Fwd: SB19-028: Vulnerability Summary for the Week of January 21, 2019
RICHARD BARTH
w3hwn at comcast.net
Mon Jan 28 20:09:46 EST 2019
> SB19-028: Vulnerability Summary for the Week of January 21, 2019 ---------- Original Message ----------
> From: US-CERT <US-CERT at ncas.us-cert.gov>
> To: w3hwn at arrl.net
> Date: January 28, 2019 at 6:22 PM
> Subject: SB19-028: Vulnerability Summary for the Week of January 21, 2019
>
>
> [U.S. Department of Homeland Security US-CERT]
>
> National Cyber Awareness System:
>
>
>
> SB19-028: Vulnerability Summary for the Week of January 21, 2019 https://www.us-cert.gov/ncas/bulletins/SB19-028
> 01/28/2019 05:36 AM EST
>
> Original release date: January 28, 2019
>
> The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology http://www.nist.gov (NIST) National Vulnerability Database http://nvd.nist.gov (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security http://www.dhs.gov (DHS) National Cybersecurity and Communications Integration Center https://www.us-cert.gov/nccic (NCCIC) / United States Computer Emergency Readiness Team https://www.us-cert.gov (US-CERT). For modified or updated entries, please visit the NVD http://nvd.nist.gov , which contains historical vulnerability information.
>
> The vulnerabilities are based on the CVE http://cve.mitre.org/ vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System http://nvd.nist.gov/cvss.cfm (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
>
> * High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
>
> * Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
>
> * Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
>
> Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
>
> The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database https://nvd.nist.gov/vuln/search (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
>
>
>
>
> High Vulnerabilities
>
> Primary
> Vendor -- Product Description Published CVSS Score Source & Patch Info
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-12830&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-12830 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12830
> BID http://www.securityfocus.com/bid/106158
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15987&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15987 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15987
> BID http://www.securityfocus.com/bid/106163
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15988&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15988 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15988
> BID http://www.securityfocus.com/bid/106172
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15990&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15990 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15990
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15991&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15991 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15991
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15992&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15992 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15992
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15993&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15993 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15993
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15994&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15994 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15994
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15998&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15998 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15998
> BID http://www.securityfocus.com/bid/106163
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15999&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-15999 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15999
> BID http://www.securityfocus.com/bid/106172
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16000&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16000 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16000
> BID http://www.securityfocus.com/bid/106172
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16003&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16003 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16003
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16004&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16004 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16004
> BID http://www.securityfocus.com/bid/106161
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16008&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16008 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16008
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16011&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16011 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16011
> BID http://www.securityfocus.com/bid/106164
> BID http://www.securityfocus.com/bid/106447
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16014&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16014 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16014
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16016&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16016 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16016
> BID http://www.securityfocus.com/bid/106172
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16018&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16018 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16018
> BID http://www.securityfocus.com/bid/106449
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16021&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16021 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16021
> BID http://www.securityfocus.com/bid/106158
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16025&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16025 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16025
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16026&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16026 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16026
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16036&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-16036 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16036
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16037&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-16037 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16037
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16039&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-16039 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16039
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16040&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-16040 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16040
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16044&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16044 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16044
> BID http://www.securityfocus.com/bid/106165
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16045&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16045 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16045
> BID http://www.securityfocus.com/bid/106165
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16046&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-16046 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16046
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19698&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19698 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19698
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19700&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19700 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19700
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19702&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19702 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19702
> BID http://www.securityfocus.com/bid/106172
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19707&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19707 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19707
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19708&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19708 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19708
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19713&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-19713 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19713
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19715&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-19715 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19715
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19716&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2018-19716 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19716
> BID http://www.securityfocus.com/bid/106158
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19720&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-19720 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19720
> BID http://www.securityfocus.com/bid/106161
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> ca -- service_desk_manager CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. 2019-01-22 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19635&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2018-19635 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19635
> BID http://www.securityfocus.com/bid/106689
> CONFIRM https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html
> cisco -- vsmart_controller A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user. 2019-01-24 9.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1651&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C) CVE-2019-1651 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1651
> BID http://www.securityfocus.com/bid/106703
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
> golang -- go Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. 2019-01-24 7.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6486&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2019-6486 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6486
