARIN

Relationships
26.165.218.44Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
26.165.218.44Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

137.139.135.151

Ports
  • 64694 TCP
Whois

NetRange:     137.139.0.0 - 137.139.255.255
CIDR:         137.139.0.0/16
NetName:        SUC-OLDWEST
NetHandle:     NET-137-139-0-0-1
Parent:         NET137 (NET-137-0-0-0-0)
NetType:        Direct Assignment
OriginAS:    
Organization: SUNY College at Old Westbury (SCAOW)
RegDate:        1989-11-29
Updated:        2014-02-18
Ref:            https://whois.arin.net/rest/net/NET-137-139-0-0-1


OrgName:        SUNY College at Old Westbury
OrgId:         SCAOW
Address:        223 Store Hill Road
City:         Old Westbury
StateProv:     NY
PostalCode:     11568
Country:        US
RegDate:        1989-11-29
Updated:        2011-09-24
Ref:            https://whois.arin.net/rest/org/SCAOW


OrgTechHandle: SUNYO-ARIN
OrgTechName: SUNYOWNOC
OrgTechPhone: +1-516-876-3379
OrgTechEmail: sunyownoc@oldwestbury.edu
OrgTechRef:    https://whois.arin.net/rest/poc/SUNYO-ARIN

OrgAbuseHandle: SUNYO-ARIN
OrgAbuseName: SUNYOWNOC
OrgAbusePhone: +1-516-876-3379
OrgAbuseEmail: sunyownoc@oldwestbury.edu
OrgAbuseRef:    https://whois.arin.net/rest/poc/SUNYO-ARIN

RAbuseHandle: SUNYO-ARIN
RAbuseName: SUNYOWNOC
RAbusePhone: +1-516-876-3379
RAbuseEmail: sunyownoc@oldwestbury.edu
RAbuseRef:    https://whois.arin.net/rest/poc/SUNYO-ARIN

RTechHandle: SUNYO-ARIN
RTechName: SUNYOWNOC
RTechPhone: +1-516-876-3379
RTechEmail: sunyownoc@oldwestbury.edu
RTechRef:    https://whois.arin.net/rest/poc/SUNYO-ARIN

RNOCHandle: SUNYO-ARIN
RNOCName: SUNYOWNOC
RNOCPhone: +1-516-876-3379
RNOCEmail: sunyownoc@oldwestbury.edu
RNOCRef:    https://whois.arin.net/rest/poc/SUNYO-ARIN

Relationships
137.139.135.151Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
137.139.135.151Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

97.90.44.200

Ports
  • 37120 TCP
Whois

Domain Name: CHARTER.COM
Registry Domain ID: 340223_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2017-07-03T04:22:18Z
Creation Date: 1994-07-30T04:00:00Z
Registry Expiry Date: 2019-07-29T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS1.CHARTER.COM
Name Server: NS2.CHARTER.COM
Name Server: NS3.CHARTER.COM
Name Server: NS4.CHARTER.COM
DNSSEC: unsigned

Domain Name: charter.com
Registry Domain ID: 340223_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2017-12-18T04:00:14-0800
Creation Date: 1994-07-29T21:00:00-0700
Registrar Registration Expiration Date: 2019-07-28T21:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Charter Communications Operating, LLC
Registrant Street: 12405 Powerscourt Drive,
Registrant City: Saint Louis
Registrant State/Province: MO
Registrant Postal Code: 63131
Registrant Country: US
Registrant Phone: +1.3149650555
Registrant Phone Ext:
Registrant Fax: +1.9064010617
Registrant Fax Ext:
Registrant Email: hostmaster@charter.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Charter Communications Operating, LLC
Admin Street: 12405 Powerscourt Drive,
Admin City: Saint Louis
Admin State/Province: MO
Admin Postal Code: 63131
Admin Country: US
Admin Phone: +1.3149650555
Admin Phone Ext:
Admin Fax: +1.9064010617
Admin Fax Ext:
Admin Email: hostmaster@charter.com
Registry Tech ID:
Tech Name: Charter Communications Internet Security and Abuse
Tech Organization: Charter Communications Operating, LLC
Tech Street: 12405 Powerscourt Drive,
Tech City: Saint Louis
Tech State/Province: MO
Tech Postal Code: 63131
Tech Country: US
Tech Phone: +1.3142883111
Tech Phone Ext:
Tech Fax: +1.3149090609
Tech Fax Ext:
Tech Email: abuse@charter.net
Name Server: ns4.charter.com
Name Server: ns3.charter.com
Name Server: ns1.charter.com
Name Server: ns2.charter.com
DNSSEC: unsigned

Relationships
97.90.44.200Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
97.90.44.200Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

128.200.115.228

Ports
  • 52884 TCP
Whois

Domain Name: UCI.EDU

Registrant:
University of California, Irvine
6366 Ayala Science Library
Irvine, CA 92697-1175
UNITED STATES

Administrative Contact:
Con Wieland
University of California, Irvine
Office of Information Technology
6366 Ayala Science Library
Irvine, CA 92697-1175
UNITED STATES
(949) 824-2222
oit-nsp@uci.edu

Technical Contact:
Con Wieland
University of California, Irvine
Office of Information Technology
6366 Ayala Science Library
Irvine, CA 92697-1175
UNITED STATES
(949) 824-2222
oit-nsp@uci.edu

Name Servers:
NS4.SERVICE.UCI.EDU     128.200.59.190
NS5.SERVICE.UCI.EDU     52.26.131.47

Domain record activated:    30-Sep-1985
Domain record last updated: 07-Jul-2016
Domain expires:             31-Jul-2018

Relationships
128.200.115.228Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
128.200.115.228Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

186.169.2.237

Ports
  • 65292 TCP
Whois

inetnum:     186.168/15
status:     allocated
aut-num:     N/A
owner:     COLOMBIA TELECOMUNICACIONES S.A. ESP
ownerid:     CO-CTSE-LACNIC
responsible: Administradores Internet
address:     Transversal 60, 114, A 55
address:     N - BOGOTA - Cu
country:     CO
phone:     +57 1 5339833 []
owner-c:     CTE7
tech-c:     CTE7
abuse-c:     CTE7
inetrev:     186.169/16
nserver:     DNS5.TELECOM.COM.CO
nsstat:     20171220 AA
nslastaa:    20171220
nserver:     DNS.TELECOM.COM.CO
nsstat:     20171220 AA
nslastaa:    20171220
created:     20110404
changed:     20141111

nic-hdl:     CTE7
person:     Grupo de Administradores Internet
e-mail:     admin.internet@TELECOM.COM.CO
address:     Transversal, 60, 114 A, 55
address:     571111 - BOGOTA DC - CU
country:     CO
phone:     +57 1 7050000 [71360]
created:     20140220
changed:     20140220

Relationships
186.169.2.237Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
186.169.2.237Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
Description

A high port to high port connection attempt is made to this IP address from 'Malware2.dll'. No domain is associated with the IP address.

