CVE-2018-16164 — Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: January 09, 2019; 06:29:03 PM -05:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2017-1002152 — Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.
Published: January 10, 2019; 04:29:00 PM -05:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2019-6249 — An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
Published: January 13, 2019; 10:29:00 AM -05:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2019-6294 — An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
Published: January 15, 2019; 09:29:00 AM -05:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-18928 — International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
Published: November 04, 2018; 03:29:00 PM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2018-5412 — Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
Published: January 10, 2019; 05:29:00 PM -05:00

V3: 7.8 HIGH
V2: 7.2 HIGH

CVE-2018-0641 — Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.
Published: January 09, 2019; 06:29:01 PM -05:00

V3: 7.2 HIGH
V2: 6.5 MEDIUM

CVE-2018-0640 — Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.
Published: January 09, 2019; 06:29:01 PM -05:00

V3: 7.2 HIGH
V2: 6.5 MEDIUM

CVE-2018-20612 — UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
Published: December 30, 2018; 04:29:00 PM -05:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2019-5312 — An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
Published: January 04, 2019; 11:29:00 AM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2018-20318 — An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
Published: December 20, 2018; 07:29:00 PM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2019-5882 — Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
Published: January 09, 2019; 06:29:05 PM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2016-10403 — Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Published: January 09, 2019; 02:29:00 PM -05:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-4047 — An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4045 — An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4044 — An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4042 — An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4041 — An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4037 — The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM

CVE-2018-4036 — The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system.
Published: January 10, 2019; 10:29:00 AM -05:00

V3: 5.5 MEDIUM
V2: 6.6 MEDIUM