US-CERT - Vulnerability Summary for the Week of September 9, 2019
Original release date: September 16, 2019
Back to top
Back to top
Back to top
Back to top
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-259
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- photo_gallery | SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | 2019-09-08 | 7.5 | CVE-2019-16119 MISC MISC MISC MISC |
adobe -- flash_player | Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | 2019-09-12 | 10.0 | CVE-2019-8069 CONFIRM |
adobe -- flash_player | Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | 2019-09-12 | 10.0 | CVE-2019-8070 CONFIRM |
advantech -- webaccess | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | 2019-09-10 | 7.5 | CVE-2019-3975 MISC |
apache -- ofbiz | The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 | 2019-09-11 | 7.5 | CVE-2018-17200 MLIST |
apache -- ofbiz | The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 | 2019-09-11 | 7.5 | CVE-2019-0189 MLIST MLIST MLIST |
apache -- ofbiz | An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533 | 2019-09-11 | 7.5 | CVE-2019-10074 MLIST MLIST |
artifex -- ghostscript | A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | 2019-09-06 | 7.5 | CVE-2019-14813 CONFIRM REDHAT CONFIRM MLIST BUGTRAQ DEBIAN |
atutor -- atutor | In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php. | 2019-09-09 | 7.5 | CVE-2019-16114 MISC MISC |
blake2 -- blake2 | An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. | 2019-09-09 | 7.5 | CVE-2019-16143 MISC |
broadcom -- ca_client_automation | An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | 2019-09-06 | 7.5 | CVE-2019-13656 MISC FULLDISC MISC BUGTRAQ |
compact_arena_project -- compact_arena | An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. | 2019-09-09 | 9.0 | CVE-2019-16139 MISC MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON document to be stored with more than 3000 '\t' characters can crash the indexing system. | 2019-09-10 | 7.8 | CVE-2019-11467 MISC |
couchbase -- couchbase_server | Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system. | 2019-09-10 | 7.5 | CVE-2019-11495 MISC |
dlink -- dir-806_firmware | D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: https://ift.tt/2ZH5lUH" at the beginning. | 2019-09-06 | 10.0 | CVE-2019-10891 MISC |
dlink -- dir-806_firmware | hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: https://ift.tt/2ZH5lUH" at the beginning. | 2019-09-06 | 10.0 | CVE-2019-10892 MISC |
dlink -- dir-868l_firmware | SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | 2019-09-09 | 7.5 | CVE-2019-16190 MISC |
doccms -- doccms | upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. | 2019-09-09 | 7.5 | CVE-2019-16192 MISC |
facebook -- hhvm | Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | 2019-09-06 | 7.5 | CVE-2019-11925 CONFIRM CONFIRM CONFIRM |
facebook -- hhvm | Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | 2019-09-06 | 7.5 | CVE-2019-11926 CONFIRM CONFIRM CONFIRM |
generator-rs_project -- generator-rs | An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | 2019-09-09 | 7.8 | CVE-2019-16144 MISC MISC |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. | 2019-09-09 | 7.5 | CVE-2019-6960 CONFIRM CONFIRM |
gitlabhook_project -- gitlabhook | NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. | 2019-09-13 | 10.0 | CVE-2019-5485 MISC |
google -- android | NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address | 2019-09-06 | 7.2 | CVE-2018-6240 CONFIRM MISC |
google -- android | In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 7.5 | CVE-2019-9275 MISC |
google -- android | In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | 2019-09-06 | 7.2 | CVE-2019-9345 MISC |
google -- android | In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 7.8 | CVE-2019-9461 MISC |
gravitatedesign -- gravitate_qa_tracker | The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | 2019-09-10 | 7.5 | CVE-2017-18605 MISC MISC |
image-rs -- image | An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. | 2019-09-09 | 7.5 | CVE-2019-16138 MISC MISC |
isahc_project -- isahc | An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | 2019-09-09 | 7.5 | CVE-2019-16140 MISC |
jenkins -- script_security | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-09-12 | 7.5 | CVE-2019-10399 MLIST MISC |
jenkins -- script_security | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-09-12 | 7.5 | CVE-2019-10400 MLIST MISC |
jobberbase -- jobberbase | In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | 2019-09-08 | 7.5 | CVE-2019-16125 MISC MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. | 2019-09-09 | 7.5 | CVE-2019-10665 MISC |
