<!DOCTYPE html>
<html><head>
    <meta charset="UTF-8">
</head><body><p style="font-size: 14pt; font-family: "times new roman", times; color: rgb(0, 0, 0);"><br></p><blockquote type="cite">SB19-028: Vulnerability Summary for the Week of January 21, 2019 ---------- Original Message ---------- <br>From: US-CERT <US-CERT@ncas.us-cert.gov> <br>To: w3hwn@arrl.net <br>Date: January 28, 2019 at 6:22 PM <br>Subject: SB19-028: Vulnerability Summary for the Week of January 21, 2019 <br> <br><table width="700" border="0" cellspacing="0" cellpadding="0" align="center" style="border-collapse: collapse;" class="mce-item-table"><tbody><tr><td style="padding: 0px;"><a id="ox-9970d000fb-gd_top" name="gd_top" class="mce-item-anchor"></a><p><img src="http://content.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2015/11/675988/us-cert-banner-700x100-2_original.png" alt="U.S. Department of Homeland Security US-CERT" width="700" height="100" style="width: 700px; height: 100px;"></p><p>National Cyber Awareness System:</p><p> </p><div class="ox-9970d000fb-rss_item" style="margin-bottom: 2em;"><div class="ox-9970d000fb-rss_title" style="font-weight: bold; font-size: 120%; margin: 0 0 0.3em; padding: 0;"><a href="https://www.us-cert.gov/ncas/bulletins/SB19-028">SB19-028: Vulnerability Summary for the Week of January 21, 2019</a></div><div class="ox-9970d000fb-rss_pub_date" style="font-size: 90%; font-style: italic; color: #666666; margin: 0 0 0.3em; padding: 0;">01/28/2019 05:36 AM EST</div><br><div class="ox-9970d000fb-rss_description" style="margin: 0 0 0.3em; padding: 0;">Original release date: January 28, 2019 <br><p>The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the <a href="http://www.nist.gov">National Institute of Standards and Technology</a> (NIST) <a href="http://nvd.nist.gov">National Vulnerability Database</a> (NVD) in the past week. The NVD is sponsored by the <a href="http://www.dhs.gov">Department of Homeland Security</a> (DHS) <a href="https://www.us-cert.gov/nccic">National Cybersecurity and Communications Integration Center</a> (NCCIC) / <a href="https://www.us-cert.gov">United States Computer Emergency Readiness Team</a> (US-CERT). For modified or updated entries, please visit the <a href="http://nvd.nist.gov" target="_blank" rel="noopener">NVD</a>, which contains historical vulnerability information.</p><p>The vulnerabilities are based on the <a href="http://cve.mitre.org/" target="_blank" rel="noopener">CVE</a> vulnerability naming standard and are organized according to severity, determined by the <a href="http://nvd.nist.gov/cvss.cfm" target="_blank" rel="noopener">Common Vulnerability Scoring System</a> (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:</p><ul><li><p><strong><a href="#high">High</a></strong> - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0</p></li><li><p><strong><a href="#medium">Medium</a></strong> - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9</p></li><li><p><strong><a href="#low">Low</a></strong> - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9</p></li></ul><p>Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.</p><p>The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) <a href="https://nvd.nist.gov/vuln/search">National Vulnerability Database</a> (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.</p><p><a id="ox-9970d000fb-high" name="high" class="mce-item-anchor"></a> </p><h2 id="ox-9970d000fb-high_v_title">High Vulnerabilities</h2><table border="1" summary="High Vulnerabilities" align="center"><thead><tr><th class="ox-9970d000fb-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-12830&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12830" target="_blank" rel="noopener">CVE-2018-12830</a><br><a href="http://www.securityfocus.com/bid/106158" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15987&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15987" target="_blank" rel="noopener">CVE-2018-15987</a><br><a href="http://www.securityfocus.com/bid/106163" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15988&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15988" target="_blank" rel="noopener">CVE-2018-15988</a><br><a href="http://www.securityfocus.com/bid/106172" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15990&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15990" target="_blank" rel="noopener">CVE-2018-15990</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15991&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15991" target="_blank" rel="noopener">CVE-2018-15991</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15992&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15992" target="_blank" rel="noopener">CVE-2018-15992</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15993&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15993" target="_blank" rel="noopener">CVE-2018-15993</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15994&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15994" target="_blank" rel="noopener">CVE-2018-15994</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15998&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15998" target="_blank" rel="noopener">CVE-2018-15998</a><br><a href="http://www.securityfocus.com/bid/106163" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15999&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15999" target="_blank" rel="noopener">CVE-2018-15999</a><br><a href="http://www.securityfocus.com/bid/106172" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16000&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16000" target="_blank" rel="noopener">CVE-2018-16000</a><br><a href="http://www.securityfocus.com/bid/106172" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16003&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16003" target="_blank" rel="noopener">CVE-2018-16003</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16004&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16004" target="_blank" rel="noopener">CVE-2018-16004</a><br><a href="http://www.securityfocus.com/bid/106161" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16008&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16008" target="_blank" rel="noopener">CVE-2018-16008</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16011&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16011" target="_blank" rel="noopener">CVE-2018-16011</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="http://www.securityfocus.com/bid/106447" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16014&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16014" target="_blank" rel="noopener">CVE-2018-16014</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16016&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16016" target="_blank" rel="noopener">CVE-2018-16016</a><br><a href="http://www.securityfocus.com/bid/106172" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16018&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16018" target="_blank" rel="noopener">CVE-2018-16018</a><br><a href="http://www.securityfocus.com/bid/106449" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16021&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16021" target="_blank" rel="noopener">CVE-2018-16021</a><br><a href="http://www.securityfocus.com/bid/106158" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16025&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16025" target="_blank" rel="noopener">CVE-2018-16025</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16026&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16026" target="_blank" rel="noopener">CVE-2018-16026</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16036&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16036" target="_blank" rel="noopener">CVE-2018-16036</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16037&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16037" target="_blank" rel="noopener">CVE-2018-16037</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16039&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16039" target="_blank" rel="noopener">CVE-2018-16039</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16040&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16040" target="_blank" rel="noopener">CVE-2018-16040</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16044&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16044" target="_blank" rel="noopener">CVE-2018-16044</a><br><a href="http://www.securityfocus.com/bid/106165" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16045&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16045" target="_blank" rel="noopener">CVE-2018-16045</a><br><a href="http://www.securityfocus.com/bid/106165" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16046&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16046" target="_blank" rel="noopener">CVE-2018-16046</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19698&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19698" target="_blank" rel="noopener">CVE-2018-19698</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19700&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19700" target="_blank" rel="noopener">CVE-2018-19700</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19702&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19702" target="_blank" rel="noopener">CVE-2018-19702</a><br><a href="http://www.securityfocus.com/bid/106172" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19707&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19707" target="_blank" rel="noopener">CVE-2018-19707</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19708&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19708" target="_blank" rel="noopener">CVE-2018-19708</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19713&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19713" target="_blank" rel="noopener">CVE-2018-19713</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19715&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19715" target="_blank" rel="noopener">CVE-2018-19715</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19716&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19716" target="_blank" rel="noopener">CVE-2018-19716</a><br><a href="http://www.securityfocus.com/bid/106158" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19720&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19720" target="_blank" rel="noopener">CVE-2018-19720</a><br><a href="http://www.securityfocus.com/bid/106161" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ca -- service_desk_manager</td><td style="text-align: left;" align="left">CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19635&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19635" target="_blank" rel="noopener">CVE-2018-19635</a><br><a href="http://www.securityfocus.com/bid/106689" target="_blank" rel="noopener">BID</a><br><a href="https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- vsmart_controller</td><td style="text-align: left;" align="left">A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1651&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)" target="_blank" rel="noopener">9.