> CONFIRM https://github.com/golang/go/commit/42b42f71cf8f5956c09e66230293dfb5db652360
> CONFIRM https://github.com/golang/go/issues/29903
> CONFIRM https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw
> hotels_server_project -- hotels_server Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. 2019-01-20 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6497&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2019-6497 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6497
> MISC https://github.com/FantasticLBP/Hotels_Server/issues/1
> identicard -- premisys_id Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. 2019-01-18 9.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3906&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C) CVE-2019-3906 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3906
> BID http://www.securityfocus.com/bid/106552
> MISC https://www.tenable.com/security/research/tra-2019-01
> identicard -- premisys_id Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention. 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3909&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2019-3909 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3909
> BID http://www.securityfocus.com/bid/106552
> MISC https://www.tenable.com/security/research/tra-2019-01
> opensc_project -- opensc sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. 2019-01-22 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6502&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2019-6502 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6502
> MISC https://github.com/OpenSC/OpenSC/issues/1586
> qualcomm -- mdm9206_firmware Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-01-18 8.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11279&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-11279 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11279
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130 2019-01-18 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11288&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-11288 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11288
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607 2019-01-18 8.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11993&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-11993 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11993
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 2019-01-18 7.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11998&vector=(AV:A/AC:M/Au:N/C:C/I:C/A:C) CVE-2018-11998 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11998
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 2019-01-18 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5867&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5867 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5867
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810 2019-01-18 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5869&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5869 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5869
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660 2019-01-18 8.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5879&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5879 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5879
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660 2019-01-18 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5880&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5880 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5880
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660 2019-01-18 8.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5881&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5881 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5881
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9607_firmware Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 2019-01-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5915&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5915 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5915
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- msm8996au_firmware Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130 2019-01-18 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5868&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2018-5868 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5868
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> s-cms -- s-cms SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. 2019-01-25 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6805&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2019-6805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6805
> MISC https://github.com/0FuzzingQ/vuln/blob/master/s-cms
> Back to top https://www.us-cert.gov#top
>
>
>
>
> Medium Vulnerabilities
>
> Primary
> Vendor -- Product Description Published CVSS Score Source & Patch Info
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15984&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15984 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15984
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15985&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15985 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15985
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15986&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15986 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15986
> BID http://www.securityfocus.com/bid/106160
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15989&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15989 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15989
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15995&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15995 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15995
> BID http://www.securityfocus.com/bid/106160
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15996&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15996 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15996
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15997&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-15997 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15997
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16001&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16001 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16001
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16002&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16002 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16002
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16005&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16005 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16005
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16006&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16006 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16006
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16007&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16007 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16007
> BID http://www.securityfocus.com/bid/106160
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16009&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16009 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16009
> BID http://www.securityfocus.com/bid/106160
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16010&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16010 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16010
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16012&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16012 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16012
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16013&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16013 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16013
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16015&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16015 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16015
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16017&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16017 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16017
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16019&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16019
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16020&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16020 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16020
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16022&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16022 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16022
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16023&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16023 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16023
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16024&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16024 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16024
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16027&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-16027 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16027
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16028&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16028 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16028
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16029&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-16029 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16029
> BID http://www.securityfocus.com/bid/106164
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16030&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16030 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16030
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16031&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16031 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16031
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16032&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16032 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16032
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16033&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16033 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16033
