The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-12189 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | MEDIUM | May 23, 2019 |
| CVE-2019-10078 | A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable. | MEDIUM | May 23, 2019 |
| CVE-2019-10077 | A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | MEDIUM | May 23, 2019 |
| CVE-2019-10076 | A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | MEDIUM | May 23, 2019 |
| CVE-2019-6513 | An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. | MEDIUM | May 23, 2019 |
| CVE-2019-5627 | The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | MEDIUM | May 23, 2019 |
| CVE-2019-5626 | The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | LOW | May 23, 2019 |
| CVE-2019-5625 | The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user\'s personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | Medium | May 23, 2019 |
| CVE-2019-4078 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190. | HIGH | May 23, 2019 |
| CVE-2019-4039 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163. | LOW | May 23, 2019 |
| CVE-2019-3403 | The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | MEDIUM | May 23, 2019 |
| CVE-2019-3402 | The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | MEDIUM | May 23, 2019 |
| CVE-2019-3401 | The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | MEDIUM | May 23, 2019 |
| CVE-2019-1813 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. | HIGH | May 23, 2019 |
| CVE-2019-1812 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. | HIGH | May 23, 2019 |
| CVE-2019-1811 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. | HIGH | May 23, 2019 |
| CVE-2019-1810 | A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image. | MEDIUM | May 23, 2019 |
| CVE-2018-7851 | CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. | MEDIUM | May 23, 2019 |
| CVE-2018-7841 | A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | HIGH | May 23, 2019 |
| CVE-2018-7840 | A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL. | MEDIUM | May 23, 2019 |
| CVE-2018-7834 | A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user. | MEDIUM | May 23, 2019 |
| CVE-2018-7823 | A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. | MEDIUM | May 23, 2019 |
| CVE-2018-7822 | An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. | LOW | May 23, 2019 |
| CVE-2018-7821 | An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. | MEDIUM | May 23, 2019 |
| CVE-2018-7803 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant. | MEDIUM | May 23, 2019 |
| CVE-2018-7788 | A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection. | MEDIUM | May 23, 2019 |
| CVE-2018-7202 | An issue was discovered in ProjectSend before r1053. XSS exists in the \"Name\" field on the My Account page. | MEDIUM | May 23, 2019 |
| CVE-2018-7201 | CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | MEDIUM | May 23, 2019 |
| CVE-2018-14729 | The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. | HIGH | May 23, 2019 |
| CVE-2018-12886 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | Medium | May 23, 2019 |
| CVE-2017-9809 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure. | MEDIUM | May 23, 2019 |
| CVE-2017-9808 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | MEDIUM | May 23, 2019 |
| CVE-2017-8777 | Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. | MEDIUM | May 23, 2019 |
| CVE-2017-8341 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | MEDIUM | May 23, 2019 |
| CVE-2017-8340 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | MEDIUM | May 23, 2019 |
| CVE-2017-6912 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | MEDIUM | May 23, 2019 |
| CVE-2017-5984 | In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. | Medium | May 23, 2019 |
| CVE-2017-5871 | Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote). | MEDIUM | May 23, 2019 |
| CVE-2017-5864 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | MEDIUM | May 23, 2019 |
| CVE-2017-5863 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | HIGH | May 23, 2019 |
| CVE-2017-5213 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | MEDIUM | May 23, 2019 |
| CVE-2017-5212 | Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | HIGH | May 23, 2019 |
| CVE-2017-5211 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | MEDIUM | May 23, 2019 |
| CVE-2017-5210 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | MEDIUM | May 23, 2019 |
| CVE-2017-17061 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | LOW | May 23, 2019 |
| CVE-2017-17060 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | HIGH | May 23, 2019 |
| CVE-2017-15030 | Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | MEDIUM | May 23, 2019 |
| CVE-2017-15029 | Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | MEDIUM | May 23, 2019 |
| CVE-2017-13668 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | LOW | May 23, 2019 |
| CVE-2017-11740 | In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | MEDIUM | May 23, 2019 |