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1651" target="_blank" rel="noopener">CVE-2019-1651</a><br><a href="http://www.securityfocus.com/bid/106703" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">golang -- go</td><td style="text-align: left;" align="left">Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6486&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)" target="_blank" rel="noopener">7.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6486" target="_blank" rel="noopener">CVE-2019-6486</a><br><a href="https://github.com/golang/go/commit/42b42f71cf8f5956c09e66230293dfb5db652360" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/golang/go/issues/29903" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">hotels_server_project -- hotels_server</td><td style="text-align: left;" align="left">Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.</td><td style="text-align: center;" align="center">2019-01-20</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6497&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6497" target="_blank" rel="noopener">CVE-2019-6497</a><br><a href="https://github.com/FantasticLBP/Hotels_Server/issues/1" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">identicard -- premisys_id</td><td style="text-align: left;" align="left">Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3906&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)" target="_blank" rel="noopener">9.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3906" target="_blank" rel="noopener">CVE-2019-3906</a><br><a href="http://www.securityfocus.com/bid/106552" target="_blank" rel="noopener">BID</a><br><a href="https://www.tenable.com/security/research/tra-2019-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">identicard -- premisys_id</td><td style="text-align: left;" align="left">Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3909&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3909" target="_blank" rel="noopener">CVE-2019-3909</a><br><a href="http://www.securityfocus.com/bid/106552" target="_blank" rel="noopener">BID</a><br><a href="https://www.tenable.com/security/research/tra-2019-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">opensc_project -- opensc</td><td style="text-align: left;" align="left">sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6502&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6502" target="_blank" rel="noopener">CVE-2019-6502</a><br><a href="https://github.com/OpenSC/OpenSC/issues/1586" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11279&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">8.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11279" target="_blank" rel="noopener">CVE-2018-11279</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11288&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11288" target="_blank" rel="noopener">CVE-2018-11288</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11993&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">8.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11993" target="_blank" rel="noopener">CVE-2018-11993</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11998&vector=(AV:A/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.9</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11998" target="_blank" rel="noopener">CVE-2018-11998</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5867&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5867" target="_blank" rel="noopener">CVE-2018-5867</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5869&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5869" target="_blank" rel="noopener">CVE-2018-5869</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5879&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">8.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5879" target="_blank" rel="noopener">CVE-2018-5879</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5880&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5880" target="_blank" rel="noopener">CVE-2018-5880</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5881&vector=(AV:A/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">8.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5881" target="_blank" rel="noopener">CVE-2018-5881</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9607_firmware</td><td style="text-align: left;" align="left">Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5915&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5915" target="_blank" rel="noopener">CVE-2018-5915</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- msm8996au_firmware</td><td style="text-align: left;" align="left">Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-5868&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5868" target="_blank" rel="noopener">CVE-2018-5868</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">s-cms -- s-cms</td><td style="text-align: left;" align="left">SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6805&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6805" target="_blank" rel="noopener">CVE-2019-6805</a><br><a href="https://github.com/0FuzzingQ/vuln/blob/master/s-cms" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a id="ox-9970d000fb-medium" name="medium" class="mce-item-anchor"></a> </p><h2 id="ox-9970d000fb-medium_v_title">Medium Vulnerabilities</h2><table border="1" summary="Medium Vulnerabilities" align="center"><thead><tr><th class="ox-9970d000fb-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15984&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15984" target="_blank" rel="noopener">CVE-2018-15984</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15985&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15985" target="_blank" rel="noopener">CVE-2018-15985</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15986&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15986" target="_blank" rel="noopener">CVE-2018-15986</a><br><a href="http://www.securityfocus.com/bid/106160" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15989&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15989" target="_blank" rel="noopener">CVE-2018-15989</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15995&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15995" target="_blank" rel="noopener">CVE-2018-15995</a><br><a href="http://www.securityfocus.com/bid/106160" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15996&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15996" target="_blank" rel="noopener">CVE-2018-15996</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-15997&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15997" target="_blank" rel="noopener">CVE-2018-15997</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16001&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16001" target="_blank" rel="noopener">CVE-2018-16001</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16002&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16002" target="_blank" rel="noopener">CVE-2018-16002</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16005&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16005" target="_blank" rel="noopener">CVE-2018-16005</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16006&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16006" target="_blank" rel="noopener">CVE-2018-16006</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16007&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16007" target="_blank" rel="noopener">CVE-2018-16007</a><br><a href="http://www.securityfocus.com/bid/106160" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16009&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16009" target="_blank" rel="noopener">CVE-2018-16009</a><br><a href="http://www.securityfocus.com/bid/106160" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16010&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16010" target="_blank" rel="noopener">CVE-2018-16010</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16012&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16012" target="_blank" rel="noopener">CVE-2018-16012</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16013&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16013" target="_blank" rel="noopener">CVE-2018-16013</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16015&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16015" target="_blank" rel="noopener">CVE-2018-16015</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16017&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16017" target="_blank" rel="noopener">CVE-2018-16017</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16019&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16019" target="_blank" rel="noopener">CVE-2018-16019</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16020&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16020" target="_blank" rel="noopener">CVE-2018-16020</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16022&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16022" target="_blank" rel="noopener">CVE-2018-16022</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16023&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16023" target="_blank" rel="noopener">CVE-2018-16023</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16024&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16024" target="_blank" rel="noopener">CVE-2018-16024</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16027&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16027" target="_blank" rel="noopener">CVE-2018-16027</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16028&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16028" target="_blank" rel="noopener">CVE-2018-16028</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16029&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16029" target="_blank" rel="noopener">CVE-2018-16029</a><br><a href="http://www.securityfocus.com/bid/106164" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16030&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16030" target="_blank" rel="noopener">CVE-2018-16030</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16031&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16031" target="_blank" rel="noopener">CVE-2018-16031</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16032&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16032" target="_blank" rel="noopener">CVE-2018-16032</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16033&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16033" target="_blank" rel="noopener">CVE-2018-16033</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16034&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16034" target="_blank" rel="noopener">CVE-2018-16034</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16035&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16035" target="_blank" rel="noopener">CVE-2018-16035</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16038&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16038" target="_blank" rel="noopener">CVE-2018-16038</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16041&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16041" target="_blank" rel="noopener">CVE-2018-16041</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16042&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16042" target="_blank" rel="noopener">CVE-2018-16042</a><br><a