4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761

Tags

trojan

Details
Name42682D4A78FE5C2EDA988185A344637D
Name4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
Size346624 bytes
TypePE32+ executable (DLL) (console) x86-64, for MS Windows
MD542682d4a78fe5c2eda988185a344637d
SHA14975de2be0a1f7202037f5a504d738fe512191b7
SHA2564a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
SHA512213e4a0afbfac0bd884ab262ac87aee7d9a175cff56ba11aa4c75a4feb6a96c5e4e2c26adbe765f637c783df7552a56e4781a3b17be5fda2cf7894e58eb873ec
ssdeep6144:nCgsFAkxS1rrtZQXTip12P04nTnvze6lxjWV346vze6lpjWV34Evze6lSjWV34a7:nCgsukxS1vtZ+5nvze6lxjWV346vze6N
Entropy6.102810
Antivirus
ESETa variant of Win64/NukeSped.T trojan
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-06-06 11:24:44-04:00
Import Hashe395fbfa0104d0173b3c4fdd3debdceb
Company NameKamsky Co,.Ltd
File DescriptionVote_Controller
Internal NameMDL_170329_x86_V06Lv3
Legal CopyrightCopyright \u24d2 2017
Original FilenameVote_Controller
Product NameKamsky ColdFear
Product Version17, 0, 0, 0
PE Sections
MD5NameRaw SizeEntropy
40d66d1a2f846d7c3bf291c604c9fca3header10242.628651
d061ffec6721133c433386c96520bc55.text2841605.999734
cbbc6550dcbdcaf012bdbf758a377779.rdata389125.789426
c83bcaab05056d5b84fc609f41eed210.data76803.105496
b9fc36206883aa1902566b5d01c27473.pdata87045.319307
1c1d46056b4cb4627a5f92112b7e09f7.rsrc40965.608168
3baedaa3d6b6d6dc9fb0ec4f5c3b007c.reloc20482.331154
Relationships
4a74a9fd40...Connected_To21.252.107.198
4a74a9fd40...Connected_To70.224.36.194
4a74a9fd40...Connected_To113.114.117.122
4a74a9fd40...Connected_To47.206.4.145
4a74a9fd40...Connected_To84.49.242.125
4a74a9fd40...Connected_To26.165.218.44
4a74a9fd40...Connected_To137.139.135.151
4a74a9fd40...Connected_To97.90.44.200
4a74a9fd40...Connected_To128.200.115.228
4a74a9fd40...Connected_To186.169.2.237
Description

This artifact is a malicious 64bit Windows dynamic library called 'Vote_Controller.dll'. The file shares similar functionality with 'rdpproto.dll' above, and attempts to connect to the same ten IP addresses.

42682D4A78FE5C2EDA988185A344637D also contains the same public SSL certificate as many of the artifacts above.

The file contains the following notable strings:

---Begin Notable Strings---

CompanyName
Kamsky Co, .Ltd
FileDescription
Vote_Controller
FileVersion
49, 0, 0, 0
InternalName
MDL_170329_x86_V06Lv3
LegalCopyright
Copyright
2017
LegalTrademarks
OriginalFileName
Vote_Controller
PrivateBuild
ProductName
Kamsky ColdFear
ProductVersion
17, 0, 0, 0

---End Notable Strings---

83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a

Details
Name3021B9EF74c&BDDF59656A035F94FD08
Name83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
Size245760 bytes
TypePE32+ executable (DLL) (console) x86-64, for MS Windows
MD53021b9ef74c7bddf59656a035f94fd08
SHA105ad5f346d0282e43360965373eb2a8d39735137
SHA25683228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
SHA512f8fcc5ed34b7bf144fc708d01d9685f0cb2e678c173d014987d6ecbf4a7c3ed539452819237173a2ab14609a913cf46c3bd618cffe7b5990c63cfe805a7144ff
ssdeep6144:4+ZmN/ix9bd+Rvze6lxjWV346vze6lpjWV34Evze6lSjWV34avze6lkjWV34z5FT:4+ZmN/ix9b8Rvze6lxjWV346vze6lpjn
Entropy5.933390
Antivirus

No matches found.

Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2017-05-16 02:44:21-04:00
Import Hashca767ccbffbed559cbe77c923e3af1f8
Company NameKamsky Co,.Ltd
File DescriptionVote_Controller
Internal NameMDL_170329_x86_V06Lv3
Legal CopyrightCopyright \u24d2 2017
Original FilenameVote_Controller
Product NameKamsky ColdFear
Product Version17, 0, 0, 0
PE Sections
MD5NameRaw SizeEntropy
83ec15e3cf335f784144db4208b328c9header10242.790421
036c57e89ea3a6afa819c242c5816b70.text2068485.688491
4812d2f39e9a8ae569370d423ba31344.rdata261126.000116
cb41e8f63b7c22c401a0634cb4fe1909.data20484.748331
3cc7651747904bfe94ed18f44354a706.pdata51204.962073
9e92c54604ea67e76210c3c914e9608c.rsrc40965.606351
71dcfb1ec7257ee58dcc20cafb0be691.reloc5120.673424
Relationships
83228075a6...Connected_To112.175.92.57
Description

This artifact is 64bit Windows dynamic library file which shares many of the same characteristics and name (Vote_Controller.dll) as 42682D4A78FE5C2EDA988185A344637D above.

When this library is loaded it will look for the file 'udbcgiut.dat' in C:\WINDOWS. If 'udbcgiut.dat' is not found, the file will attempt connections to the same ten IP addresses described under 'rdpproto.dll' above.

One notable difference with this variant is that it uses the Windows Management Instrumentation (WMI) process to recompile the Managed Object Format (MOF) files in the WMI repository. At runtime, the malware will enumerate the drivers located in the registry at HKLM\Software\WBEM\WDM.
These files are then recompiled by invoking wmiprvse.exe through svchost.exe: "C:\Windows\system32\wbem\wmiprvse.exe -Embedding".
MOF files are written in a SQL-like language and are run (compiled) by the operating system when a predetermined event takes place. Recent malware variants have been observed modifying the MOF files within the system registry to run specific commands and create persistency on the system.

Of note, the paravirtual SCSI driver for VMWare Tools is also located in HKLM\Software\WBEM\WDM within a virtual image. When this driver is recompiled by the malware, VMWare Tools no longer works. It cannot be determined if this is an intentional characteristic of the malware to hinder analysis, or simply a symptom of the method used to establish persistence.

70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3

Tags

trojan

Details
Name61E3571B8D9B2E9CCFADC3DDE10FB6E1
Size258052 bytes
TypePE32 executable (GUI) Intel 80386, for MS Windows
MD561e3571b8d9b2e9ccfadc3dde10fb6e1
SHA155daa1fca210ebf66b1a1d2db1aa3373b06da680
SHA25670034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
SHA512235f7b920f54c4d316386cbf6cc14db1929029e8053270e730be15acc8e9f333231d2d984681bea26013a1d1cf4670528ba0989337be13ad4ada3eeba33bdfe8
ssdeep6144:d71TKN7LBHvS+bujAfrsxwkm1Ka5l7gTtJUGx:dxKHPuj8WR0K6VgTtZx
Entropy7.829590
Antivirus
BitDefenderDropped:Trojan.GenericKD.30867638
ESETa variant of Win32/NukeSped.AI trojan
EmsisoftDropped:Trojan.GenericKD.30867638 (B)
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2016-08-23 00:19:59-04:00
Import Hash8e253f83371d82907ff72f57257e3810
PE Sections
MD5NameRaw SizeEntropy
84f39a6860555231d60a55c72d07bc5eheader40960.586304
649c24790b60bda1cf2a85516bfc7fa0.text245765.983290
fbd6ca444ef8c0667aed75820cc99dce.rdata40963.520964
0ecb4bcb0a1ef1bf8ea4157fabdd7357.data40963.988157
Packers/Compilers/Cryptors
Installer VISE Custom
Relationships
70034b33f5...Droppedcd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f
70034b33f5...Dropped70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
70034b33f5...Dropped96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
70034b33f5...Connected_To81.94.192.147
70034b33f5...Connected_To112.175.92.57
70034b33f5...Connected_To181.39.135.126
70034b33f5...Connected_To197.211.212.59
70034b33f5...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
Description

This artifact is a malicious PE32 executable. When executed, the artifact sets up the service, 'Network UDP Trace Management Service'.
To set up the service, the program drops a dynamic library, 'UDPTrcSvc.dll' into the %System32% directory.
Next, the following registry keys are added:

---Begin Registry Keys---

HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc Name: Type Value: 20
HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc Name: Start Value: 02
HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc Name: ImagePath Value: "%SystemRoot%\System32\svchost.exe -k mdnetuse"
HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc Name: DisplayName Value: "Network UDP Trace Management Service"
HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc Name: ObjectName Value: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\services\UDPTrcSvc\Parameters Name: ServiceDll Value: "%SystemRoot%\System32\svchost.exe -k mdnetuse"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\mdnetuse

---End Registry Keys---

The service is started by invoking svchost.exe.

