NVD

CVE-2018-18569

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks.
Categories: NVD

CVE-2018-20242

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
Categories: NVD

CVE-2019-6489

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
Categories: NVD

CVE-2019-7737

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.
Categories: NVD

CVE-2019-7738

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
Categories: NVD

CVE-2019-7747

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Categories: NVD

CVE-2019-7748

NVD Vulnerabilities - Mon, 02/11/2019 - 16:29
_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.
Categories: NVD

CVE-2018-17542

NVD Vulnerabilities - Mon, 02/11/2019 - 15:29
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Categories: NVD

CVE-2019-5736

NVD Vulnerabilities - Mon, 02/11/2019 - 14:29
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Categories: NVD

CVE-2018-15586

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Categories: NVD

CVE-2018-15587

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
Categories: NVD

CVE-2018-15588

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
Categories: NVD

CVE-2019-7730

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
Categories: NVD

CVE-2019-7731

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
Categories: NVD

CVE-2019-7732

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
Categories: NVD

CVE-2019-7733

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
Categories: NVD

CVE-2019-7736

NVD Vulnerabilities - Mon, 02/11/2019 - 12:29
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.
Categories: NVD

CVE-2018-11847

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016
Categories: NVD

CVE-2018-11855

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.
Categories: NVD

CVE-2018-11888

NVD Vulnerabilities - Mon, 02/11/2019 - 10:29
Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016.
Categories: NVD