href="http://www.securityfocus.com/bid/106159" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16043&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16043" target="_blank" rel="noopener">CVE-2018-16043</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-16047&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16047" target="_blank" rel="noopener">CVE-2018-16047</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19699&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19699" target="_blank" rel="noopener">CVE-2018-19699</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19701&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19701" target="_blank" rel="noopener">CVE-2018-19701</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19703&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19703" target="_blank" rel="noopener">CVE-2018-19703</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19704&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19704" target="_blank" rel="noopener">CVE-2018-19704</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19705&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19705" target="_blank" rel="noopener">CVE-2018-19705</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19706&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19706" target="_blank" rel="noopener">CVE-2018-19706</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19709&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19709" target="_blank" rel="noopener">CVE-2018-19709</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19710&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19710" target="_blank" rel="noopener">CVE-2018-19710</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19711&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19711" target="_blank" rel="noopener">CVE-2018-19711</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19712&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19712" target="_blank" rel="noopener">CVE-2018-19712</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19714&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19714" target="_blank" rel="noopener">CVE-2018-19714</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19717&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19717" target="_blank" rel="noopener">CVE-2018-19717</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19719&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19719" target="_blank" rel="noopener">CVE-2018-19719</a><br><a href="http://www.securityfocus.com/bid/106162" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- acrobat</td><td style="text-align: left;" align="left">Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19722&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19722" target="_blank" rel="noopener">CVE-2018-19722</a><br><a href="https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- connect</td><td style="text-align: left;" align="left">Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19718&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19718" target="_blank" rel="noopener">CVE-2018-19718</a><br><a href="http://www.securityfocus.com/bid/106469" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/connect/apsb19-05.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- digital_editions</td><td style="text-align: left;" align="left">Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-12817&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12817" target="_blank" rel="noopener">CVE-2018-12817</a><br><a href="http://www.securityfocus.com/bid/106472" target="_blank" rel="noopener">BID</a><br><a href="https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">apache -- airflow</td><td style="text-align: left;" align="left">In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-15720&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15720" target="_blank" rel="noopener">CVE-2017-15720</a><br><a href="https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">apache -- airflow</td><td style="text-align: left;" align="left">In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-17835&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17835" target="_blank" rel="noopener">CVE-2017-17835</a><br><a href="https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">apache -- airflow</td><td style="text-align: left;" align="left">In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-17836&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17836" target="_blank" rel="noopener">CVE-2017-17836</a><br><a href="https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">audiocoding -- freeware_advanced_audio_decoder_2</td><td style="text-align: left;" align="left">An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6956&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6956" target="_blank" rel="noopener">CVE-2019-6956</a><br><a href="https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md" target="_blank" rel="noopener">MISC</a><br><a href="https://sourceforge.net/p/faac/bugs/240/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ca -- service_desk_manager</td><td style="text-align: left;" align="left">CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19634&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19634" target="_blank" rel="noopener">CVE-2018-19634</a><br><a href="http://www.securityfocus.com/bid/106689" target="_blank" rel="noopener">BID</a><br><a href="https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">chshcms -- cscms</td><td style="text-align: left;" align="left">Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6779&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:P)" target="_blank" rel="noopener">5.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6779" target="_blank" rel="noopener">CVE-2019-6779</a><br><a href="https://github.com/chshcms/cscms/issues/3" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- firepower_management_center</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1642&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1642" target="_blank" rel="noopener">CVE-2019-1642</a><br><a href="http://www.securityfocus.com/bid/106714" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- prime_infrastructure</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1643&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1643" target="_blank" rel="noopener">CVE-2019-1643</a><br><a href="http://www.securityfocus.com/bid/106702" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">creditease-sec -- insight</td><td style="text-align: left;" align="left">An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6507&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6507" target="_blank" rel="noopener">CVE-2019-6507</a><br><a href="https://github.com/creditease-sec/insight/issues/42" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">creditease-sec -- insight</td><td style="text-align: left;" align="left">An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6508&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6508" target="_blank" rel="noopener">CVE-2019-6508</a><br><a href="https://github.com/creditease-sec/insight/issues/42" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">creditease-sec -- insight</td><td style="text-align: left;" align="left">An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6509&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6509" target="_blank" rel="noopener">CVE-2019-6509</a><br><a href="https://github.com/creditease-sec/insight/issues/42" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">creditease-sec -- insight</td><td style="text-align: left;" align="left">An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6510&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6510" target="_blank" rel="noopener">CVE-2019-6510</a><br><a href="https://github.com/creditease-sec/insight/issues/42" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17625&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17625" target="_blank" rel="noopener">CVE-2018-17625</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1094/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Validate events of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6439.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17626&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17626" target="_blank" rel="noopener">CVE-2018-17626</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1181/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6455.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17627&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17627" target="_blank" rel="noopener">CVE-2018-17627</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1218/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA setInterval method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6458.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17628&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17628" target="_blank" rel="noopener">CVE-2018-17628</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1230/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6614.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17629&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17629" target="_blank" rel="noopener">CVE-2018-17629</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1160/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17630&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17630" target="_blank" rel="noopener">CVE-2018-17630</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1158/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6500.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17631&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17631" target="_blank" rel="noopener">CVE-2018-17631</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1195/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17632&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17632" target="_blank" rel="noopener">CVE-2018-17632</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1207/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17633&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17633" target="_blank" rel="noopener">CVE-2018-17633</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1202/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the attachIcon property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6499.