After writing 'UDPTrcSvd.dll' to disk, the program drops two additional files. Similar to 5C3898AC7670DA30CF0B22075F3E8ED6 above, the program writes the file 'udbcgiut.dat' to the victim's profile at %AppData/Local/Temp%. A second file is written to the victim's profile in the %AppData/Local/VirtualStore/Windows% directory and identified as 'MSDFMAPI.INI'. 'MSDFMAPI.INI' is also written to C:\WINDOWS. More information on the content of these files is below.

61E3571B8D9B2E9CCFADC3DDE10FB6E1 attempts the same outbound connections as 5C3898AC7670DA30CF0B22075F3E8ED6, however the file does not contain any of the public SSL certificates referenced above.

cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f

Tags

backdoortrojan

Details
NameUDPTrcSvc.dll
Size221184 bytes
TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD50893e206274cb98189d51a284c2a8c83
SHA1d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4
SHA256cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f
SHA5128042356ff8dc69fa84f2de10a4c34685c3ffa798d5520382d4fbcdcb43ae17e403a208be9891cca6cf2bc297f767229a57f746ca834f6b79056a0ff1202941cf
ssdeep3072:WsyjTzEvLFOL8AqCiueLt1VFu9+zcSywy0mcj90nSJ5NatCmtWwNQLK:W/zEvLFOLdq9uebdSwHN9n5wtkwNwK
Entropy6.359677
Antivirus
AhnlabBackdoor/Win32.Akdoor
AntiyTrojan/Win32.AGeneric
AviraTR/NukeSped.davct
BitDefenderTrojan.GenericKD.30867638
ESETWin32/NukeSped.AI trojan
EmsisoftTrojan.GenericKD.30867638 (B)
IkarusTrojan.Win32.NukeSped
K7Trojan ( 005329311 )
NANOAVTrojan.Win32.NukeSped.fcodob
Systweakmalware.gen-ra
TrendMicroTROJ_FR.8F37E76D
TrendMicro House CallTROJ_FR.8F37E76D
VirusBlokAdaTrojan.Tiggre
Zillya!Trojan.NukeSped.Win32.73
Yara Rules
hidden_cobra_consolidated.yararule crypt_constants_2 { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule lsfr_constants { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $ = {efcdab90} $ = {558426fe} $ = {7856b4c2} condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them }
hidden_cobra_consolidated.yararule polarSSL_servernames { meta: Author="NCCIC trusted 3rd party" Incident="10135536" Date = "2018/04/19" category = "hidden_cobra" family = "n/a" description = "n/a" strings: $polarSSL = "fjiejffndxklfsdkfjsaadiepwn" $sn1 = "www.google.com" $sn2 = "www.naver.com" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*)) }
ssdeep Matches

No matches found.

PE Metadata
Compile Date2016-08-23 00:23:04-04:00
Import Hash30d3466536de2b423897a3c8992ef999
PE Sections
MD5NameRaw SizeEntropy
d37b95aa17fa132415b37ec777f439ffheader40960.709908
badbc93c35554aec904ab0c34f05fbe0.text1802246.295472
64f7a9cafdad34003aba4547bba0e25b.rdata163846.372911
c792eb0c57577f4f3649775cbf32b253.data122883.996008
8791f715ae89ffe2c7d832c1be821edc.reloc81925.154376
Relationships
cd5ff67ff7...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
Description

This artifact is a malicious 32bit Windows dynamic library. 'UDPTrcSvc.dll' is identified as the 'Network UDP Trace Management Service'. The following description is provided:

---Begin Service Description---

Network UDP Trace Management Service Hosts TourSvc Tracing. If this service is stopped, notifications of network trace will no longer function and there might not be access to service functions. If this service is disabled, notifications of and monitoring to network state will no longer function.

---End Service Description---

The service is invoked with the command, 'C:\Windows\System32\svchost.exe -k mdnetuse'.
When the service is run a modification to the system firewall is attempted, 'cmd.exe /c netsh firewall add portopening TCP 0 "adp"'.

Unlike many of the files listed above that use a public certificate from naver.com, 'UDPTrcSvc.dll' uses a public SSL certificate from google.com.

96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

Tags

trojan

Details
NameMSDFMAPI.INI
Size2 bytes
Typedata
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54
ssdeep3::
Entropy0.000000
Antivirus
NetGateTrojan.Win32.Malware
Yara Rules

No matches found.

ssdeep Matches
100c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
Relationships
96a296d224...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
96a296d224...Dropped_By2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
Description

'MSDFMAPI.INI' is written to C:\WINDOWS and to %UserProfile\AppData\Local\VirtualStore\Windows%. During analysis, two NULL characters were written to the file. The purpose of the file has not been determined.

d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39

Details
NameF8D26F2B8DD2AC4889597E1F2FD1F248
Named77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
Size456241 bytes
Typedata
MD5f8d26f2b8dd2ac4889597e1f2fd1f248
SHA1dd132f76a4aff9862923d6a10e54dca26f26b1b4
SHA256d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
SHA51234f8d10ebcab6f10c5140e94cf858761e9fa2e075db971b8e49c7334e1d55237f844ed6cf8ce735e984203f58d6b5032813b55e29a59af4bfff3853b1d07bc44
ssdeep12288:MG31DF/ubokxmgF8JsVusikiWxdj3tIQLYe:NlI0UV0ou1kiWvm4Ye
Entropy7.999350
Antivirus

No matches found.

Yara Rules

No matches found.

ssdeep Matches

No matches found.

Description

This artifact contains a similar public SSL certificate from naver.com, similar to many of the files above. The payload of the file appears to be encoded with a password or key. No context was provided with the file's submission.

Relationship Summary

2151c1977b...Connected_To81.94.192.147
2151c1977b...Connected_To112.175.92.57
2151c1977b...Related_To181.39.135.126
2151c1977b...Related_To197.211.212.59
2151c1977b...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
2151c1977b...Dropped96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
197.211.212.59Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
197.211.212.59Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
197.211.212.59Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
181.39.135.126Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
181.39.135.126Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
181.39.135.126Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
112.175.92.57Connected_From2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
112.175.92.57Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
112.175.92.57Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
112.175.92.57Connected_From83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
81.94.192.147Connected_From2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
81.94.192.147Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
81.94.192.147Connected_From70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
70902623c9...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
70902623c9...Related_Toddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
70902623c9...Related_To2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
70902623c9...Related_To70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
70902623c9...Related_To12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
ddea408e17...Connected_To81.94.192.147
ddea408e17...Connected_To112.175.92.57
ddea408e17...Connected_To181.39.135.126
ddea408e17...Connected_To197.211.212.59
ddea408e17...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
ddea408e17...Connected_To81.94.192.10
81.94.192.10Connected_Fromddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
12480585e0...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
12480585e0...Dropped49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
49757cf856...Dropped_By12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
49757cf856...Connected_To21.252.107.198
49757cf856...Connected_To70.224.36.194
49757cf856...Connected_To113.114.117.122
49757cf856...Connected_To47.206.4.145
49757cf856...Connected_To84.49.242.125
49757cf856...Connected_To26.165.218.44
49757cf856...Connected_To137.139.135.151
49757cf856...Connected_To97.90.44.200
49757cf856...Connected_To128.200.115.228
49757cf856...Connected_To186.169.2.237
21.252.107.198Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
21.252.107.198Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
70.224.36.194Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
70.224.36.194Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
113.114.117.122Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
113.114.117.122Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
47.206.4.145Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
47.206.4.145Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
84.49.242.125Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
84.49.242.125Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
26.165.218.44Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
26.165.218.44Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
137.139.135.151Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
137.139.135.151Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
97.90.44.200Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
97.90.44.200Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
128.200.115.228Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
128.200.115.228Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
186.169.2.237Connected_From4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
186.169.2.237Connected_From49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359
4a74a9fd40...Connected_To21.252.107.198
4a74a9fd40...Connected_To70.224.36.194
4a74a9fd40...Connected_To113.114.117.122
4a74a9fd40...Connected_To47.206.4.145
4a74a9fd40...Connected_To84.49.242.125
4a74a9fd40...Connected_To26.165.218.44
4a74a9fd40...Connected_To137.139.135.151
4a74a9fd40...Connected_To97.90.44.200
4a74a9fd40...Connected_To128.200.115.228
4a74a9fd40...Connected_To186.169.2.237
83228075a6...Connected_To112.175.92.57
70034b33f5...Droppedcd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f
70034b33f5...Dropped70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
70034b33f5...Dropped96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
70034b33f5...Connected_To81.94.192.147
70034b33f5...Connected_To112.175.92.57
70034b33f5...Connected_To181.39.135.126
70034b33f5...Connected_To197.211.212.59
70034b33f5...Related_To70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289
cd5ff67ff7...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
96a296d224...Dropped_By70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
96a296d224...Dropped_By2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525