libreoffice -- libreoffice | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | 2019-09-06 | 7.5 | CVE-2019-9854 FEDORA BUGTRAQ DEBIAN CONFIRM |
libreoffice -- libreoffice | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | 2019-09-06 | 7.5 | CVE-2019-9855 CONFIRM |
lifterlms -- lifterlms | An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS. | 2019-09-10 | 7.5 | CVE-2019-15896 MISC MISC MISC |
limesurvey -- limesurvey | A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. | 2019-09-09 | 7.5 | CVE-2019-16184 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. | 2019-09-06 | 7.5 | CVE-2019-16089 MISC |
linux -- linux_kernel | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16229 MISC |
linux -- linux_kernel | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16230 MISC |
linux -- linux_kernel | drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16231 MISC |
linux -- linux_kernel | drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16232 MISC |
linux -- linux_kernel | drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16233 MISC |
linux -- linux_kernel | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | 2019-09-11 | 7.8 | CVE-2019-16234 MISC |
microfocus -- data_protector | Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | 2019-09-13 | 7.2 | CVE-2019-11660 CONFIRM |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | 2019-09-11 | 7.6 | CVE-2019-1138 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | 2019-09-11 | 7.6 | CVE-2019-1217 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. | 2019-09-11 | 7.6 | CVE-2019-1237 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. | 2019-09-11 | 7.6 | CVE-2019-1298 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. | 2019-09-11 | 7.6 | CVE-2019-1300 MISC |
microsoft -- excel | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 2019-09-11 | 9.3 | CVE-2019-1297 MISC |
microsoft -- exchange_server | A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | 2019-09-11 | 7.8 | CVE-2019-1233 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. | 2019-09-11 | 7.6 | CVE-2019-1208 MISC MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 2019-09-11 | 7.6 | CVE-2019-1221 MISC |
microsoft -- office | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1246 MISC |
microsoft -- team_foundation_server | A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. | 2019-09-11 | 7.5 | CVE-2019-1306 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291. | 2019-09-11 | 9.3 | CVE-2019-0787 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291. | 2019-09-11 | 9.3 | CVE-2019-0788 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1214 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | 2019-09-11 | 7.2 | CVE-2019-1215 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1235 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. | 2019-09-11 | 7.6 | CVE-2019-1236 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1240 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1241 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1242 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1243 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1247 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1248 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. | 2019-09-11 | 9.3 | CVE-2019-1249 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. | 2019-09-11 | 9.3 | CVE-2019-1250 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | 2019-09-11 | 7.2 | CVE-2019-1253 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | 2019-09-11 | 7.2 | CVE-2019-1256 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1267 MISC |
microsoft -- windows_10 | An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1268 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272. | 2019-09-11 | 7.2 | CVE-2019-1269 MISC |
microsoft -- windows_10 | An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1271 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269. | 2019-09-11 | 7.2 | CVE-2019-1272 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 2019-09-11 | 9.3 | CVE-2019-1280 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. | 2019-09-11 | 7.2 | CVE-2019-1285 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. | 2019-09-11 | 9.3 | CVE-2019-1290 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. | 2019-09-11 | 9.3 | CVE-2019-1291 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278. | 2019-09-11 | 7.2 | CVE-2019-1303 MISC |
microsoft -- windows_7 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 2019-09-11 | 7.2 | CVE-2019-1284 MISC |