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16034&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16034 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16034
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16035&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16035 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16035
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16038&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16038 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16038
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16041&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16041 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16041
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16042&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16042 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16042
> BID http://www.securityfocus.com/bid/106159
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16043&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-16043 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16043
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16047&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-16047 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16047
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19699&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19699 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19699
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19701&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19701 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19701
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19703&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19703 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19703
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19704&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19704 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19704
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19705&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19705 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19705
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19706&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19706 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19706
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19709&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19709 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19709
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19710&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19710 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19710
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19711&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19711 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19711
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19712&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19712 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19712
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19714&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19714 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19714
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19717&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19717 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19717
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19719&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-19719 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19719
> BID http://www.securityfocus.com/bid/106162
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
> adobe -- acrobat Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19722&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19722 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19722
> CONFIRM https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
> adobe -- connect Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19718&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19718 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19718
> BID http://www.securityfocus.com/bid/106469
> CONFIRM https://helpx.adobe.com/security/products/connect/apsb19-05.html
> adobe -- digital_editions Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-12817&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-12817 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12817
> BID http://www.securityfocus.com/bid/106472
> CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html
> apache -- airflow In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. 2019-01-23 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-15720&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-15720 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15720
> MISC https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E
> apache -- airflow In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-17835&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-17835 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17835
> MISC https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E
> apache -- airflow In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system. 2019-01-23 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-17836&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-17836 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17836
> MISC https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E
> audiocoding -- freeware_advanced_audio_decoder_2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. 2019-01-25 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6956&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2019-6956 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6956
> MISC https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md
> MISC https://sourceforge.net/p/faac/bugs/240/
> ca -- service_desk_manager CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. 2019-01-22 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19634&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-19634 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19634
> BID http://www.securityfocus.com/bid/106689
> CONFIRM https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html
> chshcms -- cscms Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. 2019-01-24 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6779&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE-2019-6779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6779
> MISC https://github.com/chshcms/cscms/issues/3
> cisco -- firepower_management_center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1642&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2019-1642 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1642
> BID http://www.securityfocus.com/bid/106714
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss
> cisco -- prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1643&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2019-1643 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1643
> BID http://www.securityfocus.com/bid/106702
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss
> creditease-sec -- insight An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. 2019-01-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6507&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2019-6507 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6507
> MISC https://github.com/creditease-sec/insight/issues/42
> creditease-sec -- insight An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. 2019-01-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6508&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2019-6508 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6508
> MISC https://github.com/creditease-sec/insight/issues/42
> creditease-sec -- insight An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. 2019-01-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6509&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2019-6509 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6509
> MISC https://github.com/creditease-sec/insight/issues/42
> creditease-sec -- insight An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. 2019-01-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6510&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2019-6510 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6510
> MISC https://github.com/creditease-sec/insight/issues/42
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17625&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17625 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17625
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1094/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Validate events of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6439. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17626&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17626 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17626
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1181/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6455. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17627&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17627 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17627
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1218/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA setInterval method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6458. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17628&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17628 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17628
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1230/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6614. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17629&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17629 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17629
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1160/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17630&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17630 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17630