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17634&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17634" target="_blank" rel="noopener">CVE-2018-17634</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1200/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17635&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17635" target="_blank" rel="noopener">CVE-2018-17635</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1177/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id property of a aliasNode. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6472.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17636&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17636" target="_blank" rel="noopener">CVE-2018-17636</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1209/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the loadXML method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6473.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17637&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17637" target="_blank" rel="noopener">CVE-2018-17637</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1175/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6474.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17638&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17638" target="_blank" rel="noopener">CVE-2018-17638</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1191/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setElement method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6475.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17639&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17639" target="_blank" rel="noopener">CVE-2018-17639</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1212/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Form count property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6477.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17640&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17640" target="_blank" rel="noopener">CVE-2018-17640</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1217/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the deleteItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6478.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17641&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17641" target="_blank" rel="noopener">CVE-2018-17641</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1221/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the colSpan property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6479.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17642&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17642" target="_blank" rel="noopener">CVE-2018-17642</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1225/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17643&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17643" target="_blank" rel="noopener">CVE-2018-17643</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1229/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17644&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17644" target="_blank" rel="noopener">CVE-2018-17644</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1197/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17645&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17645" target="_blank" rel="noopener">CVE-2018-17645</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1152/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6483.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17646&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17646" target="_blank" rel="noopener">CVE-2018-17646</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1156/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the boundItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6484.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17647&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17647" target="_blank" rel="noopener">CVE-2018-17647</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1154/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rotate property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6485.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17648&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17648" target="_blank" rel="noopener">CVE-2018-17648</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1149/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNodes method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6487.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17650&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17650" target="_blank" rel="noopener">CVE-2018-17650</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1201/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getItemState method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6501.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17651&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17651" target="_blank" rel="noopener">CVE-2018-17651</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1228/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17652&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17652" target="_blank" rel="noopener">CVE-2018-17652</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1222/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17653&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17653" target="_blank" rel="noopener">CVE-2018-17653</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1220/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the insertInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6504.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17654&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17654" target="_blank" rel="noopener">CVE-2018-17654</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1216/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17655&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17655" target="_blank" rel="noopener">CVE-2018-17655</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1211/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17656&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17656" target="_blank" rel="noopener">CVE-2018-17656</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1210/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17657&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17657" target="_blank" rel="noopener">CVE-2018-17657</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1203/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the respose property of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6509.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17658&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17658" target="_blank" rel="noopener">CVE-2018-17658</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1226/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the title property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6511.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17659&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17659" target="_blank" rel="noopener">CVE-2018-17659</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1206/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17660&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17660" target="_blank" rel="noopener">CVE-2018-17660</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1193/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the messageBox method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6513.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17661&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17661" target="_blank" rel="noopener">CVE-2018-17661</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1190/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17662&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17662" target="_blank" rel="noopener">CVE-2018-17662</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1188/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17663&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17663" target="_blank" rel="noopener">CVE-2018-17663</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1184/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isCompatibleNS method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6518.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17664&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17664" target="_blank" rel="noopener">CVE-2018-17664</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1179/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the currentPage property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6519.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17665&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17665" target="_blank" rel="noopener">CVE-2018-17665</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1178/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17666&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17666" target="_blank" rel="noopener">CVE-2018-17666</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1174/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17667&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17667" target="_blank" rel="noopener">CVE-2018-17667</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1171/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeAttribute method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6522.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17668&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17668" target="_blank" rel="noopener">CVE-2018-17668</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1168/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17669&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17669" target="_blank" rel="noopener">CVE-2018-17669</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1166/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the content property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6524.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17670&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17670" target="_blank" rel="noopener">CVE-2018-17670</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1163/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17671&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17671" target="_blank" rel="noopener">CVE-2018-17671</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1150/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array indices. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6817.