msi -- afterburner | The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2019-09-11 | 7.2 | CVE-2019-16098 MISC |
opencv -- opencv | OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. | 2019-09-11 | 7.5 | CVE-2019-16249 MISC |
php -- ext-http | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. | 2019-09-06 | 7.5 | CVE-2016-7398 MISC MISC MISC |
podlove -- podlove_podcast_publisher | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | 2019-09-13 | 7.5 | CVE-2016-10942 MISC MISC MISC |
py-lmdb_project -- py-lmdb | An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. | 2019-09-11 | 7.5 | CVE-2019-16224 MISC |
py-lmdb_project -- py-lmdb | An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. | 2019-09-11 | 7.5 | CVE-2019-16225 MISC |
py-lmdb_project -- py-lmdb | An issue was discovered in py_lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. | 2019-09-11 | 7.5 | CVE-2019-16227 MISC |
renderdocs-rs_project -- renderdocs-rs | An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. | 2019-09-09 | 7.5 | CVE-2019-16142 MISC MISC |
sahipro -- sahi_pro | An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. | 2019-09-06 | 7.5 | CVE-2019-15102 MISC |
sap -- hana | The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | 2019-09-10 | 7.2 | CVE-2019-0357 MISC CONFIRM |
sap -- sap_kernel | SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2019-09-10 | 7.8 | CVE-2019-0365 MISC CONFIRM |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | 2019-09-08 | 7.5 | CVE-2019-16102 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | 2019-09-08 | 9.0 | CVE-2019-16103 MISC |
spin-rs_project -- spin-rs | An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | 2019-09-09 | 7.8 | CVE-2019-16137 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. | 2019-09-07 | 7.5 | CVE-2019-16092 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | 2019-09-07 | 7.5 | CVE-2019-16093 MISC |
teamviewer -- teamviewer | An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. | 2019-09-11 | 7.2 | CVE-2019-11769 MISC MISC |
telestar -- bobs_rock_radio_firmware | TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. | 2019-09-11 | 10.0 | CVE-2019-13473 MISC MISC |
tripplite -- pdumh15at_firmware | Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. | 2019-09-12 | 8.5 | CVE-2019-16261 MISC |
wondercms -- wondercms | Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | 2019-09-12 | 7.5 | CVE-2019-5956 MISC |
wp-kama -- kama_click_counter | The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | 2019-09-13 | 9.3 | CVE-2017-18614 MISC MISC |
youphptube -- youphptube | In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | 2019-09-08 | 7.5 | CVE-2019-16124 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- photo_gallery | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. | 2019-09-08 | 4.3 | CVE-2019-16117 MISC MISC MISC MISC |
10web -- photo_gallery | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. | 2019-09-08 | 4.3 | CVE-2019-16118 MISC MISC MISC MISC MISC |
adobe -- application_manager | Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | 2019-09-12 | 6.8 | CVE-2019-8076 CONFIRM |
afterlogic -- aurora | Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 2019-09-12 | 4.3 | CVE-2019-16238 MISC |
airbrake -- airbrake_ruby | The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). | 2019-09-06 | 5.0 | CVE-2019-16060 MISC |
alfresco -- alfresco | An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | 2019-09-06 | 5.8 | CVE-2019-14223 MISC |
apache -- ofbiz | The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 | 2019-09-11 | 4.3 | CVE-2019-10073 MLIST |
apache -- solr | Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. | 2019-09-10 | 5.0 | CVE-2019-12401 MLIST MLIST |
apache -- traffic_control | Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password. | 2019-09-09 | 6.8 | CVE-2019-12405 MLIST |
arubanetworks -- arubaos | Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | 2019-09-13 | 4.3 | CVE-2019-5314 CONFIRM |
atlassian -- jira | The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | 2019-09-11 | 5.0 | CVE-2019-14995 N/A |
atlassian -- jira | The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 2019-09-11 | 4.3 | CVE-2019-14996 N/A |
atlassian -- jira | The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. | 2019-09-11 | 4.3 | CVE-2019-14997 N/A |
atlassian -- jira | The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | 2019-09-11 | 4.3 | CVE-2019-14998 N/A |
atlassian -- jira | The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 2019-09-11 | 5.0 | CVE-2019-8449 N/A |