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1158/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6500. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17631&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17631 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17631
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1195/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17632&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17632 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17632
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1207/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17633&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17633 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17633
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1202/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the attachIcon property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6499. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17634&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17634 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17634
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1200/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17635&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17635 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17635
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1177/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id property of a aliasNode. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6472. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17636&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17636 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17636
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1209/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the loadXML method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6473. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17637&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17637 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17637
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1175/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6474. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17638&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17638 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17638
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1191/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setElement method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6475. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17639&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17639 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17639
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1212/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Form count property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6477. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17640&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17640 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17640
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1217/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the deleteItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6478. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17641&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17641 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17641
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1221/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the colSpan property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6479. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17642&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17642 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17642
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1225/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17643&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17643 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17643
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1229/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17644&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17644 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17644
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1197/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17645&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17645 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17645
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1152/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6483. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17646&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17646 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17646
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1156/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the boundItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6484. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17647&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17647 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17647
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1154/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rotate property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6485. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17648&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17648 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17648
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1149/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNodes method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6487. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17650&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17650 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17650
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1201/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getItemState method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6501. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17651&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17651 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17651
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1228/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17652&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17652 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17652
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1222/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17653&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17653 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17653
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1220/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the insertInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6504. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17654&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17654 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17654
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1216/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17655&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17655 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17655
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1211/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17656&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17656 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17656
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1210/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17657&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17657 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17657
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1203/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the respose property of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6509. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17658&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17658 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17658
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1226/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the title property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6511. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17659&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17659
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1206/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17660&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17660 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17660
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1193/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the messageBox method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6513. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17661&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17661 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17661
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1190/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17662&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17662 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17662
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1188/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17663&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17663 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17663
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1184/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isCompatibleNS method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6518. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17664&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17664 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17664
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1179/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the currentPage property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6519. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17665&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17665 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17665
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1178/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17666&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17666 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17666