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17672&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17672" target="_blank" rel="noopener">CVE-2018-17672</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1159/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17673&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17673" target="_blank" rel="noopener">CVE-2018-17673</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1192/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17674&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17674" target="_blank" rel="noopener">CVE-2018-17674</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1165/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17675&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17675" target="_blank" rel="noopener">CVE-2018-17675</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1194/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17676&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17676" target="_blank" rel="noopener">CVE-2018-17676</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1153/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mailDoc method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6850.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17677&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17677" target="_blank" rel="noopener">CVE-2018-17677</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1164/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17678&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17678" target="_blank" rel="noopener">CVE-2018-17678</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1172/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6890.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17679&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17679" target="_blank" rel="noopener">CVE-2018-17679</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1180/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17680&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17680" target="_blank" rel="noopener">CVE-2018-17680</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1189/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getPageBox method of a Form. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7141.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17681&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17681" target="_blank" rel="noopener">CVE-2018-17681</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1196/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17682&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17682" target="_blank" rel="noopener">CVE-2018-17682</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1151/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17683&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17683" target="_blank" rel="noopener">CVE-2018-17683</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1157/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isPropertySpecified method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6470.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17684&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17684" target="_blank" rel="noopener">CVE-2018-17684</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1214/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17685&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17685" target="_blank" rel="noopener">CVE-2018-17685</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1204/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17686&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17686" target="_blank" rel="noopener">CVE-2018-17686</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1185/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17687&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17687" target="_blank" rel="noopener">CVE-2018-17687</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1169/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17688&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17688" target="_blank" rel="noopener">CVE-2018-17688</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1155/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7070.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17689&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17689" target="_blank" rel="noopener">CVE-2018-17689</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1205/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxitsoftware -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7129.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-17692&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17692" target="_blank" rel="noopener">CVE-2018-17692</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1176/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- financial_transaction_manager</td><td style="text-align: left;" align="left">IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-2026&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank" rel="noopener">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-2026" target="_blank" rel="noopener">CVE-2018-2026</a><br><a href="http://www.ibm.com/support/docview.wss?uid=ibm10795536" target="_blank" rel="noopener">CONFIRM</a><br><a href="http://www.ibm.com/support/docview.wss?uid=ibm10795544" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/155552" target="_blank" rel="noopener">XF</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- security_identity_manager</td><td style="text-align: left;" align="left">IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-2019&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:P)" target="_blank" rel="noopener">5.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-2019" target="_blank" rel="noopener">CVE-2018-2019</a><br><a href="http://www.securityfocus.com/bid/106657" target="_blank" rel="noopener">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/155265" target="_blank" rel="noopener">XF</a><br><a href="https://www.ibm.com/support/docview.wss?uid=ibm10794615" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- security_key_lifecycle_manager</td><td style="text-align: left;" align="left">IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-1751&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1751" target="_blank" rel="noopener">CVE-2018-1751</a><br><a href="http://www.ibm.com/support/docview.wss?uid=ibm10791829" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/148512" target="_blank" rel="noopener">XF</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">identicard -- premisys_id</td><td style="text-align: left;" align="left">Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3907&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3907" target="_blank" rel="noopener">CVE-2019-3907</a><br><a href="http://www.securityfocus.com/bid/106552" target="_blank" rel="noopener">BID</a><br><a href="https://www.tenable.com/security/research/tra-2019-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">identicard -- premisys_id</td><td style="text-align: left;" align="left">Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3908&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3908" target="_blank" rel="noopener">CVE-2019-3908</a><br><a href="http://www.securityfocus.com/bid/106552" target="_blank" rel="noopener">BID</a><br><a href="https://www.tenable.com/security/research/tra-2019-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">labapart -- gattlib</td><td style="text-align: left;" align="left">GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.</td><td style="text-align: center;" align="center">2019-01-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6498&vector=(AV:A/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">5.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6498" target="_blank" rel="noopener">CVE-2019-6498</a><br><a href="https://github.com/labapart/gattlib/issues/81" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/labapart/gattlib/issues/82" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/46215/" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">lua -- lua</td><td style="text-align: left;" align="left">Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6706&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6706" target="_blank" rel="noopener">CVE-2019-6706</a><br><a href="http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/46246/" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">phpshe -- phpshe</td><td style="text-align: left;" align="left">PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6707&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6707" target="_blank" rel="noopener">CVE-2019-6707</a><br><a href="https://github.com/kk98kk0/exploit/issues/1" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">phpshe -- phpshe</td><td style="text-align: left;" align="left">PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6708&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6708" target="_blank" rel="noopener">CVE-2019-6708</a><br><a href="https://github.com/kk98kk0/exploit/issues/2" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">phpwind -- phpwind</td><td style="text-align: left;" align="left">phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6691&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6691" target="_blank" rel="noopener">CVE-2019-6691</a><br><a href="https://github.com/Veeeooo/phpwind/blob/master/README.md" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">python -- pypiserver</td><td style="text-align: left;" align="left">CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6802&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6802" target="_blank" rel="noopener">CVE-2019-6802</a><br><a href="https://github.com/pypiserver/pypiserver/issues/237" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8276&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">4.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8276" target="_blank" rel="noopener">CVE-2017-8276</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-11999&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C)" target="_blank" rel="noopener">4.9</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11999" target="_blank" rel="noopener">CVE-2018-11999</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">typora -- typora</td><td style="text-align: left;" align="left">typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6803&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6803" target="_blank" rel="noopener">CVE-2019-6803</a><br><a href="https://github.com/typora/typora-issues/issues/2124" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">zoneminder -- zoneminder</td><td style="text-align: left;" align="left">An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-6777&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6777" target="_blank" rel="noopener">CVE-2019-6777</a><br><a href="https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ZoneMinder/zoneminder/issues/2436" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a id="ox-9970d000fb-low" name="low" class="mce-item-anchor"></a> </p><h2 id="ox-9970d000fb-low_v_title">Low Vulnerabilities</h2><table border="1" summary="Low Vulnerabilities" align="center"><thead><tr><th class="ox-9970d000fb-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9206_firmware</td><td style="text-align: left;" align="left">Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-3595&vector=(AV:L/AC:L/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3595" target="_blank" rel="noopener">CVE-2018-3595</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">qualcomm -- mdm9607_firmware</td><td style="text-align: left;" align="left">Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18332&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18332" target="_blank" rel="noopener">CVE-2017-18332</a><br><a href="http://www.securityfocus.com/bid/106128" target="_blank" rel="noopener">BID</a><br><a href="https://www.qualcomm.com/company/product-security/bulletins" target="_blank" rel="noopener">CONFIRM</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a id="ox-9970d000fb-severity_not_yet_assigned" name="severity_not_yet_assigned" class="mce-item-anchor"></a> </p><h2 id="ox-9970d000fb-snya_v_title">Severity Not Yet Assigned</h2><table id="ox-9970d000fb-table_severity_not_yet_assigned" border="1" summary="Severity Not Yet Assigned" align="center"><thead><tr><th class="ox-9970d000fb-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">apache -- airflow<br> </td><td style="text-align: left;" align="left">The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20245" target="_blank" rel="noopener">CVE-2018-20245</a><br><a href="https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">aspeed -- ast2400_and_ast2500_baseboard_management_controllers</td><td style="text-align: left;" align="left">The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6260" target="_blank" rel="noopener">CVE-2019-6260</a><br><a href="https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- universal_plugin_manager</td><td style="text-align: left;" align="left">The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20233" target="_blank" rel="noopener">CVE-2018-20233</a><br><a href="http://www.securityfocus.com/bid/106661" target="_blank" rel="noopener">BID</a><br><a href="https://ecosystem.atlassian.net/browse/UPM-5964" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">avaya -- ip_office</td><td style="text-align: left;" align="left">A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15614" target="_blank" rel="noopener">CVE-2018-15614</a><br><a href="https://downloads.avaya.com/css/P8/documents/101054317" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">axway -- file_transfer_direct</td><td style="text-align: left;" align="left">In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.</td><td style="text-align: center;" align="center">2019-01-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6500" target="_blank" rel="noopener">CVE-2019-6500</a><br><a href="https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md" target="_blank" rel="noopener">MISC</a><br><a href="https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">bento4 -- bento4<br> </td><td style="text-align: left;" align="left">An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6966" target="_blank" rel="noopener">CVE-2019-6966</a><br><a href="https://github.com/axiomatic-systems/Bento4/issues/361" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">broadcom -- brocade_network_advisor</td><td style="text-align: left;" align="left">A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6443" target="_blank" rel="noopener">CVE-2018-6443</a><br><a href="https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">broadcom -- brocade_network_advisor</td><td style="text-align: left;" align="left">A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6445" target="_blank" rel="noopener">CVE-2018-6445</a><br><a href="https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-745" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">broadcom -- brocade_network_advisor</td><td style="text-align: left;" align="left">A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-6444" target="_blank" rel="noopener">CVE-2018-6444</a><br><a href="https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">chatopera -- cosin</td><td style="text-align: left;" align="left">There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6503" target="_blank" rel="noopener">CVE-2019-6503</a><br><a href="https://github.com/chatopera/cosin/issues/177" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- amp_threat_grid</td><td style="text-align: left;" align="left">A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1657" target="_blank" rel="noopener">CVE-2019-1657</a><br><a href="http://www.securityfocus.com/bid/106711" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- enterprise_nfv_infrastructure_software</td><td style="text-align: left;" align="left">A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1656" target="_blank" rel="noopener">CVE-2019-1656</a><br><a href="http://www.securityfocus.com/bid/106715" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- firepower_threat_defense</td><td style="text-align: left;" align="left">A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1669" target="_blank" rel="noopener">CVE-2019-1669</a><br><a href="http://www.securityfocus.com/bid/106721" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- identity_services_engine</td><td style="text-align: left;" align="left">A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15455" target="_blank" rel="noopener">CVE-2018-15455</a><br><a href="http://www.securityfocus.com/bid/106708" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- identity_services_engine</td><td style="text-align: left;" align="left">A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-0187" target="_blank" rel="noopener">CVE-2018-0187</a><br><a href="http://www.securityfocus.com/bid/106717" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- identity_services_engine</td><td style="text-align: left;" align="left">A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-15459" target="_blank" rel="noopener">CVE-2018-15459</a><br><a href="http://www.securityfocus.com/bid/106707" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- iot_field_network_director</td><td style="text-align: left;" align="left">A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1644" target="_blank" rel="noopener">CVE-2019-1644</a><br><a href="http://www.securityfocus.com/bid/106709" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- multiple_webex_products</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1640" target="_blank" rel="noopener">CVE-2019-1640</a><br><a href="http://www.securityfocus.com/bid/106704" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- multiple_webex_products</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1641" target="_blank" rel="noopener">CVE-2019-1641</a><br><a href="http://www.securityfocus.com/bid/106704" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- multiple_webex_products</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1637" target="_blank" rel="noopener">CVE-2019-1637</a><br><a href="http://www.securityfocus.com/bid/106704" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- multiple_webex_products</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1638" target="_blank" rel="noopener">CVE-2019-1638</a><br><a href="http://www.securityfocus.com/bid/106704" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- multiple_webex_products</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1639" target="_blank" rel="noopener">CVE-2019-1639</a><br><a href="http://www.securityfocus.com/bid/106704" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- sd-wan_solution</td><td style="text-align: left;" align="left">A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1647" target="_blank" rel="noopener">CVE-2019-1647</a><br><a href="http://www.securityfocus.com/bid/106705" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- sd-wan_solution</td><td style="text-align: left;" align="left">A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1648" target="_blank" rel="noopener">CVE-2019-1648</a><br><a href="http://www.securityfocus.com/bid/106719" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- sd-wan_solution</td><td style="text-align: left;" align="left">A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1650" target="_blank" rel="noopener">CVE-2019-1650</a><br><a href="http://www.securityfocus.com/bid/106716" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- sd-wan_solution</td><td style="text-align: left;" align="left">A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1646" target="_blank" rel="noopener">CVE-2019-1646</a><br><a href="http://www.securityfocus.com/bid/106723" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers</td><td style="text-align: left;" align="left">The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.</td><td style="text-align: center;" align="center">2019-01-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6496" target="_blank" rel="noopener">CVE-2019-6496</a><br><a href="https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1652" target="_blank" rel="noopener">CVE-2019-1652</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject" target="_blank" rel="noopener">CISCO</a><br><a href="https://www.exploit-db.com/exploits/46243/" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- small_business_rv320_and_rv325_dual_gigabit_wan_vpn_routers</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1653" target="_blank" rel="noopener">CVE-2019-1653</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- socialminer</td><td style="text-align: left;" align="left">A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1668" target="_blank" rel="noopener">CVE-2019-1668</a><br><a href="http://www.securityfocus.com/bid/106720" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- unified_intelligence_center</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1658" target="_blank" rel="noopener">CVE-2019-1658</a><br><a href="http://www.securityfocus.com/bid/106713" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- webex_meetings_server</td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1655" target="_blank" rel="noopener">CVE-2019-1655</a><br><a href="http://www.securityfocus.com/bid/106710" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- webex_teams</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1636" target="_blank" rel="noopener">CVE-2019-1636</a><br><a href="http://www.securityfocus.com/bid/106718" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">cisco_connected_mobile_experiences</td><td style="text-align: left;" align="left">A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1645" target="_blank" rel="noopener">CVE-2019-1645</a><br><a href="http://www.securityfocus.com/bid/106701" target="_blank" rel="noopener">BID</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl" target="_blank" rel="noopener">CISCO</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">drupal -- drupal</td><td style="text-align: left;" align="left">In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6339" target="_blank" rel="noopener">CVE-2019-6339</a><br><a href="https://www.debian.org/security/2019/dsa-4370" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.drupal.org/sa-core-2019-002" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">drupal -- drupal</td><td style="text-align: left;" align="left">In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6338" target="_blank" rel="noopener">CVE-2019-6338</a><br><a href="http://www.securityfocus.com/bid/106706" target="_blank" rel="noopener">BID</a><br><a href="https://www.debian.org/security/2019/dsa-4370" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.drupal.org/sa-core-2019-001" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">drupal -- drupal</td><td style="text-align: left;" align="left">In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6923" target="_blank" rel="noopener">CVE-2017-6923</a><br><a href="http://www.securityfocus.com/bid/100368" target="_blank" rel="noopener">BID</a><br><a href="http://www.securitytracker.com/id/1039200" target="_blank" rel="noopener">SECTRACK</a><br><a href="https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">drupal -- drupal<br> </td><td style="text-align: left;" align="left">In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6922" target="_blank" rel="noopener">CVE-2017-6922</a><br><a href="http://www.securityfocus.com/bid/99219" target="_blank" rel="noopener">BID</a><br><a href="http://www.securitytracker.com/id/1038781" target="_blank" rel="noopener">SECTRACK</a><br><a href="https://www.debian.org/security/2017/dsa-3897" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">emerson -- deltav_distributed_control_system_workstations</td><td style="text-align: left;" align="left">A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19021" target="_blank" rel="noopener">CVE-2018-19021</a><br><a href="http://www.securityfocus.com/bid/106522" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">epic_games -- epic_games_launcher</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-7241.