atlassian -- jira | The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | 2019-09-11 | 6.4 | CVE-2019-8451 N/A |
bludit -- bludit | Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | 2019-09-08 | 6.5 | CVE-2019-16113 MISC |
bosch -- access | An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | 2019-09-12 | 4.0 | CVE-2019-11899 CONFIRM |
bower -- bower | Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | 2019-09-13 | 5.0 | CVE-2019-5484 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | 2019-09-10 | 5.5 | CVE-2019-14721 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | 2019-09-10 | 4.0 | CVE-2019-14722 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | 2019-09-10 | 4.0 | CVE-2019-14723 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | 2019-09-11 | 5.0 | CVE-2019-14724 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | 2019-09-11 | 4.0 | CVE-2019-14725 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. | 2019-09-10 | 6.5 | CVE-2019-14726 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. | 2019-09-10 | 4.0 | CVE-2019-14727 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | 2019-09-10 | 4.0 | CVE-2019-14728 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. | 2019-09-10 | 5.5 | CVE-2019-14729 MISC MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. | 2019-09-10 | 4.0 | CVE-2019-14730 MISC MISC MISC |
changehealthcare -- cardiology_firmware | A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. | 2019-09-06 | 4.6 | CVE-2018-18630 MISC MISC |
copy-me_project -- copy-me | The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | 2019-09-13 | 4.3 | CVE-2016-10938 MISC MISC MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header. | 2019-09-10 | 4.3 | CVE-2019-11464 MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. | 2019-09-10 | 5.0 | CVE-2019-11465 MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit. | 2019-09-10 | 5.0 | CVE-2019-11466 MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials. | 2019-09-10 | 6.4 | CVE-2019-11496 MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.) | 2019-09-10 | 5.0 | CVE-2019-11497 MISC |
cybozu -- garoon | Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | 2019-09-12 | 4.0 | CVE-2019-5976 MISC MISC |
cybozu -- garoon | Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. | 2019-09-12 | 4.0 | CVE-2019-5977 MISC MISC |
cybozu -- garoon | Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | 2019-09-12 | 5.8 | CVE-2019-5978 MISC MISC |
cybozu -- garoon | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2019-09-12 | 6.5 | CVE-2019-5991 MISC MISC |
dell -- rsa_identity_governance_and_lifecycle | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. | 2019-09-11 | 5.5 | CVE-2019-3759 CONFIRM |
dell -- rsa_identity_governance_and_lifecycle | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. | 2019-09-11 | 6.5 | CVE-2019-3760 CONFIRM |
deltaww -- dcisoft | Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. | 2019-09-11 | 4.6 | CVE-2019-16247 MISC |
deltaww -- tpeditor | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | 2019-09-11 | 6.8 | CVE-2019-13536 MISC |
deltaww -- tpeditor | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | 2019-09-11 | 6.8 | CVE-2019-13540 MISC |
deltaww -- tpeditor | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. | 2019-09-11 | 6.8 | CVE-2019-13544 MISC |
designmodo -- qards | The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. | 2019-09-10 | 4.3 | CVE-2017-18598 MISC |
digium -- asterisk | res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. | 2019-09-09 | 4.0 | CVE-2019-15297 CONFIRM MISC |
digium -- asterisk | main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. | 2019-09-09 | 5.0 | CVE-2019-15639 CONFIRM MISC |
easy!appointments_project -- easy!appointments | Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | 2019-09-11 | 5.0 | CVE-2019-14936 MISC |
eclipse -- omr | Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | 2019-09-12 | 4.6 | CVE-2019-11773 CONFIRM |
eclipse -- paho_java_client | In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. | 2019-09-11 | 5.0 | CVE-2019-11777 CONFIRM |
elementor -- elementor | The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. | 2019-09-10 | 6.5 | CVE-2017-18596 MISC MISC |
getgrav -- grav_cms | Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | 2019-09-08 | 4.3 | CVE-2019-16126 MISC |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. | 2019-09-09 | 4.0 | CVE-2019-11544 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. | 2019-09-09 | 4.0 | CVE-2019-11545 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | 2019-09-09 | 4.3 | CVE-2019-11547 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. | 2019-09-09 | 4.0 | CVE-2019-11549 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. | 2019-09-09 | 5.0 | CVE-2019-11605 CONFIRM |