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1174/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17667&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17667 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17667
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1171/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeAttribute method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6522. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17668&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17668
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1168/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17669&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17669 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17669
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1166/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the content property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6524. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17670&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17670 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17670
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1163/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17671&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17671 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17671
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1150/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array indices. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6817. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17672&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17672 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17672
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1159/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17673&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17673 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17673
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1192/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17674&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17674 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17674
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1165/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17675&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17675 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17675
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1194/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17676&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17676 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17676
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1153/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mailDoc method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6850. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17677&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17677 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17677
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1164/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17678&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17678 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17678
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1172/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6890. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17679&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17679
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1180/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17680&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17680
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1189/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getPageBox method of a Form. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7141. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17681&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17681 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17681
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1196/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17682&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17682 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17682
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1151/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17683&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17683 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17683
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1157/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isPropertySpecified method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6470. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17684&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17684 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17684
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1214/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17685&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17685 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17685
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1204/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844. 2019-01-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17686&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2018-17686 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17686
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1185/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17687&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17687 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17687
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1169/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17688&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17688 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17688
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1155/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7070. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17689&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17689 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17689
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1205/
> foxitsoftware -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7129. 2019-01-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17692&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2018-17692 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17692
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1176/
> ibm -- financial_transaction_manager IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552. 2019-01-23 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-2026&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) CVE-2018-2026 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-2026
> CONFIRM http://www.ibm.com/support/docview.wss?uid=ibm10795536
> CONFIRM http://www.ibm.com/support/docview.wss?uid=ibm10795544
> XF https://exchange.xforce.ibmcloud.com/vulnerabilities/155552
> ibm -- security_identity_manager IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265. 2019-01-18 5.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-2019&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:P) CVE-2018-2019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-2019
> BID http://www.securityfocus.com/bid/106657
> XF https://exchange.xforce.ibmcloud.com/vulnerabilities/155265
> CONFIRM https://www.ibm.com/support/docview.wss?uid=ibm10794615
> ibm -- security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. 2019-01-23 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-1751&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2018-1751 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1751
> CONFIRM http://www.ibm.com/support/docview.wss?uid=ibm10791829
> XF https://exchange.xforce.ibmcloud.com/vulnerabilities/148512
> identicard -- premisys_id Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3907&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2019-3907 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3907
> BID http://www.securityfocus.com/bid/106552
> MISC https://www.tenable.com/security/research/tra-2019-01
> identicard -- premisys_id Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. 2019-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3908&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2019-3908 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3908
> BID http://www.securityfocus.com/bid/106552
> MISC https://www.tenable.com/security/research/tra-2019-01
> labapart -- gattlib GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused. 2019-01-21 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6498&vector=(AV:A/AC:L/Au:N/C:P/I:P/A:P) CVE-2019-6498 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6498
> MISC https://github.com/labapart/gattlib/issues/81
> MISC https://github.com/labapart/gattlib/issues/82
> EXPLOIT-DB https://www.exploit-db.com/exploits/46215/
> lua -- lua Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. 2019-01-23 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6706&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2019-6706 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6706
> MISC http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
> EXPLOIT-DB https://www.exploit-db.com/exploits/46246/
> phpshe -- phpshe PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. 2019-01-23 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6707&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2019-6707 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6707
> MISC https://github.com/kk98kk0/exploit/issues/1
> phpshe -- phpshe PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. 2019-01-23 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6708&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2019-6708 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6708
> MISC https://github.com/kk98kk0/exploit/issues/2
> phpwind -- phpwind phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. 2019-01-23 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6691&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2019-6691 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6691
> MISC https://github.com/Veeeooo/phpwind/blob/master/README.md