Recommendations

CISA would like to remind users and administrators to consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumbdrives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate ACLs.

Additional information on malware incident prevention and handling can be found in NIST's Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.

Contact Information

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact US-CERT and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA/US-CERT's homepage at www.us-cert.gov.

Revisions

  • April 10, 2019: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


North Korean Malicious Cyber Activity

April 10, 2019, 6:34 am
$
0
0
Original release date: April 10, 2019

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-8 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Juniper Networks Releases Multiple Security Updates

April 10, 2019, 12:09 pm
$
0
0
Original release date: April 10, 2019

Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories web page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


ST19-001: Protecting Against Ransomware

April 11, 2019, 9:09 am
$
0
0
Original release date: April 11, 2019

What is ransomware?

Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. (See Protecting Against Malicious Code for more information on malware.) After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.

If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands. (See the FBI’s ransomware article.)

How does ransomware work?

Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.

Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.

How is ransomware delivered?

Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.

What can I do to protect my data and networks?

  • Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  
  • Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).
  • Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

What can I do to prevent ransomware infections?

  • Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the target of most ransomware attacks. (See Understanding Patches and Software Updates.)
  • Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization's helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net). (See Using Caution with Email Attachments.)
  • Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
  • Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it. (See Protecting Your Privacy.)
  • Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
  • Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques. You can find information about known phishing attacks on the Anti-Phishing Working Group website. You may also want to sign up for CISA product notifications, which will alert you when a new Alert, Analysis Report, Bulletin, Current Activity, or Tip has been published.
  • Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic. (See Understanding Firewalls for Home and Small Office Use.)

How do I respond to a ransomware infection?

  • Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.  
  • Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists. (See Before You Connect a New Computer to the Internet for tips on how to make a computer more secure before you reconnect it to a network.)
  • Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

What do I do if my computer is infected with ransomware?

References

Author: CISA

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability in Multiple VPN Applications

April 12, 2019, 5:44 am
$
0
0
Original release date: April 12, 2019

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

April 12, 2019, 7:38 am
$
0
0
Original release date: April 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Multiple Vulnerabilities in WPA3 Protocol

April 12, 2019, 1:55 pm
$
0
0
Original release date: April 12, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#871675 for more information and refer to vendors for appropriate updates, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

April 14, 2019, 12:39 pm
$
0
0
Original release date: April 14, 2019

The Apache Software Foundation has released Apache Tomcat versions 7.0.94 and 8.5.40 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-0232 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB19-105: Vulnerability Summary for the Week of April 8, 2019

