| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-17287 |
|
|
2019-04-18 |
N/A |
| In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an... |
| CVE-2018-16878 |
|
|
2019-04-18 |
N/A |
| A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS |
| CVE-2018-16877 |
|
|
2019-04-18 |
N/A |
| A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. |
| CVE-2019-6579 |
1 Siemens |
1 Spectrum Power 4 |
2019-04-18 |
7.5 |
| A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security... |
| CVE-2017-11430 |
1 Omnitauth-saml Project |
1 Omnitauth-saml |
2019-04-18 |
7.5 |
| OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,... |
| CVE-2017-11429 |
1 Clever |
1 Saml2-js |
2019-04-18 |
7.5 |
| Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing... |
| CVE-2019-10947 |
1 Deltaww |
1 Cncsoft Screeneditor |
2019-04-18 |
6.8 |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute... |
| CVE-2019-6575 |
1 Siemens |
18 Simatic S7-1500 Software Controller, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Comfort and 15 more |
2019-04-18 |
7.8 |
| A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All... |
| CVE-2019-9223 |
1 Gitlab |
1 Gitlab |
2019-04-18 |
5.0 |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. |
| CVE-2017-9833 |
1 Boa |
1 Boa |
2019-04-18 |
7.8 |
| /cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. |
| CVE-2019-10949 |
1 Deltaww |
1 Cncsoft Screeneditor |
2019-04-18 |
4.3 |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially... |
| CVE-2019-8999 |
|
|
2019-04-18 |
N/A |
| An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. |
| CVE-2019-6610 |
1 F5 |
1 Big-ip Access Policy Manager |
2019-04-18 |
9.0 |
| On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification. |
| CVE-2019-11322 |
|
|
2019-04-18 |
N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. |
| CVE-2019-11321 |
|
|
2019-04-18 |
N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. |
| CVE-2019-11320 |
|
|
2019-04-18 |
N/A |
| In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. |
| CVE-2019-11319 |
|
|
2019-04-18 |
N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. |
| CVE-2019-11034 |
|
|
2019-04-18 |
N/A |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
| CVE-2019-10306 |
|
|
2019-04-18 |
N/A |
| A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. |
| CVE-2019-10305 |
|
|
2019-04-18 |
N/A |
| A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