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17707" target="_blank" rel="noopener">CVE-2018-17707</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1359/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foreman -- foreman</td><td style="text-align: left;" align="left">An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14666" target="_blank" rel="noopener">CVE-2018-14666</a><br><a href="http://www.securityfocus.com/bid/106490" target="_blank" rel="noopener">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14666" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">fortinet -- fortios</td><td style="text-align: left;" align="left">A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13374" target="_blank" rel="noopener">CVE-2018-13374</a><br><a href="https://fortiguard.com/advisory/FG-IR-18-157" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.exploit-db.com/exploits/46171/" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17702" target="_blank" rel="noopener">CVE-2018-17702</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1183/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAttribute method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6486.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17649" target="_blank" rel="noopener">CVE-2018-17649</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1148/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17699" target="_blank" rel="noopener">CVE-2018-17699</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1213/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the defaultValue property of ComboBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7253.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17703" target="_blank" rel="noopener">CVE-2018-17703</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1162/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17704" target="_blank" rel="noopener">CVE-2018-17704</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1208/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17697" target="_blank" rel="noopener">CVE-2018-17697</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1215/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17696" target="_blank" rel="noopener">CVE-2018-17696</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1223/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- foxit_reader</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17705" target="_blank" rel="noopener">CVE-2018-17705</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1198/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17698" target="_blank" rel="noopener">CVE-2018-17698</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1219/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17690" target="_blank" rel="noopener">CVE-2018-17690</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1161/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17691" target="_blank" rel="noopener">CVE-2018-17691</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1167/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17694" target="_blank" rel="noopener">CVE-2018-17694</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1224/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17695" target="_blank" rel="noopener">CVE-2018-17695</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1199/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17701" target="_blank" rel="noopener">CVE-2018-17701</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1147/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17700" target="_blank" rel="noopener">CVE-2018-17700</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1146/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">foxit_software -- phantompdf</td><td style="text-align: left;" align="left">This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7130.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17693" target="_blank" rel="noopener">CVE-2018-17693</a><br><a href="https://www.foxitsoftware.com/support/security-bulletins.php" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-1182/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- c_library</td><td style="text-align: left;" align="left">The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.</td><td style="text-align: center;" align="center">2019-01-18</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6488" target="_blank" rel="noopener">CVE-2019-6488</a><br><a href="http://www.securityfocus.com/bid/106671" target="_blank" rel="noopener">BID</a><br><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=24097" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- c_library</td><td style="text-align: left;" align="left">In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.</td><td style="text-align: center;" align="center">2019-01-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10739" target="_blank" rel="noopener">CVE-2016-10739</a><br><a href="http://www.securityfocus.com/bid/106672" target="_blank" rel="noopener">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1347549" target="_blank" rel="noopener">MISC</a><br><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=20018" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">hetronic -- nova-m</td><td style="text-align: left;" align="left">Hetronic Nova-M radio control systems prior to version r161 use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19023" target="_blank" rel="noopener">CVE-2018-19023</a><br><a href="http://www.securityfocus.com/bid/106448" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- security_identity_manager_virtual_appliance</td><td style="text-align: left;" align="left">IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1959" target="_blank" rel="noopener">CVE-2018-1959</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/153633" target="_blank" rel="noopener">XF</a><br><a href="https://www.ibm.com/support/docview.wss?uid=ibm10796380" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins</td><td style="text-align: left;" align="left">An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003004" target="_blank" rel="noopener">CVE-2019-1003004</a><br><a href="http://www.securityfocus.com/bid/106680" target="_blank" rel="noopener">BID</a><br><a href="https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins</td><td style="text-align: left;" align="left">A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003002" target="_blank" rel="noopener">CVE-2019-1003002</a><br><a href="https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins</td><td style="text-align: left;" align="left">A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003001" target="_blank" rel="noopener">CVE-2019-1003001</a><br><a href="https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins</td><td style="text-align: left;" align="left">A sandbox bypass vulnerability exists in Script Security Plugin 2.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003000" target="_blank" rel="noopener">CVE-2019-1003000</a><br><a href="https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins</td><td style="text-align: left;" align="left">An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1003003" target="_blank" rel="noopener">CVE-2019-1003003</a><br><a href="http://www.securityfocus.com/bid/106680" target="_blank" rel="noopener">BID</a><br><a href="https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">jenkins -- jenkins<br> </td><td style="text-align: left;" align="left">A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000997" target="_blank" rel="noopener">CVE-2018-1000997</a><br><a href="https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">lenovo -- thinkpads</td><td style="text-align: left;" align="left">In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16098" target="_blank" rel="noopener">CVE-2018-16098</a><br><a href="https://support.lenovo.com/us/en/solutions/LEN-24573" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">libgd -- libgd</td><td style="text-align: left;" align="left">gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.</td><td style="text-align: center;" align="center">2019-01-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6977" target="_blank" rel="noopener">CVE-2019-6977</a><br><a href="http://php.net/ChangeLog-5.php" target="_blank" rel="noopener">MISC</a><br><a href="http://php.net/ChangeLog-7.php" target="_blank" rel="noopener">MISC</a><br><a href="https://bugs.php.net/bug.php?id=77270" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">libiec61850 -- libiec61850<br> </td><td style="text-align: left;" align="left">An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6719" target="_blank" rel="noopener">CVE-2019-6719</a><br><a href="https://github.com/mz-automation/libiec61850/issues/111" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">libvips -- libvips<br> </td><td style="text-align: left;" align="left">libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory.</td><td style="text-align: center;" align="center">2019-01-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6976" target="_blank" rel="noopener">CVE-2019-6976</a><br><a href="https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/libvips/libvips/releases/tag/v8.7.4" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3819" target="_blank" rel="noopener">CVE-2019-3819</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">mcafee -- mvision_endpoint</td><td style="text-align: left;" align="left">Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3584" target="_blank" rel="noopener">CVE-2019-3584</a><br><a href="https://kc.mcafee.com/corporate/index?page=content&id=SB10265" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">mcafee -- total_protection</td><td style="text-align: left;" align="left">DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3587" target="_blank" rel="noopener">CVE-2019-3587</a><br><a href="http://service.mcafee.com/FAQDocument.aspx?