Virus and Security Alerts

CVE-2019-12190 (centos_web_panel)

2019-05-21 18:29:00
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
National Vulnerability Database
CVE-2019-12252 (manageengine_servicedesk_plus)

2019-05-21 18:29:00
In Zoho ManageEngine ServiceDesk Plus through 10.5,
National Vulnerability Database
CVE-2019-12189 (manageengine_servicedesk_plus)

2019-05-21 18:29:00
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
National Vulnerability Database
CVE-2019-12253 (my_little_forum)

2019-05-21 17:29:00
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
National Vulnerability Database
CVE-2019-12251 (ucms)

2019-05-21 16:29:01
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
National Vulnerability Database
CVE-2019-12250 (identityserver4)

2019-05-21 16:29:01
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
National Vulnerability Database
CVE-2019-11816 (opnsense, pfsense)

2019-05-20 22:29:00
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
National Vulnerability Database
CVE-2019-10078 (jspwiki)

2019-05-20 21:29:00
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin,
National Vulnerability Database
CVE-2019-10077 (jspwiki)

2019-05-20 21:29:00
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
National Vulnerability Database
CVE-2019-10076 (jspwiki)

2019-05-20 21:29:00
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
National Vulnerability Database
CVE-2019-12239 (wp_booking_system)

2019-05-20 20:29:00
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
National Vulnerability Database
CVE-2019-12241 (carts_guru)

2019-05-20 20:29:00
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
National Vulnerability Database
CVE-2019-12240 (virim)

2019-05-20 20:29:00
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
National Vulnerability Database
CVE-2019-8352 (patrol_agent)

2019-05-20 19:29:00
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic,
National Vulnerability Database
CVE-2019-4058 (bigfix_platform)

2019-05-20 18:29:00
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
National Vulnerability Database
CVE-2019-4011 (bigfix_platform)

2019-05-20 18:29:00
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting.
National Vulnerability Database
CVE-2019-4293 (storwize_unified_v7000_software)

2019-05-20 18:29:00
IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699.
National Vulnerability Database
CVE-2018-2005 (bigfix_platform)

2019-05-20 18:29:00
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
National Vulnerability Database
CVE-2019-12219 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
National Vulnerability Database
CVE-2019-12222 (simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
National Vulnerability Database
CVE-2019-12220 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
National Vulnerability Database
CVE-2019-12216 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
National Vulnerability Database
CVE-2019-12218 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
National Vulnerability Database
CVE-2019-12221 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
National Vulnerability Database
CVE-2019-12217 (sdl2_image, simple_directmedia_layer)

2019-05-20 17:29:17
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
National Vulnerability Database
CVE-2019-12215 (matomo)

2019-05-20 16:29:01
** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk,
National Vulnerability Database
CVE-2019-12214 (freeimage)

2019-05-20 16:29:01
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in,
National Vulnerability Database
CVE-2019-12211 (freeimage)

2019-05-20 16:29:01
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered,
National Vulnerability Database
CVE-2019-12212 (freeimage)

2019-05-20 16:29:01
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion.
National Vulnerability Database
CVE-2019-12213 (freeimage)

2019-05-20 16:29:01
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
National Vulnerability Database
CVE-2019-12208 (njs)

2019-05-20 14:29:00
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
National Vulnerability Database
CVE-2018-12270 (steam)

2019-05-20 14:29:00
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.
National Vulnerability Database
CVE-2019-12206 (njs)

2019-05-20 14:29:00
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
National Vulnerability Database
CVE-2019-12207 (njs)

2019-05-20 14:29:00
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
National Vulnerability Database
CVE-2019-11809 (joomla!)

2019-05-20 13:29:04
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
National Vulnerability Database
CVE-2019-12198 (gohttp)

2019-05-20 04:29:00
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
National Vulnerability Database
CVE-2019-12185 (elabftw)

2019-05-20 00:29:00
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution.
National Vulnerability Database
JS/DwnLdr-YCW

2019-05-20 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TRS

2019-05-20 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TRO

2019-05-20 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YCX

2019-05-20 00:00:00

Sophos latest virus and spyware detection
JS/Drop-AZM

2019-05-20 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-MI

2019-05-20 00:00:00

Sophos latest virus and spyware detection
CVE-2019-12184 (boostnote)

2019-05-19 19:29:00
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element,
National Vulnerability Database
Troj/Inject-ECA