April 15, 2019, 3:50 am
$
0
0
Original release date: April 15, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccessAdvantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.2019-04-097.5CVE-2019-3940
BID
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6550
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.2019-04-057.5CVE-2019-6552
MISC
airsonic_project -- airsonicIn Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.2019-04-077.5CVE-2019-10908
MISC
apache -- http_serverIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.2019-04-087.2CVE-2019-0211
SUSE
MISC
MISC
MISC
MISC
MLIST
BID
REDHAT
MISC
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
BUGTRAQ
CONFIRM
UBUNTU
DEBIAN
EXPLOIT-DB
capsuletech -- smartlinx_neuron_2_firmwareA restricted environment escape vulnerability exists in the "kiosk mode" function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running version 6.9.1. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.2019-04-117.2CVE-2019-5024
MISC
f5 -- big-ip_access_policy_managerOn versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the BIG-IP system is vulnerable to a denial of service attack when performing URL classification using the APM module.2019-04-119.0CVE-2019-6610
CONFIRM
forcepoint -- email_securityA configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.2019-04-097.5CVE-2019-6140
MISC
fortinet -- fortiosA privilege escalation vulnerability in Fortinet FortiOS all versions below 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations.2019-04-099.0CVE-2017-17544
BID
MISC
gatship -- web_moduleGAT-Ship Web Module before 1.40 suffers from a vulnerability allowing attackers to upload any file type, leading to privilege escalation.2019-04-097.5CVE-2019-11028
MISC
glory-global -- rbw-100_firmwareAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.2019-04-059.0CVE-2019-10478
MISC
glory-global -- rbw-100_firmwareAn issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.2019-04-0510.0CVE-2019-10479
MISC
gnu -- glibcThe getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.2019-04-107.5CVE-2005-3590
BID
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.2019-04-087.5CVE-2019-11005
MISC
MISC
ibm -- api_connectIBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.2019-04-087.5CVE-2019-4155
CONFIRM
BID
XF
ibm -- bigfix_platformIBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.2019-04-109.0CVE-2019-4013
CONFIRM
XF
ibm -- infosphere_information_server_on_cloudIBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.2019-04-107.5CVE-2018-1994
XF
CONFIRM
ibm -- sterling_connect:directIBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.2019-04-107.2CVE-2018-1903
CONFIRM
XF
jfrog -- artifactoryAn issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.2019-04-117.5CVE-2019-9733
MISC
CONFIRM
CONFIRM
joomla -- joomla!An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.2019-04-107.5CVE-2019-10945
MISC
juniper -- junosA certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.2019-04-107.5CVE-2019-0008
CONFIRM
lighttpd -- lighttpdlighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c.2019-04-107.5CVE-2019-11072
MISC
MISC
magento -- magentoAn unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. This issue is fixed in Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.2.8, Magento 2.3.1.2019-04-107.5CVE-2019-7139
MISC
matrixssl -- matrixsslpubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure TLS Toolkit, through 4.0.2 Open has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.2019-04-087.5CVE-2019-10914
MISC
MISC
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611.2019-04-087.6CVE-2019-0592
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0609
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0592.2019-04-087.6CVE-2019-0611
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.2019-04-097.6CVE-2019-0739
BID
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0769
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0771
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783.2019-04-087.6CVE-2019-0773
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0806
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0810
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0812
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861.2019-04-097.6CVE-2019-0829
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861.2019-04-097.6CVE-2019-0860
BID
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860.2019-04-097.6CVE-2019-0861
BID
MISC
microsoft -- edgeA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0770
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.2019-04-087.6CVE-2019-0779
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.2019-04-087.6CVE-2019-0780
CONFIRM
microsoft -- excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0828
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0639
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772.2019-04-087.6CVE-2019-0665
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.2019-04-087.6CVE-2019-0666
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.2019-04-087.6CVE-2019-0667
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.2019-04-087.6CVE-2019-0680
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.2019-04-097.6CVE-2019-0752
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.2019-04-097.6CVE-2019-0753
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.2019-04-087.6CVE-2019-0763
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773.2019-04-087.6CVE-2019-0783
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.2019-04-097.6CVE-2019-0862
BID
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.2019-04-089.3CVE-2019-0748
CONFIRM
microsoft -- officeA remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0822
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'.2019-04-088.5CVE-2019-0603
CONFIRM
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.2019-04-089.3CVE-2019-0617
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.2019-04-097.2CVE-2019-0685
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.2019-04-087.2CVE-2019-0696
CONFIRM
microsoft -- windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.2019-04-087.5CVE-2019-0697
CONFIRM
microsoft -- windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.2019-04-087.5CVE-2019-0698
CONFIRM
microsoft -- windows_10A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.2019-04-087.5CVE-2019-0726
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'.2019-04-097.2CVE-2019-0735
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.2019-04-089.3CVE-2019-0756
CONFIRM
microsoft -- windows_10A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.2019-04-089.3CVE-2019-0765
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.2019-04-087.2CVE-2019-0766
CONFIRM
microsoft -- windows_10A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.2019-04-089.3CVE-2019-0772
CONFIRM
microsoft -- windows_10A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.2019-04-087.6CVE-2019-0784
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'.2019-04-097.5CVE-2019-0786
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0790
BID
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0791
BID
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.2019-04-099.3CVE-2019-0792
BID
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.2019-04-099.3CVE-2019-0793
BID
MISC
microsoft -- windows_10A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0794
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.2019-04-099.3CVE-2019-0795
BID
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.2019-04-087.2CVE-2019-0797
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.2019-04-097.2CVE-2019-0803
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.2019-04-097.2CVE-2019-0841
MISC
MISC
EXPLOIT-DB
microsoft -- windows_10A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0842
BID
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0845
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0846
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0847
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.2019-04-099.3CVE-2019-0851
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.2019-04-099.3CVE-2019-0853
MISC
microsoft -- windows_10A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.2019-04-099.0CVE-2019-0856
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.2019-04-097.2CVE-2019-0859
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.2019-04-097.2CVE-2019-0877
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.2019-04-097.2CVE-2019-0879
BID
MISC
microsoft -- windows_7An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.2019-04-087.2CVE-2019-0808
CONFIRM
mikrotik -- routerosMikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).2019-04-107.5CVE-2019-3943
MISC
ncp-e -- ncp_secure_entry_clientThe Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.2019-04-099.3CVE-2017-17023
MISC
CONFIRM
odoo -- odooImproper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.2019-04-099.0CVE-2018-15640
MISC
paloaltonetworks -- globalprotectGlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow an attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.2019-04-097.5CVE-2019-1573
BID
MISC
CERT-VN
rancher -- rancherAn issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.2019-04-109.0CVE-2018-20321
CONFIRM
CONFIRM
reolink -- c1_pro_firmwareOn Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.2019-04-089.0CVE-2019-11001
MISC
MISC
roxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.2019-04-097.5CVE-2019-7174
MISC
silverstripe -- silverstripeAll versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.2019-04-117.5CVE-2019-5715
MISC
MISC
solideos -- architectural_information_systemArchitectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.2019-04-097.5CVE-2019-9134
MISC
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.2019-04-057.5CVE-2019-10877
MISC
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.2019-04-057.5CVE-2019-10878
MISC
teeworlds -- teeworldsIn Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.2019-04-057.5CVE-2019-10879
MISC
ui -- edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.2019-04-109.0CVE-2019-5424
CONFIRM
MISC
ui -- edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.2019-04-109.0CVE-2019-5425
CONFIRM
MISC
ui -- edgeswitch_xIn Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.2019-04-109.3CVE-2019-5426
CONFIRM
MISC
verizon -- fios_quantum_gateway_g1100_firmwareRemote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.2019-04-119.0CVE-2019-3914
MISC
vpcsbd -- integrated_university_management_systemAn authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).2019-04-1110.0CVE-2019-11196
MISC
vstarcam -- eye4The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker's fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password).2019-04-0810.0CVE-2019-11014
MISC
MISC
xmlsoft -- libxsltlibxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.2019-04-107.5CVE-2019-11068
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccessAdvantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.2019-04-096.4CVE-2019-3941
BID
MISC
advantech -- webaccessAdvantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.2019-04-055.0CVE-2019-6554
MISC
airsonic_project -- airsonicAirsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.2019-04-075.0CVE-2019-10907
MISC
apache -- airflowA number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.2019-04-106.8CVE-2019-0229
MLIST
BID
MISC
apache -- http_serverIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.2019-04-086.0CVE-2019-0215
MLIST
BID
MISC
MLIST
FEDORA
FEDORA
CONFIRM
apache -- http_serverIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.2019-04-086.0CVE-2019-0217
SUSE
MLIST
BID
MISC
MISC
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
UBUNTU
UBUNTU
DEBIAN
apache -- tomcatThe HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.2019-04-105.0CVE-2019-0199
MISC
autodesk -- advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7358
MISC
autodesk -- advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7359
MISC
autodesk -- advance_steelAn exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.2019-04-096.8CVE-2019-7360
MISC
autodesk -- advance_steelAn attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.2019-04-096.8CVE-2019-7361
MISC
aveva -- wonderware_system_platformAVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.2019-04-114.0CVE-2019-6525
MISC
CONFIRM
bolt -- boltCross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.2019-04-056.8CVE-2019-10874
MISC
MISC
MISC
EXPLOIT-DB
cantemo -- portalCantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.2019-04-106.0CVE-2019-7551
CONFIRM
CONFIRM
MISC
MISC
checkpoint -- ipsec_vpnCheck Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.2019-04-094.3CVE-2019-8456
MISC
clamav -- clamavA vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.2019-04-086.8CVE-2019-1785
MISC
GENTOO
clamav -- clamavA vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1786
MISC
MISC
GENTOO
clamav -- clamavA vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1787
MISC
GENTOO
clamav -- clamavA vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1788
MISC
GENTOO
clamav -- clamavA vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.2019-04-084.3CVE-2019-1798
MISC
GENTOO
claws-mail -- mailIn Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10735
MISC
cmsmadesimple -- cms_made_simpleAn issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.2019-04-116.5CVE-2019-9056
CONFIRM
CONFIRM
ctolog -- thinkadminapplication\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.2019-04-085.0CVE-2019-11018
MISC
cyberark -- endpoint_privilege_managerCyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.2019-04-094.6CVE-2018-14894