> python -- pypiserver CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. 2019-01-24 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6802&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2019-6802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6802
> MISC https://github.com/pypiserver/pypiserver/issues/237
> qualcomm -- mdm9206_firmware Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. 2019-01-18 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8276&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-8276 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8276
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9206_firmware Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24 2019-01-18 4.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11999&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C) CVE-2018-11999 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11999
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> typora -- typora typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. 2019-01-25 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6803&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2019-6803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6803
> MISC https://github.com/typora/typora-issues/issues/2124
> zoneminder -- zoneminder An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. 2019-01-24 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6777&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2019-6777 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6777
> MISC https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
> MISC https://github.com/ZoneMinder/zoneminder/issues/2436
> Back to top https://www.us-cert.gov#top
>
>
>
>
> Low Vulnerabilities
>
> Primary
> Vendor -- Product Description Published CVSS Score Source & Patch Info
> qualcomm -- mdm9206_firmware Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130 2019-01-18 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-3595&vector=(AV:L/AC:L/Au:N/C:N/I:P/A:N) CVE-2018-3595 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3595
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> qualcomm -- mdm9607_firmware Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 2019-01-18 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18332&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-18332 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18332
> BID http://www.securityfocus.com/bid/106128
> CONFIRM https://www.qualcomm.com/company/product-security/bulletins
> Back to top https://www.us-cert.gov#top
>
>
>
>
> Severity Not Yet Assigned
>
> Primary
> Vendor -- Product Description Published CVSS Score Source & Patch Info
> apache -- airflow
> The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. 2019-01-23 not yet calculated CVE-2018-20245 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20245
> MISC https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E
> aspeed -- ast2400_and_ast2500_baseboard_management_controllers The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. 2019-01-22 not yet calculated CVE-2019-6260 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6260
> MISC https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
> atlassian -- universal_plugin_manager The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. 2019-01-18 not yet calculated CVE-2018-20233 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20233
> BID http://www.securityfocus.com/bid/106661
> CONFIRM https://ecosystem.atlassian.net/browse/UPM-5964
> avaya -- ip_office A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1. 2019-01-23 not yet calculated CVE-2018-15614 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15614
> CONFIRM https://downloads.avaya.com/css/P8/documents/101054317
> axway -- file_transfer_direct In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. 2019-01-21 not yet calculated CVE-2019-6500 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6500
> MISC https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md
> MISC https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html
> bento4 -- bento4
> An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. 2019-01-25 not yet calculated CVE-2019-6966 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6966
> MISC https://github.com/axiomatic-systems/Bento4/issues/361
> broadcom -- brocade_network_advisor A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. 2019-01-22 not yet calculated CVE-2018-6443 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6443
> CONFIRM https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743
> broadcom -- brocade_network_advisor A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords. 2019-01-22 not yet calculated CVE-2018-6445 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6445
> CONFIRM https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-745
> broadcom -- brocade_network_advisor A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. 2019-01-22 not yet calculated CVE-2018-6444 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6444
> CONFIRM https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744
> chatopera -- cosin There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method. 2019-01-22 not yet calculated CVE-2019-6503 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6503
> CONFIRM https://github.com/chatopera/cosin/issues/177
> cisco -- amp_threat_grid A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials. 2019-01-24 not yet calculated CVE-2019-1657 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1657
> BID http://www.securityfocus.com/bid/106711
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid
> cisco -- enterprise_nfv_infrastructure_software A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH. 2019-01-24 not yet calculated CVE-2019-1656 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1656
> BID http://www.securityfocus.com/bid/106715
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access
> cisco -- firepower_threat_defense A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software. 2019-01-24 not yet calculated CVE-2019-1669 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1669
> BID http://www.securityfocus.com/bid/106721
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass
> cisco -- identity_services_engine A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal. 2019-01-23 not yet calculated CVE-2018-15455 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15455
> BID http://www.securityfocus.com/bid/106708
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss
> cisco -- identity_services_engine A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system. 2019-01-23 not yet calculated CVE-2018-0187 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-0187
> BID http://www.securityfocus.com/bid/106717
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure
> cisco -- identity_services_engine A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account. 2019-01-23 not yet calculated CVE-2018-15459 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15459
> BID http://www.securityfocus.com/bid/106707
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege
> cisco -- iot_field_network_director A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition. 2019-01-23 not yet calculated CVE-2019-1644 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1644
> BID http://www.securityfocus.com/bid/106709
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos
> cisco -- multiple_webex_products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. 2019-01-23 not yet calculated CVE-2019-1640 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1640
> BID http://www.securityfocus.com/bid/106704
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
> cisco -- multiple_webex_products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. 2019-01-23 not yet calculated CVE-2019-1641 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1641
> BID http://www.securityfocus.com/bid/106704
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
> cisco -- multiple_webex_products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. 2019-01-23 not yet calculated CVE-2019-1637 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1637
> BID http://www.securityfocus.com/bid/106704
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
> cisco -- multiple_webex_products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. 2019-01-23 not yet calculated CVE-2019-1638 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1638
> BID http://www.securityfocus.com/bid/106704
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
> cisco -- multiple_webex_products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. 2019-01-23 not yet calculated CVE-2019-1639 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1639
> BID http://www.securityfocus.com/bid/106704
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
> cisco -- sd-wan_solution A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. 2019-01-24 not yet calculated CVE-2019-1647 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1647
> BID http://www.securityfocus.com/bid/106705
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess
> cisco -- sd-wan_solution A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. 2019-01-24 not yet calculated CVE-2019-1648 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1648
> BID http://www.securityfocus.com/bid/106719
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal
> cisco -- sd-wan_solution A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. 2019-01-24 not yet calculated CVE-2019-1650 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1650
> BID http://www.securityfocus.com/bid/106716
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write
> cisco -- sd-wan_solution A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device. 2019-01-24 not yet calculated CVE-2019-1646 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1646
> BID http://www.securityfocus.com/bid/106723
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
> cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA. 2019-01-20 not yet calculated CVE-2019-6496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6496
> MISC https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
> MISC https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
> cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. 2019-01-24 not yet calculated CVE-2019-1652 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1652
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
> EXPLOIT-DB https://www.exploit-db.com/exploits/46243/
> cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. 2019-01-24 not yet calculated CVE-2019-1653 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1653
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
> cisco -- socialminer A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-24 not yet calculated CVE-2019-1668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1668
> BID http://www.securityfocus.com/bid/106720
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss
> cisco -- unified_intelligence_center A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. 2019-01-24 not yet calculated CVE-2019-1658 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1658
> BID http://www.securityfocus.com/bid/106713
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf
> cisco -- webex_meetings_server A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-24 not yet calculated CVE-2019-1655 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1655
> BID http://www.securityfocus.com/bid/106710
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss
> cisco -- webex_teams A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. 2019-01-23 not yet calculated CVE-2019-1636 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1636
> BID http://www.securityfocus.com/bid/106718
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams
> cisco_connected_mobile_experiences A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks. 2019-01-24 not yet calculated CVE-2019-1645 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1645
> BID http://www.securityfocus.com/bid/106701
> CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl
> drupal -- drupal In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. 2019-01-22 not yet calculated CVE-2019-6339 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6339
> DEBIAN https://www.debian.org/security/2019/dsa-4370
> CONFIRM https://www.drupal.org/sa-core-2019-002
> drupal -- drupal In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details 2019-01-22 not yet calculated CVE-2019-6338 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6338
> BID http://www.securityfocus.com/bid/106706
> DEBIAN https://www.debian.org/security/2019/dsa-4370
> CONFIRM https://www.drupal.org/sa-core-2019-001
> drupal -- drupal In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them. 2019-01-22 not yet calculated CVE-2017-6923 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6923
> BID http://www.securityfocus.com/bid/100368
> SECTRACK http://www.securitytracker.com/id/1039200
> CONFIRM https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
> drupal -- drupal
> In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. 2019-01-22 not yet calculated CVE-2017-6922 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6922
> BID http://www.securityfocus.com/bid/99219
> SECTRACK http://www.securitytracker.com/id/1038781
> DEBIAN https://www.debian.org/security/2017/dsa-3897
> CONFIRM https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
> emerson -- deltav_distributed_control_system_workstations A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. 2019-01-25 not yet calculated CVE-2018-19021 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19021
> BID http://www.securityfocus.com/bid/106522
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01
> epic_games -- epic_games_launcher This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-7241. 2019-01-23 not yet calculated CVE-2018-17707 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17707
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1359/
> foreman -- foreman An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions. 2019-01-22 not yet calculated CVE-2018-14666 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14666
> BID http://www.securityfocus.com/bid/106490
> CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666
> fortinet -- fortios A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. 2019-01-22 not yet calculated CVE-2018-13374 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13374
> CONFIRM https://fortiguard.com/advisory/FG-IR-18-157
> EXPLOIT-DB https://www.exploit-db.com/exploits/46171/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252. 2019-01-23 not yet calculated CVE-2018-17702 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17702
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1183/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAttribute method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6486. 2019-01-23 not yet calculated CVE-2018-17649 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17649
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1148/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073. 2019-01-23 not yet calculated CVE-2018-17699 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17699
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1213/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the defaultValue property of ComboBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7253. 2019-01-23 not yet calculated CVE-2018-17703 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17703
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1162/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254. 2019-01-23 not yet calculated CVE-2018-17704 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17704
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1208/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170. 2019-01-23 not yet calculated CVE-2018-17697 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17697
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1215/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169. 2019-01-23 not yet calculated CVE-2018-17696 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17696
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1223/
> foxit_software -- foxit_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255. 2019-01-23 not yet calculated CVE-2018-17705 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17705
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1198/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067. 2019-01-23 not yet calculated CVE-2018-17698 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17698
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1219/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103. 2019-01-23 not yet calculated CVE-2018-17690 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17690
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1161/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128. 2019-01-23 not yet calculated CVE-2018-17691 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17691
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1167/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138. 2019-01-23 not yet calculated CVE-2018-17694 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17694
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1224/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145. 2019-01-23 not yet calculated CVE-2018-17695 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17695
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1199/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132. 2019-01-23 not yet calculated CVE-2018-17701 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17701
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1147/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131. 2019-01-23 not yet calculated CVE-2018-17700 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17700
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1146/
> foxit_software -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7130. 2019-01-23 not yet calculated CVE-2018-17693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17693
> CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
> MISC https://www.zerodayinitiative.com/advisories/ZDI-18-1182/
> gnu -- c_library The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. 2019-01-18 not yet calculated CVE-2019-6488 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6488
> BID http://www.securityfocus.com/bid/106671
> MISC https://sourceware.org/bugzilla/show_bug.cgi?id=24097
> gnu -- c_library In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. 2019-01-21 not yet calculated CVE-2016-10739 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10739
> BID http://www.securityfocus.com/bid/106672
> MISC https://bugzilla.redhat.com/show_bug.cgi?id=1347549
> MISC https://sourceware.org/bugzilla/show_bug.cgi?id=20018
> hetronic -- nova-m Hetronic Nova-M radio control systems prior to version r161 use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. 2019-01-25 not yet calculated CVE-2018-19023 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19023
> BID http://www.securityfocus.com/bid/106448
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03
> ibm -- security_identity_manager_virtual_appliance IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. 2019-01-24 not yet calculated CVE-2018-1959 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1959
> XF https://exchange.xforce.ibmcloud.com/vulnerabilities/153633
> CONFIRM https://www.ibm.com/support/docview.wss?uid=ibm10796380
> jenkins -- jenkins An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. 2019-01-22 not yet calculated CVE-2019-1003004 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003004
> BID http://www.securityfocus.com/bid/106680
> CONFIRM https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
> jenkins -- jenkins A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-01-22 not yet calculated CVE-2019-1003002 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003002
> CONFIRM https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
> jenkins -- jenkins A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-01-22 not yet calculated CVE-2019-1003001 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003001
> CONFIRM https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