2019-05-19 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FDO

2019-05-19 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HJB

2019-05-19 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FDP

2019-05-19 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QZ

2019-05-19 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HJC

2019-05-19 00:00:00

Sophos latest virus and spyware detection
CVE-2019-12173 (macdown)

2019-05-18 00:29:00
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
National Vulnerability Database
Troj/NanoCr-BI

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Rozena-V

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/BatDrp-T

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TTG

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HQZ

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-PW

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HQY

2019-05-18 00:00:00

Sophos latest virus and spyware detection
JS/Dwnldr-YCU

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBMF

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TTE

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EBZ

2019-05-18 00:00:00

Sophos latest virus and spyware detection
JS/Dwnldr-YCV

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FDN

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-VX

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TTD

2019-05-18 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBMG

2019-05-18 00:00:00

Sophos latest virus and spyware detection
CVE-2019-12172 (typora)

2019-05-17 23:29:00
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows.
National Vulnerability Database
CVE-2019-12170 (atutor)

2019-05-17 22:29:00
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution.
National Vulnerability Database
CVE-2019-12168 (f3x24_firmware)

2019-05-17 22:29:00
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
National Vulnerability Database
CVE-2019-11644 (client_security, computer_protection, internet_security, psb_workstation_security, safe)

2019-05-17 21:29:00
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10,
National Vulnerability Database
CVE-2019-12163 (web_module)

2019-05-17 21:29:00
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
National Vulnerability Database
CVE-2019-8339 (falco, sysdig)

2019-05-17 20:29:05
An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products.
National Vulnerability Database
CVE-2019-12161 (webpagetest)

2019-05-17 19:29:00
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
National Vulnerability Database
CVE-2019-12160 (gohttp)

2019-05-17 19:29:00
GoHTTP through 2017-07-25 has a sendHeader use-after-free.
National Vulnerability Database
CVE-2019-12158 (gohttp)

2019-05-17 19:29:00
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
National Vulnerability Database
CVE-2019-12159 (gohttp)

2019-05-17 19:29:00
GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.
National Vulnerability Database
CVE-2018-16156 (paperstream_ip_(twain))

2019-05-17 18:29:00
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe.
National Vulnerability Database
CVE-2019-7353 (gitlab)

2019-05-17 17:29:00
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4.
National Vulnerability Database
CVE-2019-11887 (simplybook)

2019-05-17 17:29:00
SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution.
National Vulnerability Database
CVE-2019-12086 (debian_linux, jackson-databind)

2019-05-17 17:29:00
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint,
National Vulnerability Database
CVE-2019-11057 (vtiger_crm)

2019-05-17 17:29:00
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
National Vulnerability Database
CVE-2019-6797 (gitlab)

2019-05-17 16:29:06
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.
National Vulnerability Database
CVE-2019-5953 (wget)

2019-05-17 16:29:05
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
National Vulnerability Database
CVE-2019-5957 (electronic_reception_and_examination_of_application_for_radio_licenses)

2019-05-17 16:29:05
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
National Vulnerability Database
CVE-2019-6787 (gitlab)

2019-05-17 16:29:05
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
National Vulnerability Database
CVE-2019-5958 (electronic_reception_and_examination_of_application_for_radio_licenses)

2019-05-17 16:29:05
Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
National Vulnerability Database
CVE-2019-5944 (garoon)

2019-05-17 16:29:05
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
National Vulnerability Database
CVE-2019-5946 (garoon)

2019-05-17 16:29:05
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
National Vulnerability Database
CVE-2019-6781 (gitlab)

2019-05-17 16:29:05
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
National Vulnerability Database
CVE-2019-5955 (create_sd)

2019-05-17 16:29:05
CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.
National Vulnerability Database
CVE-2019-5945 (garoon)

2019-05-17 16:29:05
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
National Vulnerability Database
CVE-2019-6790 (gitlab)

2019-05-17 16:29:05
An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
National Vulnerability Database
CVE-2019-5954 (jr_east_japan)

2019-05-17 16:29:05
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.
National Vulnerability Database
CVE-2019-5947 (garoon)

2019-05-17 16:29:05
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
National Vulnerability Database
CVE-2019-5943 (garoon)

2019-05-17 16:29:04
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
National Vulnerability Database
CVE-2019-5938 (garoon)

2019-05-17 16:29:04
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
National Vulnerability Database
CVE-2019-5941 (garoon)

2019-05-17 16:29:04
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
National Vulnerability Database
CVE-2019-5942 (garoon)

2019-05-17 16:29:04
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
National Vulnerability Database
CVE-2019-5935 (garoon)