MISC
MISC
EXPLOIT-DB
MISC
dasannetworks -- h660rm_firmwarediag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.2019-04-116.4CVE-2019-9974
MISC
MISC
BUGTRAQ
dasannetworks -- h660rm_firmwareDASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.2019-04-115.0CVE-2019-9975
MISC
MISC
BUGTRAQ
dasannetworks -- h660rm_firmwareThe Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.2019-04-114.0CVE-2019-9976
MISC
eclipse -- kuraIn Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.2019-04-095.0CVE-2019-10242
BID
CONFIRM
eclipse -- kuraIn Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.2019-04-095.0CVE-2019-10243
BID
CONFIRM
eclipse -- kuraIn Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.2019-04-095.0CVE-2019-10244
BID
CONFIRM
elgg -- elggElgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.2019-04-085.8CVE-2019-11016
MISC
MISC
MISC
fastadmin -- fastadminFastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.2019-04-106.0CVE-2019-11077
MISC
fedoraproject -- fedorasimple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.2019-04-084.3CVE-2019-9844
MISC
FEDORA
MISC
fortinet -- fortiosAn information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.2019-04-095.0CVE-2018-13366
CONFIRM
freedesktop -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.2019-04-054.3CVE-2019-10871
BID
MISC
freedesktop -- popplerAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.2019-04-056.8CVE-2019-10872
BID
MISC
freedesktop -- popplerAn issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.2019-04-054.3CVE-2019-10873
BID
MISC
freedesktop -- popplerFontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.2019-04-084.3CVE-2019-11026
MISC
MISC
gemalto -- sentinel_ultrapro_client_libraryThe uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.2019-04-116.8CVE-2019-6534
MISC
MISC
MISC
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2).2019-04-114.3CVE-2019-6796
MISC
MISC
MISC
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.2019-04-086.4CVE-2019-11006
MISC
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.2019-04-085.8CVE-2019-11007
MISC
MISC
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.2019-04-086.8CVE-2019-11008
MISC
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.2019-04-085.8CVE-2019-11009
MISC
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.2019-04-084.3CVE-2019-11010
MISC
MISC
graphviz -- graphvizThe agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.2019-04-086.8CVE-2019-11023
MISC
MISC
ibm -- api_connectSome URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.2019-04-085.0CVE-2019-4051
BID
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.2019-04-085.0CVE-2018-1885
BID
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.2019-04-084.0CVE-2018-1997
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.2019-04-084.0CVE-2018-1999
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.2019-04-086.8CVE-2018-2000
BID
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.2019-04-084.0CVE-2019-4045
XF
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.2019-04-085.5CVE-2019-4210
BID
XF
CONFIRM
isc -- bindA denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.2019-04-095.0CVE-2017-3139
CONFIRM
CONFIRM
ivanti -- workspace_controlAn issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.2019-04-054.6CVE-2019-10885
MISC
jenkins -- jenkinsUsers who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.2019-04-106.8CVE-2019-1003049
MISC
joomla -- joomla!An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.2019-04-105.0CVE-2019-10946
MISC
juniper -- junosSpecific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.2019-04-105.0CVE-2019-0031
BID
CONFIRM
juniper -- junosA firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.2019-04-105.0CVE-2019-0033
BID
CONFIRM
juniper -- junosStarting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data. Configuration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical 'set' operations on the device. These APIs need the client to be authenticated for which the username/password can be used. Successful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network Agent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R1-S3. This issue does not affect Junos OS releases prior to 16.1.2019-04-105.8CVE-2019-0034
BID
CONFIRM
MISC
MISC
MISC
juniper -- junosIf REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.2019-04-104.3CVE-2019-0039
CONFIRM
juniper -- junosOn EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.2019-04-105.0CVE-2019-0041
CONFIRM
juniper -- junosReceipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160.2019-04-105.0CVE-2019-0044
BID
CONFIRM
k-9_mail_project -- k-9_mailK-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states "We don't plan to take any action because of this."2019-04-074.3CVE-2019-10741
MISC
kde -- kmailIn KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10732
MISC
kmplayer -- kmplayerWhen processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.2019-04-094.3CVE-2019-9133
MISC
libsixel_project -- libsixelThe load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.2019-04-084.3CVE-2019-11024
MISC
MISC
linux -- linux_kernelThe Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.2019-04-114.7CVE-2019-11190
BID
MISC
MISC
MISC
MISC
linux -- linux_kernelThe Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.2019-04-114.7CVE-2019-11191
BID
MISC
MISC
linux -- linux_kernelIt was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.2019-04-114.9CVE-2019-3837
CONFIRM
linux -- linux_kernelA flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.2019-04-094.7CVE-2019-3887
BID
CONFIRM
materializecss -- materializeIn Materialize through 1.0.0, XSS is possible via the Tooltip feature.2019-04-084.3CVE-2019-11002
MISC
materializecss -- materializeIn Materialize through 1.0.0, XSS is possible via the Autocomplete feature.2019-04-084.3CVE-2019-11003
MISC
materializecss -- materializeIn Materialize through 1.0.0, XSS is possible via the Toast feature.2019-04-084.3CVE-2019-11004
MISC
mi -- mi_browserA URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.2019-04-054.3CVE-2019-10875
MISC
MISC
MISC
microsoft -- .net_core_sdkA tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.2019-04-084.0CVE-2019-0757
CONFIRM
microsoft -- asp.net_coreA denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.2019-04-095.0CVE-2019-0815
BID
MISC
microsoft -- azure_devops_server_2019A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.2019-04-094.3CVE-2019-0857
BID
MISC
microsoft -- azure_devops_server_2019A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.2019-04-094.3CVE-2019-0869
BID
MISC
microsoft -- azure_devops_server_2019A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.2019-04-094.3CVE-2019-0874
BID
MISC
microsoft -- azure_devops_server_2019An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.2019-04-095.0CVE-2019-0875
MISC
microsoft -- chakracoreAn information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.2019-04-084.3CVE-2019-0746
CONFIRM
microsoft -- edgeAn elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.2019-04-084.0CVE-2019-0678
CONFIRM
microsoft -- edgeA security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.2019-04-084.3CVE-2019-0762
CONFIRM
microsoft -- edgeA tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.2019-04-094.3CVE-2019-0764
BID
MISC
microsoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.2019-04-094.3CVE-2019-0833
BID
MISC
microsoft -- exchange_serverA spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.2019-04-095.8CVE-2019-0817
MISC
microsoft -- exchange_serverA spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.2019-04-094.3CVE-2019-0858
MISC
microsoft -- internet_explorerA security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.2019-04-084.3CVE-2019-0761
CONFIRM
microsoft -- internet_explorerA security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.2019-04-084.3CVE-2019-0768
CONFIRM
microsoft -- internet_explorerAn information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'.2019-04-094.3CVE-2019-0835
MISC
microsoft -- lync_serverA spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.2019-04-084.3CVE-2019-0798
CONFIRM
microsoft -- officeA remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.2019-04-096.8CVE-2019-0801
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0823
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0824
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827.2019-04-096.8CVE-2019-0825
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827.2019-04-096.8CVE-2019-0826
MISC
microsoft -- officeA remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826.2019-04-096.8CVE-2019-0827
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0866
BID
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0867
BID
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.2019-04-094.3CVE-2019-0868
BID
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.2019-04-094.3CVE-2019-0870
BID
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.2019-04-094.3CVE-2019-0871
BID
MISC
microsoft -- visual_studio_2017A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.2019-04-086.8CVE-2019-0809
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774.2019-04-084.3CVE-2019-0614
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0682
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.2019-04-095.0CVE-2019-0688
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0689
CONFIRM
microsoft -- windows_10A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.2019-04-085.5CVE-2019-0690
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694.2019-04-084.6CVE-2019-0692
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694.2019-04-084.6CVE-2019-0693
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693.2019-04-084.6CVE-2019-0694
CONFIRM
microsoft -- windows_10A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.2019-04-085.5CVE-2019-0695
CONFIRM
microsoft -- windows_10A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.2019-04-085.5CVE-2019-0701
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.2019-04-084.0CVE-2019-0703
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.2019-04-084.0CVE-2019-0704
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0730
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0731
MISC
microsoft -- windows_10A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.2019-04-094.6CVE-2019-0732
MISC
microsoft -- windows_10A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.2019-04-084.9CVE-2019-0754
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614.2019-04-084.3CVE-2019-0774
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849.2019-04-094.3CVE-2019-0802
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.2019-04-094.6CVE-2019-0805
MISC
microsoft -- windows_10An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.2019-04-084.0CVE-2019-0821
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.2019-04-094.6CVE-2019-0836
BID
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0802.2019-04-094.3CVE-2019-0849
MISC
microsoft -- windows_7An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.2019-04-084.3CVE-2019-0683
CONFIRM
mkcms_project -- mkcmsMKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI.2019-04-106.8CVE-2019-11078
MISC
mybb -- mybbA reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.2019-04-114.3CVE-2018-19202
CONFIRM
CONFIRM
nvidia -- jetson_tx1NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.2019-04-116.4CVE-2019-5672
CONFIRM
odoo -- odooImproper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.2019-04-094.0CVE-2018-15631
MISC
odoo -- odooCross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.2019-04-094.3CVE-2018-15635
MISC
omron -- common_componentsWhen processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.2019-04-106.8CVE-2019-6556
MISC
openstack -- neutronAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.2019-04-054.0CVE-2019-10876
MLIST
MISC
MISC
CONFIRM
paessler -- prtgPRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.2019-04-104.3CVE-2018-14683
CONFIRM
pivotal_software -- spring_securitySpring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.2019-04-095.0CVE-2019-3795
BID
CONFIRM
rancher -- rancherIn Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.2019-04-106.5CVE-2019-6287
CONFIRM
CONFIRM
redhat -- gluster_storageA flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.2019-04-095.5CVE-2019-3880
SUSE
MISC
CONFIRM
MLIST
CONFIRM
MISC
redhat -- satelliteA lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.2019-04-115.2CVE-2019-3845
CONFIRM
redhat -- satelliteIn Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.2019-04-094.0CVE-2019-3893
BID
CONFIRM
MISC
MISC
roundcube -- webmailIn Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10740
MISC
roundup-tracker -- roundupRoundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.2019-04-064.3CVE-2019-10904
MLIST
MISC
MISC
MLIST
MISC
salicru -- slc-20-cube3(5)A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.2019-04-054.3CVE-2019-10887
MISC
MISC
EXPLOIT-DB
sap -- business_application_software_integrated_solutionABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.2019-04-106.5CVE-2019-0279
CONFIRM
CONFIRM
sap -- crystal_reportsThe .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.2019-04-105.0CVE-2019-0285
CONFIRM
CONFIRM
sap -- netweaver_process_integrationUnder certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.2019-04-104.0CVE-2019-0278
CONFIRM
CONFIRM
sap -- netweaver_process_integrationSeveral web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.2019-04-105.0CVE-2019-0282
CONFIRM
CONFIRM
sap -- netweaver_process_integrationSAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.2019-04-105.5CVE-2019-0283
CONFIRM
CONFIRM