gitlab -- gitlab | An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | 2019-09-09 | 6.5 | CVE-2019-5473 CONFIRM MISC |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. | 2019-09-09 | 5.0 | CVE-2019-6782 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | 2019-09-09 | 6.5 | CVE-2019-6783 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. | 2019-09-09 | 4.3 | CVE-2019-6784 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. | 2019-09-09 | 4.0 | CVE-2019-6785 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. | 2019-09-09 | 4.0 | CVE-2019-6786 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. | 2019-09-09 | 5.0 | CVE-2019-6788 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. | 2019-09-09 | 4.0 | CVE-2019-6789 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. | 2019-09-09 | 4.0 | CVE-2019-6791 CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. | 2019-09-09 | 5.0 | CVE-2019-6792 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | 2019-09-09 | 6.8 | CVE-2019-6793 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. | 2019-09-09 | 4.0 | CVE-2019-6794 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. | 2019-09-09 | 5.8 | CVE-2019-6795 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. | 2019-09-09 | 4.0 | CVE-2019-6995 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. | 2019-09-09 | 4.0 | CVE-2019-6996 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. | 2019-09-09 | 4.0 | CVE-2019-6997 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | 2019-09-09 | 4.3 | CVE-2019-7176 CONFIRM CONFIRM |
glyphandcog -- xpdfreader | Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | 2019-09-06 | 4.3 | CVE-2019-16088 MISC |
glyphandcog -- xpdfreader | In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. | 2019-09-08 | 6.8 | CVE-2019-16115 MISC |
gnu -- cflow | GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | 2019-09-09 | 4.3 | CVE-2019-16165 MISC |
gnu -- cflow | GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. | 2019-09-09 | 4.3 | CVE-2019-16166 MISC |
google -- android | In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-2182 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9248 MISC |
google -- android | In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9270 MISC |
google -- android | In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.4 | CVE-2019-9271 MISC |
google -- android | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9273 MISC |
google -- android | In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9274 MISC |
google -- android | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9276 MISC |
google -- android | In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9426 MISC |
google -- android | In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9436 MISC |
google -- android | In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9441 MISC |
google -- android | In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9442 MISC |
google -- android | In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9443 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9446 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9447 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9448 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.4 | CVE-2019-9450 MISC |
google -- android | In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9451 MISC |
google -- android | In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9454 MISC |
google -- android | In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9456 MISC |
google -- android | In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.6 | CVE-2019-9457 MISC |
google -- android | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 4.4 | CVE-2019-9458 MISC |
headwaythemes -- headway | The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | 2019-09-13 | 4.3 | CVE-2016-10953 MISC |
hgw168cc -- yii-cms | YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. | 2019-09-08 | 4.3 | CVE-2019-16130 MISC MISC |
humanica -- humatrix | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | 2019-09-10 | 5.0 | CVE-2019-16106 MISC MISC |
ibps_online_exam_project -- ibps_online_exam | The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. | 2019-09-10 | 6.5 | CVE-2017-18602 EXPLOIT-DB |
if.svnadmin_project -- if.svnadmin | iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | 2019-09-06 | 4.3 | CVE-2019-15128 MISC |