2019-05-17 16:29:04
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
National Vulnerability Database
CVE-2019-5937 (garoon)

2019-05-17 16:29:04
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
National Vulnerability Database
CVE-2019-5940 (garoon)

2019-05-17 16:29:04
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
National Vulnerability Database
CVE-2019-5936 (garoon)

2019-05-17 16:29:04
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
National Vulnerability Database
CVE-2019-5934 (garoon)

2019-05-17 16:29:04
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
National Vulnerability Database
CVE-2019-5939 (garoon)

2019-05-17 16:29:04
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
National Vulnerability Database
CVE-2019-5933 (garoon)

2019-05-17 16:29:04
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
National Vulnerability Database
CVE-2019-11094 (nuc_kit_firmware)

2019-05-17 16:29:03
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
National Vulnerability Database
CVE-2019-11085 (i915_firmware)

2019-05-17 16:29:03
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2019-5929 (garoon)

2019-05-17 16:29:03
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
National Vulnerability Database
CVE-2019-11114 (driver_&_support_assistant)

2019-05-17 16:29:03
Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access.
National Vulnerability Database
CVE-2019-10139 (cockpit-ovirt)

2019-05-17 16:29:03
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text.
National Vulnerability Database
CVE-2019-5930 (garoon)

2019-05-17 16:29:03
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
National Vulnerability Database
CVE-2019-11095 (driver_&_support_assistant)

2019-05-17 16:29:03
Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access.
National Vulnerability Database
CVE-2019-5932 (garoon)

2019-05-17 16:29:03
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
National Vulnerability Database
CVE-2019-11093 (scs_discovery_utility)

2019-05-17 16:29:03
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2019-5883 (gitlab)

2019-05-17 16:29:03
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
National Vulnerability Database
CVE-2019-5931 (garoon)

2019-05-17 16:29:03
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
National Vulnerability Database
CVE-2019-4279 (websphere_application_server)

2019-05-17 16:29:03
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
National Vulnerability Database
CVE-2019-4119 (cloud_private)

2019-05-17 16:29:03
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
National Vulnerability Database
CVE-2019-5928 (garoon)

2019-05-17 16:29:03
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
National Vulnerability Database
CVE-2019-0171 (quartus_ii, quartus_prime)

2019-05-17 16:29:02
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2019-0170 (converged_security_management_engine_firmware)

2019-05-17 16:29:02
Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2019-0138 (acu_wizard)

2019-05-17 16:29:02
Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2019-0153 (converged_security_management_engine_firmware)

2019-05-17 16:29:02
Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
National Vulnerability Database
CVE-2019-0172 (unite)

2019-05-17 16:29:02
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
National Vulnerability Database
CVE-2019-0097 (active_management_technology_firmware)

2019-05-17 16:29:01
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.
National Vulnerability Database
CVE-2019-0115 (graphics_driver)

2019-05-17 16:29:01
Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local
National Vulnerability Database
CVE-2019-0120 (atom_230_firmware, atom_330_firmware, atom_x5-e3930_firmware, atom_x5-e3940_firmware, atom_x7-e3950_firmware, celeron_j3060_firmware, celeron_j3160_firmware, celeron_j3355_firmware, cel

2019-05-17 16:29:01
Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series,
National Vulnerability Database
CVE-2019-0114 (graphics_driver)

2019-05-17 16:29:01
A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.
National Vulnerability Database
CVE-2019-0092 (active_management_technology)

2019-05-17 16:29:01
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
National Vulnerability Database
CVE-2019-0099 (server_platform_services_firmware)

2019-05-17 16:29:01
Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
National Vulnerability Database
CVE-2019-0126 (xeon_bronze_processors_firmware, xeon_d-1602_firmware, xeon_d-1622_firmware, xeon_d-1623n_firmware, xeon_d-1627_firmware, xeon_d-1633n_firmware, xeon_d-1637_firmware, xeon_d-1649n_firmw

2019-05-17 16:29:01
Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor,
National Vulnerability Database
CVE-2019-0098 (converged_security_management_engine_firmware, trusted_execution_engine_firmware)

2019-05-17 16:29:01
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
National Vulnerability Database
CVE-2019-0094 (active_management_technology)

2019-05-17 16:29:01
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.
National Vulnerability Database
CVE-2019-0113 (graphics_driver)

2019-05-17 16:29:01
Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.
National Vulnerability Database
CVE-2019-0132 (unite)

2019-05-17 16:29:01
Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.
National Vulnerability Database
CVE-2019-0116 (graphics_driver)