search-guard -- search_guardThe floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.2019-04-094.3CVE-2018-20698
CONFIRM
CONFIRM
spip -- spipSPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.2019-04-106.5CVE-2019-11071
MISC
MISC
MISC
MISC
symantec -- endpoint_encryptionSymantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-04-104.6CVE-2019-9694
CONFIRM
symantec -- vip_enterprise_gatewaySymantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.2019-04-094.3CVE-2019-9696
BID
CONFIRM
systemd_project -- systemdIn systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".2019-04-094.4CVE-2019-3842
CONFIRM
FEDORA
tibco -- activematrix_businessworksThe HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.2019-04-096.8CVE-2019-8990
BID
MISC
MISC
trendmicro -- apex_oneA directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.2019-04-055.0CVE-2019-9489
CONFIRM
CONFIRM
trendmicro -- interscan_web_security_virtual_applianceA vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.2019-04-054.0CVE-2019-9490
BID
CONFIRM
trojita_project -- trojitaIn KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.2019-04-074.3CVE-2019-10734
MISC
uipath -- orchestratorUiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.2019-04-116.5CVE-2018-17305
CONFIRM
ukcms -- ukcmsA CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.2019-04-056.8CVE-2019-10888
MISC
uniqkey -- password_managerAn issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html.2019-04-084.3CVE-2019-10676
MISC
MISC
MISC
MISC
uniqkey -- password_managerAn issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id="uniqkey-password-popup" and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676.2019-04-084.3CVE-2019-10845
MISC
FULLDISC
MISC
uniqkey -- password_managerUniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.2019-04-054.3CVE-2019-10884
MISC
verizon -- fios_quantum_gateway_g1100_firmwareAuthentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.2019-04-115.4CVE-2019-3915
BID
MISC
verizon -- fios_quantum_gateway_g1100_firmwareInformation disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).2019-04-115.0CVE-2019-3916
MISC
webkitgtk -- webkitgtkWebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.2019-04-105.0CVE-2019-11070
MISC
MLIST
MISC
BUGTRAQ
MISC
winmagic -- securedoc_disk_encryptionWINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search Path or Element.2019-04-084.6CVE-2018-20341
CONFIRM
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.2019-04-095.0CVE-2019-10894
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.2019-04-095.0CVE-2019-10895
BID
MISC
MISC
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.2019-04-095.0CVE-2019-10896
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.2019-04-095.0CVE-2019-10897
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.2019-04-095.0CVE-2019-10898
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.2019-04-095.0CVE-2019-10899
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.2019-04-095.0CVE-2019-10900
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.2019-04-095.0CVE-2019-10901
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.2019-04-095.0CVE-2019-10902
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.2019-04-095.0CVE-2019-10903
BID
MISC
MISC
MISC
wpape -- ape_galleryThe wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.2019-04-094.3CVE-2019-6117
MISC
xmltooling_project -- xmltoolingThe XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.2019-04-115.0CVE-2019-9628
MISC
MISC
UBUNTU
MISC
zarafa -- webaccessUnauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead.2019-04-114.3CVE-2019-7219
MISC
MISC
zyxel -- nas326_firmwareA plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.2019-04-094.0CVE-2019-10630
MISC
zyxel -- nas326_firmwareShell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.2019-04-096.5CVE-2019-10631
MISC
zyxel -- nas326_firmwareA directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files.2019-04-094.0CVE-2019-10632
MISC
zyxel -- nas326_firmwareAn eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.2019-04-096.5CVE-2019-10633
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- airflowA malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.2019-04-103.5CVE-2019-0216
MLIST
BID
MISC
cacti -- cactiIn clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.2019-04-083.5CVE-2019-11025
MISC
MISC
canonical -- ubuntu_linuxA security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.2019-04-081.9CVE-2019-0816
CONFIRM
canonical -- ubuntu_linuxA heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.2019-04-113.3CVE-2019-3460
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
forticlient -- forticlientAn improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.2019-04-093.6CVE-2019-5585
BID
CONFIRM
gnu -- glibcThe nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.2019-04-102.1CVE-2006-7254
MISC
ibm -- cloud_privateIBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.2019-04-083.5CVE-2018-1943
BID
XF
CONFIRM
ibm -- cloud_privateThe IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.2019-04-082.1CVE-2019-4143
BID
XF
CONFIRM
ibm -- spectrum_protect_for_virtual_environmentsIBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.2019-04-082.1CVE-2018-1787
CONFIRM
XF
ibm -- spectrum_protect_for_virtual_environmentsIn a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.2019-04-081.9CVE-2018-1882
CONFIRM
CONFIRM
BID
XF
iobit -- smart_defragSmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.2019-04-112.1CVE-2019-6493
MISC
MISC
jenkins -- jenkinsThe f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.2019-04-103.5CVE-2019-1003050
BID
MISC
lenovo -- 510-15ikl_firmwareIn Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.2019-04-102.1CVE-2019-6156
MISC
microsoft -- edgeA security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.2019-04-082.6CVE-2019-0612
CONFIRM
microsoft -- sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.2019-04-083.5CVE-2019-0778
CONFIRM
microsoft -- sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.2019-04-093.5CVE-2019-0830
MISC
microsoft -- sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.2019-04-093.5CVE-2019-0831
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.2019-04-083.5CVE-2019-0777
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0702
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0755
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.2019-04-082.1CVE-2019-0759
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.2019-04-082.1CVE-2019-0767
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.2019-04-081.9CVE-2019-0775
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.2019-04-082.1CVE-2019-0776
CONFIRM
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.2019-04-082.1CVE-2019-0782
CONFIRM
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.2019-04-092.1CVE-2019-0796
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.2019-04-092.1CVE-2019-0814
MISC
microsoft -- windows_10An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.2019-04-092.1CVE-2019-0837
MISC
microsoft -- windows_10An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839.2019-04-092.1CVE-2019-0838
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.2019-04-092.1CVE-2019-0839
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0844.2019-04-092.1CVE-2019-0840
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840.2019-04-092.1CVE-2019-0844
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814.2019-04-092.1CVE-2019-0848
MISC
nvidia -- jetson_tx2NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3.2019-04-113.6CVE-2019-5673
CONFIRM
osisoft -- pi_visionOSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes.2019-04-083.5CVE-2018-19006
MISC
paloaltonetworks -- expedition_migration_toolThe Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.2019-04-093.5CVE-2019-1567
MISC
paloaltonetworks -- expedition_migration_toolCross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.2019-04-123.5CVE-2019-1574
CONFIRM
rapid7 -- insightvmUsers with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.2019-04-093.5CVE-2019-5615
CONFIRM
redhat -- enterprise_mrgA heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.2019-04-113.3CVE-2019-3459
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
samba -- sambaA vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.2019-04-093.6CVE-2019-3870
CONFIRM
MISC
MISC
sap -- hanaSLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.2019-04-103.6CVE-2019-0284
CONFIRM
CONFIRM
zyxel -- nas326_firmwareAn XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.2019-04-093.5CVE-2019-10634
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
auth0 -- auth0-wcf-service-jwtAuth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.2019-04-11not yet calculatedCVE-2019-7644
MISC
d-link -- multiple_devicesOn D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.2019-04-11not yet calculatedCVE-2018-19300
MISC
CONFIRM
MISC
MISC
forecpoint -- email_securityA stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.2019-04-09not yet calculatedCVE-2018-16530
MISC
fortinet -- fortisandboxA reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.2019-04-09not yet calculatedCVE-2018-1356
BID
CONFIRM
gradle -- gradleGradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.2019-04-09not yet calculatedCVE-2019-11065
MISC
hanwha_techwin -- srn-4000Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.2019-04-08not yet calculatedCVE-2017-7912
MISC
honeywell -- experion_pksA directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-5436
MISC
honeywell -- experion_pksAn arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-5435
MISC
honeywell -- experion_pksA file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.2019-04-08not yet calculatedCVE-2014-9186
MISC
hp_development_company -- multiple_printersHP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.2019-04-11not yet calculatedCVE-2019-6318
CONFIRM
hpe -- gen10_proliant_serversA remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.2019-04-09not yet calculatedCVE-2018-7117
MISC
hpe -- service_pack_for_proliantA local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.2019-04-09not yet calculatedCVE-2018-7118
MISC
ibm -- spectrum_protectIBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.2019-04-08not yet calculatedCVE-2018-1853
CONFIRM
XF
inteno -- iopsys
 		An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.2019-04-11not yet calculatedCVE-2018-20487
CONFIRM
MISC
juniper -- identity_management_serviceJuniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.2019-04-10not yet calculatedCVE-2019-0042
CONFIRM
juniper -- junos_osCrafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.2019-04-10not yet calculatedCVE-2019-0038
BID
CONFIRM
juniper -- junos_osWhen "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0035
CONFIRM
juniper -- junos_osIn MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10.2019-04-10not yet calculatedCVE-2019-0043
CONFIRM
juniper -- junos_osOn Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS). Note: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue. This issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing: user@junos> show version | match kernel JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10] Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D236; 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8; 17.3 versions prior to 17.3R2; 17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0040
CONFIRM
juniper -- junos_osIn a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.2019-04-10not yet calculatedCVE-2019-0037
CONFIRM
juniper -- junos_osWhen BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.2019-04-10not yet calculatedCVE-2019-0019
CONFIRM
juniper -- junos_osOn Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected.2019-04-10not yet calculatedCVE-2019-0028
CONFIRM
juniper -- junos_osWhen configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.2019-04-10not yet calculatedCVE-2019-0036
CONFIRM
juniper -- service_insight_and_service_nowA password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.2019-04-10not yet calculatedCVE-2019-0032
BID
CONFIRM
MISC
kentico -- kentico_cmsKentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.2019-04-10not yet calculatedCVE-2018-19453
MISC
lenovo -- bootable_generatorA DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.2019-04-10not yet calculatedCVE-2019-6154
MISC
mcafee -- dxl_platform_and_tie_serverInformation Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.2019-04-10not yet calculatedCVE-2019-3612
CONFIRM
microsoft -- azure_linux_agentAn information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.2019-04-08not yet calculatedCVE-2019-0804
CONFIRM
microsoft -- open_enclave_sdkAn information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.2019-04-09not yet calculatedCVE-2019-0876
BID
MISC
microsoft -- windows_admin_centerAn elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.2019-04-09not yet calculatedCVE-2019-0813
MISC
norton -- password_managerNorton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.2019-04-09not yet calculatedCVE-2018-18365
MISC
nvidia -- jetson_tx2NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6269
CONFIRM
nvidia -- jetson_tx2NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.2019-04-12not yet calculatedCVE-2018-6239
CONFIRM
pallets -- jinjaIn Pallets Jinja before 2.8.1, str.format allows a sandbox escape.2019-04-08not yet calculatedCVE-2016-10745
MISC
MISC
pallets -- jinjaIn Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.2019-04-06not yet calculatedCVE-2019-10906
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
parsedown -- parsedownParsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.2019-04-06not yet calculatedCVE-2019-10905
MISC
MISC