imapfilter_project -- imapfilter | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | 2019-09-08 | 5.0 | CVE-2016-10937 MISC MISC |
jtrt_responsive_tables_project -- jtrt_responsive_tables | The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. | 2019-09-10 | 6.5 | CVE-2017-18597 MISC MISC MISC |
k-takata -- onigmo | Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. | 2019-09-09 | 5.0 | CVE-2019-16161 MISC MISC |
k-takata -- onigmo | Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. | 2019-09-09 | 5.0 | CVE-2019-16162 MISC |
kartatopia -- piluscart | In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | 2019-09-08 | 5.0 | CVE-2019-16123 MISC MISC |
kilo_project -- kilo | Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. | 2019-09-08 | 5.0 | CVE-2019-16096 MISC MISC MISC MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. | 2019-09-09 | 6.8 | CVE-2019-10666 MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. | 2019-09-09 | 5.0 | CVE-2019-10667 MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. | 2019-09-09 | 6.4 | CVE-2019-10668 MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). | 2019-09-09 | 6.5 | CVE-2019-10669 MISC MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php. | 2019-09-09 | 4.3 | CVE-2019-10670 MISC |
librenms -- librenms | An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. | 2019-09-09 | 6.5 | CVE-2019-10671 MISC |
librenms -- librenms | An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. | 2019-09-09 | 6.5 | CVE-2019-12463 MISC |
librenms -- librenms | An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | 2019-09-09 | 6.0 | CVE-2019-12464 MISC |
librenms -- librenms | An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | 2019-09-09 | 5.5 | CVE-2019-12465 MISC |
libslirp_project -- libslirp | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | 2019-09-06 | 5.0 | CVE-2019-15890 CONFIRM MISC |
liferay -- liferay_portal | Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. | 2019-09-09 | 4.3 | CVE-2019-16147 MISC |
limesurvey -- limesurvey | An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 2019-09-09 | 6.8 | CVE-2019-16174 MISC MISC |
limesurvey -- limesurvey | A clickjacking vulnerability was found in Limesurvey before 3.17.14. | 2019-09-09 | 4.3 | CVE-2019-16175 MISC MISC |
limesurvey -- limesurvey | A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | 2019-09-09 | 5.0 | CVE-2019-16176 MISC MISC |
limesurvey -- limesurvey | In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | 2019-09-09 | 5.0 | CVE-2019-16177 MISC MISC |
limesurvey -- limesurvey | Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. | 2019-09-09 | 5.0 | CVE-2019-16179 MISC MISC |
limesurvey -- limesurvey | Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | 2019-09-09 | 5.0 | CVE-2019-16180 MISC MISC |
limesurvey -- limesurvey | In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. | 2019-09-09 | 4.0 | CVE-2019-16181 MISC MISC |
limesurvey -- limesurvey | A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. | 2019-09-09 | 4.3 | CVE-2019-16182 MISC MISC |
limesurvey -- limesurvey | In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. | 2019-09-09 | 4.0 | CVE-2019-16183 MISC MISC |
limesurvey -- limesurvey | In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | 2019-09-09 | 6.5 | CVE-2019-16185 MISC MISC |
limesurvey -- limesurvey | In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | 2019-09-09 | 6.5 | CVE-2019-16186 MISC MISC |
limesurvey -- limesurvey | Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | 2019-09-09 | 5.0 | CVE-2019-16187 MISC MISC |
magicfields -- magic_fields | The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. | 2019-09-10 | 4.3 | CVE-2017-18609 MISC MISC |
magicfields -- magic_fields | The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. | 2019-09-10 | 4.3 | CVE-2017-18610 MISC MISC |
magicfields -- magic_fields | The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. | 2019-09-10 | 4.3 | CVE-2017-18611 MISC MISC |
mautic -- mautic | An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. | 2019-09-06 | 4.3 | CVE-2018-11198 MISC CONFIRM |
mcafee -- active_response | McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | 2019-09-11 | 5.0 | CVE-2019-3643 CONFIRM |
mcafee -- active_response | McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | 2019-09-11 | 5.0 | CVE-2019-3644 CONFIRM |
mcafee -- web_gateway | Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | 2019-09-12 | 4.3 | CVE-2019-3638 CONFIRM |
mendix -- mendix | In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | 2019-09-10 | 5.0 | CVE-2019-12996 CONFIRM |
microfocus -- service_manager | HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. | 2019-09-10 | 5.0 | CVE-2019-11668 CONFIRM |