2019-05-17 16:29:01
An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access.
National Vulnerability Database
CVE-2019-0096 (active_management_technology)

2019-05-17 16:29:01
Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
National Vulnerability Database
CVE-2018-3701 (proset/wireless_wifi)

2019-05-17 16:29:00
Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
National Vulnerability Database
CVE-2018-20500 (gitlab)

2019-05-17 16:29:00
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
National Vulnerability Database
CVE-2018-17180 (openemr)

2019-05-17 16:29:00
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
National Vulnerability Database
CVE-2018-19585 (gitlab)

2019-05-17 16:29:00
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
National Vulnerability Database
CVE-2018-17181 (openemr)

2019-05-17 16:29:00
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
National Vulnerability Database
CVE-2019-0086 (converged_security_management_engine_firmware, trusted_execution_engine_firmware)

2019-05-17 16:29:00
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65,
National Vulnerability Database
CVE-2018-17179 (openemr)

2019-05-17 16:29:00
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
National Vulnerability Database
CVE-2019-8929 (manageengine_netflow_analyzer)

2019-05-17 15:29:00
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
National Vulnerability Database
CVE-2019-8937 (hoteldruid)

2019-05-17 15:29:00
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
National Vulnerability Database
CVE-2019-8927 (manageengine_netflow_analyzer)

2019-05-17 15:29:00
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag,
National Vulnerability Database
CVE-2019-8928 (manageengine_netflow_analyzer)

2019-05-17 15:29:00
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
National Vulnerability Database
CVE-2019-8926 (manageengine_netflow_analyzer)

2019-05-17 14:29:00
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
National Vulnerability Database
CVE-2018-7191 (linux_kernel)

2019-05-17 05:29:00
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice.
National Vulnerability Database
CVE-2018-20839 (systemd)

2019-05-17 04:29:00
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2.
National Vulnerability Database
CVE-2019-8925 (manageengine_netflow_analyzer)

2019-05-17 02:29:00
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath),
National Vulnerability Database
CVE-2019-8924 (xampp)

2019-05-17 02:29:00
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
National Vulnerability Database
CVE-2019-10910 (symfony)

2019-05-16 22:29:00
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution.
National Vulnerability Database
CVE-2019-10912 (symfony)

2019-05-16 22:29:00
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization,
National Vulnerability Database
CVE-2019-10911 (symfony)

2019-05-16 22:29:00
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7,
National Vulnerability Database
CVE-2019-10909 (drupal, symfony)

2019-05-16 22:29:00
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
National Vulnerability Database
CVE-2019-10913 (symfony)

2019-05-16 22:29:00
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated,
National Vulnerability Database
CVE-2019-1008 (dynamics_365, dynamics_crm_2015)

2019-05-16 19:29:05
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.
National Vulnerability Database
CVE-2019-1000 (azure_active_directory_connect)

2019-05-16 19:29:05
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account,
National Vulnerability Database
CVE-2019-0995 (internet_explorer)

2019-05-16 19:29:05
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.
National Vulnerability Database
CVE-2019-3839 (debian_linux, ghostscript)

2019-05-16 19:29:05
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example,
National Vulnerability Database
CVE-2019-0981 (.net_core, .net_framework)

2019-05-16 19:29:05
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
National Vulnerability Database
CVE-2019-0982 (asp.net_core)

2019-05-16 19:29:05
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
National Vulnerability Database
CVE-2019-0971 (azure_devops_server_2019, team_foundation_server)

2019-05-16 19:29:04
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server,
National Vulnerability Database
CVE-2019-0958 (sharepoint_foundation, sharepoint_server)

2019-05-16 19:29:04
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0957 (sharepoint_enterprise_server, sharepoint_server)

2019-05-16 19:29:04
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0979 (azure_devops_server_2019, team_foundation_server)

2019-05-16 19:29:04
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'.
National Vulnerability Database
CVE-2019-0953 (office, office_365_proplus, office_online_server, word)

2019-05-16 19:29:04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0952 (sharepoint_enterprise_server, sharepoint_foundation)

2019-05-16 19:29:04
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0947 (office)

2019-05-16 19:29:04
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0961 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:04
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882.
National Vulnerability Database
CVE-2019-0976 (nuget)

2019-05-16 19:29:04
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default ),
National Vulnerability Database
CVE-2019-0963 (sharepoint_foundation)

2019-05-16 19:29:04
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
National Vulnerability Database
CVE-2019-0951 (sharepoint_foundation)

2019-05-16 19:29:04
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
National Vulnerability Database
CVE-2019-0950 (sharepoint_foundation, sharepoint_server)