&id=TS102887" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">mumble -- mumble<br> </td><td style="text-align: left;" align="left">murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20743" target="_blank" rel="noopener">CVE-2018-20743</a><br><a href="https://bugs.debian.org/919249" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/mumble-voip/mumble/issues/3505" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/mumble-voip/mumble/pull/3510" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/mumble-voip/mumble/pull/3512" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">netapp -- clustered_data_ontap<br> </td><td style="text-align: left;" align="left">Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5497" target="_blank" rel="noopener">CVE-2018-5497</a><br><a href="https://security.netapp.com/advisory/ntap-20190109-0001/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">norton -- app_lock</td><td style="text-align: left;" align="left">Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18363" target="_blank" rel="noopener">CVE-2018-18363</a><br><a href="http://www.securityfocus.com/bid/106450" target="_blank" rel="noopener">BID</a><br><a href="https://support.symantec.com/en_US/article.SYMSA1473.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">omron -- cx-supervisor</td><td style="text-align: left;" align="left">Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19017" target="_blank" rel="noopener">CVE-2018-19017</a><br><a href="http://www.securityfocus.com/bid/106654" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">omron -- cx-supervisor</td><td style="text-align: left;" align="left">An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19013" target="_blank" rel="noopener">CVE-2018-19013</a><br><a href="http://www.securityfocus.com/bid/106654" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">omron -- cx-supervisor</td><td style="text-align: left;" align="left">A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19019" target="_blank" rel="noopener">CVE-2018-19019</a><br><a href="http://www.securityfocus.com/bid/106654" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">omron -- cx-supervisor<br> </td><td style="text-align: left;" align="left">CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.</td><td style="text-align: center;" align="center">2019-01-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19011" target="_blank" rel="noopener">CVE-2018-19011</a><br><a href="http://www.securityfocus.com/bid/106654" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">phpmyadmin -- phpmyadmin</td><td style="text-align: left;" align="left">An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.</td><td style="text-align: center;" align="center">2019-01-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6799" target="_blank" rel="noopener">CVE-2019-6799</a><br><a href="https://www.phpmyadmin.net/security/PMASA-2019-1/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">phpmyadmin -- phpmyadmin<br> </td><td style="text-align: left;" align="left">An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.</td><td style="text-align: center;" align="center">2019-01-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6798" target="_blank" rel="noopener">CVE-2019-6798</a><br><a href="https://www.phpmyadmin.net/security/PMASA-2019-2/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">pilz -- pnozmulti_configurator</td><td style="text-align: left;" align="left">Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19009" target="_blank" rel="noopener">CVE-2018-19009</a><br><a href="http://www.securityfocus.com/bid/106529" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">postgresql -- postgresql</td><td style="text-align: left;" align="left">PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18359" target="_blank" rel="noopener">CVE-2017-18359</a><br><a href="https://trac.osgeo.org/postgis/changeset/15444" target="_blank" rel="noopener">MISC</a><br><a href="https://trac.osgeo.org/postgis/changeset/15445" target="_blank" rel="noopener">MISC</a><br><a href="https://trac.osgeo.org/postgis/ticket/3704" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">rockwell_automation -- factorytalk_services_platform</td><td style="text-align: left;" align="left">In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18981" target="_blank" rel="noopener">CVE-2018-18981</a><br><a href="http://www.securityfocus.com/bid/106279" target="_blank" rel="noopener">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">rsyslog -- rsyslog<br> </td><td style="text-align: left;" align="left">A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16881" target="_blank" rel="noopener">CVE-2018-16881</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">rundeck -- rundeck_community_edition</td><td style="text-align: left;" align="left">An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.</td><td style="text-align: center;" align="center">2019-01-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6804" target="_blank" rel="noopener">CVE-2019-6804</a><br><a href="https://docs.rundeck.com/docs/history/version-3.0.13.html" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/rundeck/rundeck/issues/4406" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">sky -- go_desktop_application</td><td style="text-align: left;" align="left">The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.</td><td style="text-align: center;" align="center">2019-01-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-18908" target="_blank" rel="noopener">CVE-2018-18908</a><br><a href="https://blog.sean-wright.com/sky/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">symantec -- reporter</td><td style="text-align: left;" align="left">The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12237" target="_blank" rel="noopener">CVE-2018-12237</a><br><a href="http://www.securityfocus.com/bid/106518" target="_blank" rel="noopener">BID</a><br><a href="https://support.symantec.com/en_US/article.SYMSA1465.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">teradata -- viewpoint</td><td style="text-align: left;" align="left">Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.</td><td style="text-align: center;" align="center">2019-01-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6499" target="_blank" rel="noopener">CVE-2019-6499</a><br><a href="https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Teradata%20Viewpoint%20Hardcoded%20Password%20Vulnerability.md" target="_blank" rel="noopener">MISC</a><br><a href="https://inf0seq.github.io/cve/2019/01/20/Teradata-Viewpoint-Hardcoded-Password-Vulnerability.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">thinkcmf -- thinkcmf<br> </td><td style="text-align: left;" align="left">app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.</td><td style="text-align: center;" align="center">2019-01-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6713" target="_blank" rel="noopener">CVE-2019-6713</a><br><a href="http://www.ttk7.cn/post-108.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">uc_berkeley -- rise_opaque</td><td style="text-align: left;" align="left">An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20742" target="_blank" rel="noopener">CVE-2018-20742</a><br><a href="https://github.com/ucbrise/opaque/commit/5ddda15d89f5ac82f4416208c5319ace4aecdc36" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ucbrise/opaque/issues/66" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.</td><td style="text-align: center;" align="center">2019-01-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6780" target="_blank" rel="noopener">CVE-2019-6780</a><br><a href="https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php" target="_blank" rel="noopener">MISC</a><br><a href="https://wordpress.org/plugins/wise-chat/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/46247/" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-9970d000fb-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress<br> </td><td style="text-align: left;" align="left">Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.</td><td style="text-align: center;" align="center">2019-01-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-6703" target="_blank" rel="noopener">CVE-2019-6703</a><br><a href="https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><hr><p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="http://www.us-cert.gov/privacy/">Privacy & Use</a> policy.</p></div></div><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%" height="60">A copy of this publication is available at <a href="https://www.us-cert.gov">www.us-cert.gov</a>. If you need help or have questions, please send an email to <a href="mailto:info@us-cert.gov">info@us-cert.gov</a>. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.</td></tr></tbody></table><table style="border-collapse: collapse; width: 400px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="bottom" height="24">OTHER RESOURCES:</td></tr><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="middle" height="24"><a href="http://www.us-cert.gov/contact-us/" target="_blank" rel="noopener">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank" rel="noopener">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank" rel="noopener">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank" rel="noopener">Related Resources</a></td></tr></tbody></table><table style="border-collapse: collapse; width: 150px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" colspan="7" valign="bottom" height="24">STAY CONNECTED:</td></tr><tr><td width="41" style="padding: 0px;"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif" border="0" alt="Sign up for email updates" width="25" height="25" style="width: 25px; height: 25px;"></a></td></tr></tbody></table><p style="color: #666666; font-family: Arial, sans-serif; font-size: 12px;">SUBSCRIBER SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank" rel="noopener">Manage Preferences</a>  |  <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net" target="_blank" rel="noopener">Unsubscribe</a>  |  <a href="https://subscriberhelp.govdelivery.com/">Help</a></p><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%">This email was sent to w3hwn@arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870</td><td align="right" width="11%" style="padding: 0px;"><a href="https://subscriberhelp.granicus.com/" target="_blank" rel="noopener"><img src="https://content.govdelivery.com/images/govd-logo-dark.png" border="0" alt="GovDelivery logo" width="115"></a></td></tr></tbody></table></td></tr></tbody></table></blockquote><p style="font-size: 14pt; font-family: times new roman,times; color: #000000;" class="default-style"><br> </p></body></html>