NVD

CVE-2018-6271

NVD Vulnerabilities - Wed, 02/13/2019 - 17:29
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
Categories: NVD

CVE-2018-19008

NVD Vulnerabilities - Wed, 02/13/2019 - 16:29
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
Categories: NVD

CVE-2019-8337

NVD Vulnerabilities - Wed, 02/13/2019 - 15:29
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Categories: NVD

CVE-2019-5915

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
Categories: NVD

CVE-2019-5916

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.
Categories: NVD

CVE-2018-0696

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Categories: NVD

CVE-2018-12409

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.
Categories: NVD

CVE-2018-13403

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
Categories: NVD

CVE-2018-13404

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
Categories: NVD

CVE-2018-16189

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: NVD

CVE-2018-16190

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: NVD

CVE-2018-20232

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
Categories: NVD

CVE-2018-20237

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Categories: NVD

CVE-2018-20238

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
Categories: NVD

CVE-2019-5909

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
Categories: NVD

CVE-2019-5910

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Categories: NVD

CVE-2019-5911

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: NVD

CVE-2019-5912

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: NVD

CVE-2019-5913

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: NVD

CVE-2019-5914

NVD Vulnerabilities - Wed, 02/13/2019 - 13:29
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
Categories: NVD