2019-05-16 19:29:04
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
National Vulnerability Database
CVE-2019-0956 (sharepoint_enterprise_server, sharepoint_foundation)

2019-05-16 19:29:04
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server,
National Vulnerability Database
CVE-2019-0980 (.net_core, .net_framework)

2019-05-16 19:29:04
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
National Vulnerability Database
CVE-2019-0946 (office, office_365_proplus)

2019-05-16 19:29:04
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0949 (sharepoint_foundation, sharepoint_server)

2019-05-16 19:29:04
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
National Vulnerability Database
CVE-2019-0937 (chakracore, edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0938 (edge)

2019-05-16 19:29:03
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0924 (chakracore, edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0940 (edge, internet_explorer)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
National Vulnerability Database
CVE-2019-0929 (internet_explorer)

2019-05-16 19:29:03
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
National Vulnerability Database
CVE-2019-0931 (windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:03
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0925 (chakracore, edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0933 (chakracore, edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0923 (edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0930 (internet_explorer)

2019-05-16 19:29:03
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-0942 (windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:03
An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka 'Unified Write Filter Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0926 (edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.
National Vulnerability Database
CVE-2019-0927 (chakracore, edge)

2019-05-16 19:29:03
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0932 (skype)

2019-05-16 19:29:03
An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-0936 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:03
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734.
National Vulnerability Database
CVE-2019-0945 (office, office_365)

2019-05-16 19:29:03
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0903 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0899 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:02
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0922 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0921 (internet_explorer)

2019-05-16 19:29:02
An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.
National Vulnerability Database
CVE-2019-0914 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0900 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:02
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0913 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0902 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:02
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0916 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0918 (internet_explorer)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0911.
National Vulnerability Database
CVE-2019-0911 (chakracore, edge, internet_explorer)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918.
National Vulnerability Database
CVE-2019-0912 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913,
National Vulnerability Database
CVE-2019-0901 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:02
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0917 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0915 (chakracore, edge)

2019-05-16 19:29:02
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912,
National Vulnerability Database
CVE-2019-0892 (windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0893 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0890 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891,
National Vulnerability Database
CVE-2019-0894 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0896 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0884 (edge, internet_explorer)

2019-05-16 19:29:01
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918.
National Vulnerability Database
CVE-2019-0891 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0885 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0897 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0872 (azure_devops_server_2019, team_foundation_server)

2019-05-16 19:29:01
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'.
National Vulnerability Database
CVE-2019-0889 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891,
National Vulnerability Database
CVE-2019-0881 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0895 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0898 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890,
National Vulnerability Database
CVE-2019-0886 (windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system,
National Vulnerability Database
CVE-2019-0882 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:01
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961.
National Vulnerability Database
CVE-2019-0708 (windows_7, windows_server_2008)

2019-05-16 19:29:00
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests,
National Vulnerability Database
CVE-2019-0707 (windows_10, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario,
National Vulnerability Database
CVE-2019-0863 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0733 (windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.
National Vulnerability Database
CVE-2019-0819 (sql_server)

2019-05-16 19:29:00
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2018-20007 (smart_ai_speaker_firmware)

2019-05-16 19:29:00
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data,
National Vulnerability Database
CVE-2019-0734 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos,
National Vulnerability Database
CVE-2019-0820 (.net_core, .net_framework)

2019-05-16 19:29:00
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
National Vulnerability Database
CVE-2019-0758 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961.
National Vulnerability Database
CVE-2019-0864 (.net_framework)

2019-05-16 19:29:00
A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.
National Vulnerability Database
CVE-2019-0727 (visual_studio, visual_studio_2017, visual_studio_2019, windows_10, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability,
National Vulnerability Database
CVE-2019-0725 (windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-05-16 19:29:00
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-1780 (fxos, nx-os)

2019-05-16 17:29:01
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated,
National Vulnerability Database
CVE-2019-8338 (gpg-pgp)

2019-05-16 17:29:01
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all,
National Vulnerability Database
CVE-2018-12556 (website)

2019-05-16 17:29:00
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user,
National Vulnerability Database
CVE-2019-10112 (gitlab)

2019-05-16 16:29:02
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
National Vulnerability Database
CVE-2019-12139 (ezplatform-admin-ui, ezplatform-page-builder)

2019-05-16 15:29:02
An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4.
National Vulnerability Database
CVE-2019-10117 (gitlab)