> jenkins -- jenkins A sandbox bypass vulnerability exists in Script Security Plugin 2.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. 2019-01-22 not yet calculated CVE-2019-1003000 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003000
> CONFIRM https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
> jenkins -- jenkins An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. 2019-01-22 not yet calculated CVE-2019-1003003 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003003
> BID http://www.securityfocus.com/bid/106680
> CONFIRM https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
> jenkins -- jenkins
> A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. 2019-01-23 not yet calculated CVE-2018-1000997 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000997
> CONFIRM https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867
> lenovo -- thinkpads In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. 2019-01-24 not yet calculated CVE-2018-16098 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16098
> CONFIRM https://support.lenovo.com/us/en/solutions/LEN-24573
> libgd -- libgd gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. 2019-01-26 not yet calculated CVE-2019-6977 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6977
> MISC http://php.net/ChangeLog-5.php
> MISC http://php.net/ChangeLog-7.php
> MISC https://bugs.php.net/bug.php?id=77270
> libiec61850 -- libiec61850
> An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c. 2019-01-23 not yet calculated CVE-2019-6719 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6719
> MISC https://github.com/mz-automation/libiec61850/issues/111
> libvips -- libvips
> libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. 2019-01-26 not yet calculated CVE-2019-6976 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6976
> MISC https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
> MISC https://github.com/libvips/libvips/releases/tag/v8.7.4
> linux -- linux_kernel A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. 2019-01-25 not yet calculated CVE-2019-3819 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3819
> CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
> mcafee -- mvision_endpoint Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors. 2019-01-23 not yet calculated CVE-2019-3584 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3584
> CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10265
> mcafee -- total_protection DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. 2019-01-23 not yet calculated CVE-2019-3587 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3587
> MISC http://service.mcafee.com/FAQDocument.aspx?&id=TS102887
> mumble -- mumble
> murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. 2019-01-25 not yet calculated CVE-2018-20743 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20743
> MISC https://bugs.debian.org/919249
> MISC https://github.com/mumble-voip/mumble/issues/3505
> MISC https://github.com/mumble-voip/mumble/pull/3510
> MISC https://github.com/mumble-voip/mumble/pull/3512
> netapp -- clustered_data_ontap
> Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. 2019-01-24 not yet calculated CVE-2018-5497 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5497
> CONFIRM https://security.netapp.com/advisory/ntap-20190109-0001/
> norton -- app_lock Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. 2019-01-24 not yet calculated CVE-2018-18363 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18363
> BID http://www.securityfocus.com/bid/106450
> CONFIRM https://support.symantec.com/en_US/article.SYMSA1473.html
> omron -- cx-supervisor Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. 2019-01-22 not yet calculated CVE-2018-19017 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19017
> BID http://www.securityfocus.com/bid/106654
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
> omron -- cx-supervisor An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. 2019-01-22 not yet calculated CVE-2018-19013 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19013
> BID http://www.securityfocus.com/bid/106654
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
> omron -- cx-supervisor A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. 2019-01-22 not yet calculated CVE-2018-19019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19019
> BID http://www.securityfocus.com/bid/106654
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
> omron -- cx-supervisor
> CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. 2019-01-22 not yet calculated CVE-2018-19011 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19011
> BID http://www.securityfocus.com/bid/106654
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01
> phpmyadmin -- phpmyadmin An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. 2019-01-26 not yet calculated CVE-2019-6799 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6799
> CONFIRM https://www.phpmyadmin.net/security/PMASA-2019-1/
> phpmyadmin -- phpmyadmin
> An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. 2019-01-26 not yet calculated CVE-2019-6798 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6798
> CONFIRM https://www.phpmyadmin.net/security/PMASA-2019-2/
> pilz -- pnozmulti_configurator Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. 2019-01-25 not yet calculated CVE-2018-19009 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19009
> BID http://www.securityfocus.com/bid/106529
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03
> postgresql -- postgresql PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. 2019-01-25 not yet calculated CVE-2017-18359 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18359
> MISC https://trac.osgeo.org/postgis/changeset/15444
> MISC https://trac.osgeo.org/postgis/changeset/15445
> MISC https://trac.osgeo.org/postgis/ticket/3704
> rockwell_automation -- factorytalk_services_platform In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. 2019-01-24 not yet calculated CVE-2018-18981 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18981
> BID http://www.securityfocus.com/bid/106279
> MISC https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02
> rsyslog -- rsyslog
> A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. 2019-01-25 not yet calculated CVE-2018-16881 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16881
> CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881
> rundeck -- rundeck_community_edition An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. 2019-01-25 not yet calculated CVE-2019-6804 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6804
> MISC https://docs.rundeck.com/docs/history/version-3.0.13.html
> MISC https://github.com/rundeck/rundeck/issues/4406
> sky -- go_desktop_application The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username. 2019-01-20 not yet calculated CVE-2018-18908 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18908
> MISC https://blog.sean-wright.com/sky/
> symantec -- reporter The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges. 2019-01-24 not yet calculated CVE-2018-12237 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12237
> BID http://www.securityfocus.com/bid/106518
> CONFIRM https://support.symantec.com/en_US/article.SYMSA1465.html
> teradata -- viewpoint Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. 2019-01-21 not yet calculated CVE-2019-6499 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6499
> MISC https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Teradata%20Viewpoint%20Hardcoded%20Password%20Vulnerability.md
> MISC https://inf0seq.github.io/cve/2019/01/20/Teradata-Viewpoint-Hardcoded-Password-Vulnerability.html
> thinkcmf -- thinkcmf
> app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. 2019-01-23 not yet calculated CVE-2019-6713 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6713
> MISC http://www.ttk7.cn/post-108.html
> uc_berkeley -- rise_opaque An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write. 2019-01-24 not yet calculated CVE-2018-20742 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20742
> MISC https://github.com/ucbrise/opaque/commit/5ddda15d89f5ac82f4416208c5319ace4aecdc36
> MISC https://github.com/ucbrise/opaque/issues/66
> wordpress -- wordpress The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. 2019-01-24 not yet calculated CVE-2019-6780 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6780
> MISC https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php
> MISC https://wordpress.org/plugins/wise-chat/#developers
> EXPLOIT-DB https://www.exploit-db.com/exploits/46247/
> wordpress -- wordpress
> Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. 2019-01-26 not yet calculated CVE-2019-6703 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6703
> MISC https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/
> Back to top https://www.us-cert.gov#top
> ---------------------------------------------
>
> This product is provided subject to this Notification http://www.us-cert.gov/privacy/notification and this Privacy & Use http://www.us-cert.gov/privacy/ policy.
>
>
>
> ---------------------------------------------
> A copy of this publication is available at www.us-cert.gov https://www.us-cert.gov . If you need help or have questions, please send an email to info at us-cert.gov mailto:info at us-cert.gov . Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT at ncas.us-cert.gov to your address book.
> OTHER RESOURCES:
> Contact Us http://www.us-cert.gov/contact-us/ | Security Publications http://www.us-cert.gov/security-publications | Alerts and Tips http://www.us-cert.gov/ncas | Related Resources http://www.us-cert.gov/related-resources
> STAY CONNECTED:
> [Sign up for email updates] http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
>
> SUBSCRIBER SERVICES:
> Manage Preferences http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true | Unsubscribe https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net | Help https://subscriberhelp.govdelivery.com/
>
>
> ---------------------------------------------
> This email was sent to w3hwn at arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 [GovDelivery logo] https://subscriberhelp.granicus.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20190128/8bd1fd88/attachment-0001.html>
More information about the Tacos
mailing list