Vulnerabilities

CVE-2017-18367


golang: Resolve bug with handling of multiple argument rules · seccomp/libseccomp-golang@06e7a29 · GitHub BUG: Handling of multiple syscall arguments incorrect · Issue #22 · seccomp/libseccomp-golang · GitHub
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

CVE-2018-10055


tensorflow/tfsa-2018-006.md at master · tensorflow/tensorflow · GitHub
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-13443


GitHub - EOSIO/eos: An open source smart contract platform A heap-buffer-overflow vunnerability of wasm · Issue #6585 · EOSIO/eos · GitHub HackerOne
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.

CVE-2018-18251


VSR | Resources | Advisories
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authentica

CVE-2018-20434


https://drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view?usp=sharing librenms-exploit.py · GitHub
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.

CVE-2018-7574


tensorflow/tfsa-2018-001.md at master · tensorflow/tensorflow · GitHub
Google TensorFlow 1.6.x and earlier is affected by a Null Pointer Dereference vulnerability. The type of exploitation is: context-dependent.

CVE-2018-7575


tensorflow/tfsa-2018-004.md at master · tensorflow/tensorflow · GitHub
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.

CVE-2018-7577


tensorflow/tfsa-2018-005.md at master · tensorflow/tensorflow · GitHub
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

CVE-2019-10008


Readme | Hotfix & updates | ManageEngine ServiceDesk Plus
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.

CVE-2019-10239


Advisory RunAsSpc 3.7.0.0 Insufficiently Protected Credentials (CVE-2019-10239) - TO Blog
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.

CVE-2019-10691


The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.

CVE-2019-11032


CERT-XLM - Security advisory - Excellium Services CVE-2019-11032 - Excellium Services
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.

CVE-2019-11081


Vulnerability in Sirona Sidexis 4
A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an attacker to gain administrative access to the application server.

CVE-2019-11203


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO ActiveMatrix BPM - 2019-11203 | TIBCO Software
The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up

CVE-2019-11217


Bonobo Git Server - Changelog CVE-2019-11217: Arbitraty command execution in Bonobo Git Server GitController [FLAB]
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.

CVE-2019-11218


Bonobo Git Server - Changelog CVE-2019-11218: Privilege escalation in Bonobo Git Server AccountController [FLAB]
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

CVE-2019-11498


issue #67: make sure sample rate is specified and non-zero in DFF files · dbry/WavPack@bc6cba3 · GitHub Uninitialized Read in WavpackSetConfiguration64() · Issue #67 · dbry/WavPack · GitHub
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

CVE-2019-11502


cmd/snap-confine: chown private /tmp parent to root.root · snapcore/snapd@bdbfeeb · GitHub oss-security - Security issues in snapcraft snap-confine set*id binary
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

CVE-2019-11503


cmd/snap-confine: prevent cwd restore permission bypass by zyga · Pull Request #6642 · snapcore/snapd · GitHub oss-security - Security issues in snapcraft snap-confine set*id binary
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

CVE-2019-11504


Release 0.47.0 — Zotonic 1.0-dev documentation
Zotonic before version 0.47 has mod_admin XSS.

CVE-2019-11505


GraphicsMagick: changeset 15960:85f5bdcd246a GraphicsMagick / Bugs / #605 heap-buffer-overflow in function WritePDBImage of coders/pdb.c
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

CVE-2019-11506


GraphicsMagick: changeset 15961:57ac0ae85e2a GraphicsMagick / Bugs / #604 heap-buffer-overflow in function WriteMATLABImage of coders/mat.c
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

CVE-2019-11511


ADSelfService Plus Release Notes
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.

CVE-2019-11513


http://dev.cmsmadesimple.org/bug/view/12022
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.

CVE-2019-11514


Flarum 0.1.0-beta.8 Released - Flarum Community Always invalidate all user email tokens · flarum/core@66607a5 · GitHub
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.

CVE-2019-11515


Gila CMS 1.10.1 任意文件下载漏洞
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.

CVE-2019-3786


https://www.cloudfoundry.org/blog/cve-2019-3786
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.

CVE-2019-3789


https://www.cloudfoundry.org/blog/cve-2019-3789
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.

CVE-2019-3793


CVE-2019-3793: Invitations Service supports HTTP connections | Security | Pivotal
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.

CVE-2019-3868


1679144 – (CVE-2019-3868) CVE-2019-3868 keycloak: session hijack using the user access token
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user?s browser session.

CVE-2019-3882


1689426 – (CVE-2019-3882) CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

CVE-2019-7211


SmarterMail Release Notes and Version History
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.

CVE-2019-7212


SmarterMail Release Notes and Version History
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users? emails and file attachments. It was also possible to interact with mailing lists.

CVE-2019-7213


SmarterMail Release Notes and Version History
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.

CVE-2019-7214


SmarterMail Release Notes and Version History
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

CVE-2019-8991


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO Active Matrix Service Grid - 2019-8991 | TIBCO Software
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases

CVE-2019-8992


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO Active Matrix Service Grid - 2019-8992 | TIBCO Software
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload di

CVE-2019-8993


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO Active Matrix Service Grid - 2019-8993 | TIBCO Software
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthen

CVE-2019-8994


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO ActiveMatrix BPM - 2019-8994 | TIBCO Software
The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and includ

CVE-2019-8995


301 Moved Permanently TIBCO Security Advisory: April 24, 2019 - TIBCO ActiveMatrix BPM - 2019-8995 | TIBCO Software
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Sil

CVE-2019-9635


tensorflow/tfsa-2019-001.md at master · tensorflow/tensorflow · GitHub
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

CVE-2019-9724


Fix CVE-2019-9734 · aquaverde/aquarius-core@d1dfa5b · GitHub CVE-2019-9724: Information Disclosure im Aquarius CMS - Tryption.ch
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.

CVE-2019-9734


Fix CVE-2019-9734 · aquaverde/aquarius-core@d1dfa5b · GitHub https://www.tryption.ch/2019/04/19/cve-2019-9734-password-leakage-im-aquarius-cms/
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file because of incorrect if/else usage in the Log-File writer component.

CVE-2019-9928


GStreamer Security Center
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

CVE-2019-9950


New Release - My Cloud Firmware Versions 2.31.174 (3/26/19) - News & Announcements - WD Community https://support.wdc.com/downloads.aspx?g=2702&lang=en
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My C

CVE-2019-9951


New Release - My Cloud Firmware Versions 2.31.174 (3/26/19) - News & Announcements - WD Community https://support.wdc.com/downloads.aspx?g=2702&lang=en
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.

Techno

Slashdot