2019-05-16 15:29:01
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
National Vulnerability Database
CVE-2019-11033 (applaud_hcm)

2019-05-16 15:29:01
Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring.
National Vulnerability Database
CVE-2019-10116 (gitlab)

2019-05-16 15:29:01
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
National Vulnerability Database
CVE-2019-10115 (gitlab)

2019-05-16 15:29:00
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
National Vulnerability Database
CVE-2019-10114 (gitlab)

2019-05-16 15:29:00
An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process,
National Vulnerability Database
CVE-2018-17048 (fdcms)

2019-05-16 15:29:00
admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.
National Vulnerability Database
CVE-2019-10113 (gitlab)

2019-05-16 15:29:00
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
National Vulnerability Database
CVE-2018-1975 (rational_doors_web_access)

2019-05-16 15:29:00
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting.
National Vulnerability Database
CVE-2019-12138 (macdown)

2019-05-16 14:29:00
MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
National Vulnerability Database
CVE-2019-12137 (typora)

2019-05-16 14:29:00
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
National Vulnerability Database
CVE-2019-12136 (boostnote)

2019-05-16 03:29:00
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.
National Vulnerability Database
CVE-2019-1858 (fx-os, nx-os)

2019-05-16 02:29:00
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory,
National Vulnerability Database
CVE-2019-1849 (ios_xr)

2019-05-16 02:29:00
A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1833 (firepower_management_center)

2019-05-16 02:29:00
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies.
National Vulnerability Database
CVE-2019-1846 (ios_xr)

2019-05-16 02:29:00
A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1853 (anyconnect_secure_mobility_client)

2019-05-16 02:29:00
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system.
National Vulnerability Database
CVE-2019-1860 (unified_intelligence_center)

2019-05-16 02:29:00
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1768 (nx-os)

2019-05-16 02:29:00
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection.
National Vulnerability Database
CVE-2019-1832 (firepower_management_center)

2019-05-16 02:29:00
A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies.
National Vulnerability Database
CVE-2019-1851 (identity_services_engine)

2019-05-16 02:29:00
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated,
National Vulnerability Database
CVE-2019-1821 (evolved_programmable_network_manager, network_level_service, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated,
National Vulnerability Database
CVE-2019-1822 (evolved_programmable_network_manager, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated,
National Vulnerability Database
CVE-2019-1820 (evolved_programmable_network_manager, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated,
National Vulnerability Database
CVE-2019-1818 (evolved_programmable_network_manager, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated,
National Vulnerability Database
CVE-2019-1823 (evolved_programmable_network_manager, network_level_service, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated,
National Vulnerability Database
CVE-2019-1824 (evolved_programmable_network_manager, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.
National Vulnerability Database
CVE-2019-1825 (evolved_programmable_network_manager, network_level_service, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.
National Vulnerability Database
CVE-2019-1819 (evolved_programmable_network_manager, prime_infrastructure)

2019-05-16 01:29:00
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated,
National Vulnerability Database
CVE-2019-1814 (sx300_firmware)

2019-05-16 00:29:00
A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory,
National Vulnerability Database
CVE-2019-1808 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.
National Vulnerability Database
CVE-2019-1812 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.
National Vulnerability Database
CVE-2019-1811 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.
National Vulnerability Database
CVE-2019-1810 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated,
National Vulnerability Database
CVE-2019-1813 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.
National Vulnerability Database
CVE-2019-1809 (nx-os)

2019-05-15 23:29:01
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.
National Vulnerability Database
CVE-2019-12109 (miniupnpd)

2019-05-15 23:29:00
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
National Vulnerability Database
CVE-2019-12110 (miniupnpd)

2019-05-15 23:29:00
An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.
National Vulnerability Database
CVE-2019-12111 (miniupnpd)

2019-05-15 23:29:00
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
National Vulnerability Database
CVE-2019-12098 (heimdal)

2019-05-15 23:29:00
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
National Vulnerability Database
CVE-2019-12108 (miniupnpd)

2019-05-15 23:29:00
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
National Vulnerability Database
CVE-2019-12106 (miniupnpd)

2019-05-15 23:29:00
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
National Vulnerability Database
CVE-2019-12107 (miniupnpd)

2019-05-15 23:29:00
The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.
National Vulnerability Database
CVE-2019-1806 (esw2_series_firmware, sx200_series_firmware, sx250_series_firmware, sx300_series_firmware, sx350_series_firmware, sx500_series_firmware, sx550_series_firmware)