pulse_secure -- pulse_desktop_client_and_pulse_connect_secure

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.2019-04-12not yet calculatedCVE-2019-11213
MISC
salesagility -- suitecrmAn XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.2019-04-05not yet calculatedCVE-2018-20816
MISC
MISC
MISC
sequelize -- sequelizeSequelize before 5.3.0 does not properly ensure that standard conforming strings are used.2019-04-10not yet calculatedCVE-2019-11069
MISC
MISC
silverpeas -- silverpeasSilverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.2019-04-09not yet calculatedCVE-2018-19586
MISC
MISC
utimaco -- cryptoserver_hsmIncorrect Access Controls of Security Officer (SO) in PKCS11 R2 provider that ships with the Utimaco CryptoServer HSM product package allows an SO authenticated to a slot to retrieve attributes of keys marked as private keys in external key storage, and also delete keys marked as private keys in external key storage. This compromises the availability of all keys configured with external key storage and may result in an economic attack in which the attacker denies legitimate users access to keys while maintaining possession of an encrypted copy (blob) of the external key store for ransom. This attack has been dubbed reverse ransomware attack and may be executed via a physical connection to the CryptoServer or remote connection if SSH or remote access to LAN CryptoServer has been compromised. The Confidentiality and Integrity of the affected keys, however, remain untarnished.2019-04-09not yet calculatedCVE-2018-19589
CONFIRM
MISC
vmware -- horizon_connection_serverVMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server?s internal name, or the gateway?s internal IP address.2019-04-09not yet calculatedCVE-2019-5513
MISC
vmware -- workstationVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.2019-04-09not yet calculatedCVE-2019-5511
MISC
vmware -- workstationVMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.2019-04-09not yet calculatedCVE-2019-5512
MISC
zephyr_project -- zephyrA buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.2019-04-12not yet calculatedCVE-2017-14199
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Oracle Releases April 2019 Security Bulletin

April 16, 2019, 2:57 pm
$
0
0
Original release date: April 16, 2019

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers

April 17, 2019, 8:54 am
$
0
0
Original release date: April 17, 2019

The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


ICSJWG Spring Meeting April 23–25

April 17, 2019, 11:19 am
$
0
0
Original release date: April 17, 2019

The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages interested participants to visit the ICSJWG website to register for the Spring Meeting by April 17, 2019, and for additional information.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

April 17, 2019, 11:22 am
$
0
0
Original release date: April 17, 2019

Cisco has released a security update to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Updates

April 17, 2019, 5:50 pm
$
0
0
Original release date: April 17, 2019

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-005 and SA-CORE-2019-006 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Viewing all 3440 articles
Browse latest View live
Search