2019-05-15 22:29:00
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350,
National Vulnerability Database
CVE-2019-1791 (nx-os)

2019-05-15 21:29:03
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1795 (fx-os, nx-os)

2019-05-15 21:29:03
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.
National Vulnerability Database
CVE-2019-1784 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.
National Vulnerability Database
CVE-2019-1782 (fx-os, nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1776 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root.
National Vulnerability Database
CVE-2019-1781 (fx-os, nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1775 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1783 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.
National Vulnerability Database
CVE-2019-9196 (knomi)

2019-05-15 20:29:01
The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field.
National Vulnerability Database
CVE-2019-1779 (fx-os, nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges.
National Vulnerability Database
CVE-2019-1778 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.
National Vulnerability Database
CVE-2019-1790 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1774 (nx-os)

2019-05-15 20:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-1769 (nx-os)

2019-05-15 20:29:00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated,
National Vulnerability Database
CVE-2019-1772 (webex_business_suite, webex_business_suite_lockdown, webex_meetings_online, webex_meetings_server)

2019-05-15 20:29:00
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
National Vulnerability Database
CVE-2019-1773 (webex_business_suite, webex_business_suite_lockdown, webex_meetings_online, webex_meetings_server)

2019-05-15 20:29:00
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
National Vulnerability Database
CVE-2019-10108 (gitlab)

2019-05-15 20:29:00
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
National Vulnerability Database
CVE-2019-1770 (ns-ox)

2019-05-15 20:29:00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.
National Vulnerability Database
CVE-2019-10110 (gitlab)

2019-05-15 20:29:00
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue"
National Vulnerability Database
CVE-2019-10111 (gitlab)

2019-05-15 20:29:00
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
National Vulnerability Database
CVE-2019-1771 (webex_business_suite, webex_business_suite_lockdown, webex_meetings_online, webex_meetings_server)

2019-05-15 20:29:00
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
National Vulnerability Database
CVE-2019-10109 (gitlab)

2019-05-15 20:29:00
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
National Vulnerability Database
CVE-2019-1767 (nx-os)

2019-05-15 19:29:00
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection.
National Vulnerability Database
CVE-2019-1735 (nx-os)

2019-05-15 19:29:00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device.
National Vulnerability Database
CVE-2019-10640 (gitlab)

2019-05-15 19:29:00
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
National Vulnerability Database
CVE-2019-1010258 (nanosvg)

2019-05-15 18:29:00
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is:
National Vulnerability Database
CVE-2019-11224 (amx_mvp5150_firmware)

2019-05-15 18:29:00
HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.
National Vulnerability Database
CVE-2019-1729 (nx-os)

2019-05-15 17:29:01
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files.
National Vulnerability Database
CVE-2019-1726 (nx-os)

2019-05-15 17:29:01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API.
National Vulnerability Database
CVE-2019-1727 (nx-os)

2019-05-15 17:29:01
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level.
National Vulnerability Database
CVE-2019-1730 (nx-os)

2019-05-15 17:29:01
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated,
National Vulnerability Database
CVE-2019-1731 (nx-os)

2019-05-15 17:29:01
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device.
National Vulnerability Database
CVE-2019-1717 (video_surveillance_manager)

2019-05-15 17:29:01
A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information.
National Vulnerability Database
CVE-2019-1732 (nx-os, nx_os)

2019-05-15 17:29:01
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check,
National Vulnerability Database
CVE-2019-1733 (nx-os)

2019-05-15 17:29:01
A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated,
National Vulnerability Database
CVE-2019-1728 (nx-os)

2019-05-15 17:29:01
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root.
National Vulnerability Database
CVE-2013-7285 (xstream)

2019-05-15 17:29:00
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized,
National Vulnerability Database
CVE-2019-8936 (clustered_data_ontap, data_ontap_operating_in_7-mode, fedora, freebsd, leap, ntp)

2019-05-15 16:29:01
NTP through 4.2.8p12 has a NULL Pointer Dereference.
National Vulnerability Database
CVE-2019-5598 (freebsd)

2019-05-15 16:29:01
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4,
National Vulnerability Database
CVE-2019-3727 (emc_recoverpoint, recoverpoint_for_virtual_machines)

2019-05-15 16:29:00
Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI.
National Vulnerability Database
CVE-2019-5597 (freebsd)

2019-05-15 16:29:00
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4,
National Vulnerability Database
CVE-2019-3602 (network_security_manager)

2019-05-15 16:29:00
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML
National Vulnerability Database
CVE-2019-5526 (workstation)

2019-05-15 16:29:00
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application.
National Vulnerability Database
CVE-2019-3724 (netwitness_platform, security_analytics)

2019-05-15 16:29:00
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to an Authorization Bypass vulnerability.
National Vulnerability Database
CVE-2019-3586 (endpoint_security)

2019-05-15 16:29:00
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Fi
National Vulnerability Database
CVE-2016-7043 (kie-server)

2019-05-15 16:29:00
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties,
National Vulnerability Database
CVE-2019-3725 (netwitness, security_analytics)

2019-05-15 16:29:00
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product.
National Vulnerability Database
CVE-2014-9918 (bilboplanet)

2019-05-15 14:29:00
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
National Vulnerability Database
CVE-2016-7151 (capstone)

2019-05-15 14:29:00
Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.
National Vulnerability Database
CVE-2014-9919 (bilboplanet)

2019-05-15 14:29:00
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
National Vulnerability Database
CVE-2016-10719 (archer_cr700_firmware)

2019-05-15 14:29:00
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information,
National Vulnerability Database
CVE-2014-9917 (bilboplanet)

2019-05-15 14:29:00
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
National Vulnerability Database
CVE-2019-11833 (linux_kernel)

2019-05-15 13:29:00
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
National Vulnerability Database
Troj/PDFUri-HIC

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HIB

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HHZ

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/PSDL-CR

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-PH

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/Sosinf-A

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-UZ

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-PI

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HIA

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/Qbot-ES

2019-05-15 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FKD

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FKE

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/Nanoco-LN

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HHW

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-UY

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-LM

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NGM

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FKF

2019-05-14 00:00:00

Sophos latest virus and spyware detection
W32/Cekar-G

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-AX

2019-05-14 00:00:00

Sophos latest virus and spyware detection
Troj/Remcos-II

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/BokBot-S

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-PA

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Java/Adwind-FEI

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Java/Adwind-FEF

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Java/Adwind-FEG

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HPJ

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QX

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/PShlBat-Z

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KFR

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Java/Adwind-FEH

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KFQ

2019-05-12 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FKA

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Wonton-AFF

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBJI

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/DocPh-FJ

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FJZ

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HPI

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FCH

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Godrop-H

2019-05-11 00:00:00

Sophos latest virus and spyware detection
JS/Dwnldr-YAZ

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QW

2019-05-11 00:00:00

Sophos latest virus and spyware detection
Troj/TrickBo-QR

2019-05-06 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBJK

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QQ

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/DownLnk-AB

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FJQ

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/OSMod-G

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Godrop-E

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-OG

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HNG

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BEL

2019-05-05 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HHI

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/VBInjec-PR

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Hijack-K

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBJJ

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/HTA-D

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/DocPh-FG

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Linux/Cr1ptT-A

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FAW

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TKW

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KFL

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Nanoco-JU

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EAV

2019-05-04 00:00:00

Sophos latest virus and spyware detection
Troj/Decept-OR

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HMO

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TJS

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-AN

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Nanoco-JN

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-OD

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HMK

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HMG

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TJT

2019-05-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HMM

2019-05-02 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXK

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-TE

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/VBInjec-PM

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/Vools-O

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QM

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HLO

2019-04-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXN

2019-04-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXE

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-QN

2019-04-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXF

2019-04-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXJ

2019-04-29 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-JE

2019-04-28 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-AXB

2019-04-28 00:00:00

Sophos latest virus and spyware detection
Troj/Nymaim-JD

2019-04-28 00:00:00

Sophos latest virus and spyware detection
Troj/Bot-J

2019-04-28 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HGO

2019-04-28 00:00:00

Sophos latest virus and spyware detection
Troj/BatDl-BX

2019-04-28 00:00:00

Sophos latest virus and spyware detection
VBS/Agent-BBHT

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/Emogen-GH

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TEA

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/Formboo-MI

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TIB

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-TIA

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-THZ

2019-04-27 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HGE

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBET

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBES

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-NP

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-NQ

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-SF

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FJB

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MFW

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBER

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-EZQ

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-SH

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Delf-HCD

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBGY

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/RTF-BY

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MFX

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Tlaboc-E

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-SG

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-SI

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-NE

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MFV

2019-04-23 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NFP

2019-04-22 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-AJ

2019-04-22 00:00:00

Sophos latest virus and spyware detection
JS/Dwnldr-XTZ

2019-04-22 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-SA

2019-04-22 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BDV

2019-04-22 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NFQ

2019-04-22 00:00:00

Sophos latest virus and spyware detection