microfocus -- service_manager | Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. | 2019-09-10 | 5.0 | CVE-2019-11669 CONFIRM |
microsoft -- .net_core | A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. | 2019-09-11 | 5.0 | CVE-2019-1301 MISC |
microsoft -- asp.net_core | An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | 2019-09-11 | 6.8 | CVE-2019-1302 MISC |
microsoft -- edge | A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1220 MISC |
microsoft -- edge | An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1299 MISC |
microsoft -- excel | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1263 MISC |
microsoft -- exchange_server | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1266 MISC |
microsoft -- lync | An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1209 MISC |
microsoft -- office | A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 2019-09-11 | 6.8 | CVE-2019-1264 MISC |
microsoft -- project_rome | An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. | 2019-09-11 | 4.3 | CVE-2019-1231 MISC |
microsoft -- sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. | 2019-09-11 | 6.5 | CVE-2019-1257 MISC |
microsoft -- sharepoint_enterprise_server | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | 2019-09-11 | 4.0 | CVE-2019-1260 MISC |
microsoft -- sharepoint_enterprise_server | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. | 2019-09-11 | 6.8 | CVE-2019-1261 MISC |
microsoft -- sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. | 2019-09-11 | 6.5 | CVE-2019-1295 MISC |
microsoft -- sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. | 2019-09-11 | 6.5 | CVE-2019-1296 MISC |
microsoft -- sharepoint_foundation | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. | 2019-09-11 | 6.8 | CVE-2019-1259 MISC |
microsoft -- visual_studio | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | 2019-09-11 | 4.6 | CVE-2019-1232 MISC |
microsoft -- windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 2019-09-11 | 5.5 | CVE-2019-0928 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. | 2019-09-11 | 4.3 | CVE-2019-1244 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. | 2019-09-11 | 4.3 | CVE-2019-1245 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | 2019-09-11 | 4.3 | CVE-2019-1252 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | 2019-09-11 | 4.6 | CVE-2019-1277 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. | 2019-09-11 | 4.6 | CVE-2019-1278 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. | 2019-09-11 | 4.3 | CVE-2019-1286 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. | 2019-09-11 | 4.6 | CVE-2019-1287 MISC |
microsoft -- windows_10 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 2019-09-11 | 6.8 | CVE-2019-1292 MISC |
microsoft -- yammer | A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'. | 2019-09-11 | 5.0 | CVE-2019-1265 MISC |
misp -- misp | MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. | 2019-09-10 | 4.0 | CVE-2019-16202 CONFIRM MISC MISC |
myhtml_project -- myhtml | MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. | 2019-09-09 | 4.3 | CVE-2019-16164 MISC |
netapp -- oncommand_workflow_automation | OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 2019-09-10 | 5.0 | CVE-2019-5503 CONFIRM |
netattingo -- wp-whois-domain | The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. | 2019-09-13 | 4.3 | CVE-2017-18612 MISC MISC |
netgear -- wnr2000_firmware | An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. | 2019-09-11 | 5.0 | CVE-2019-5054 MISC |
netgear -- wnr2000_firmware | An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. | 2019-09-11 | 5.0 | CVE-2019-5055 MISC |
nic -- bird | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | 2019-09-09 | 5.0 | CVE-2019-16159 MISC MISC MISC MISC MISC MISC |
ntt-east -- pr-400ki_firmware | Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. | 2019-09-12 | 6.8 | CVE-2019-5986 MISC CONFIRM |
oceanwp -- ocean_extra | includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | 2019-09-11 | 5.0 | CVE-2019-16250 MISC |
once_cell_project -- once_cell | An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. | 2019-09-09 | 5.0 | CVE-2019-16141 MISC MISC |
oniguruma_project -- oniguruma | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | 2019-09-09 | 5.0 | CVE-2019-16163 MISC MISC MISC MLIST |
opensc_project -- opensc | An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | 2019-09-06 | 5.0 | CVE-2019-16058 MLIST MISC |
openssl -- openssl | OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). | 2019-09-10 | 5.0 | CVE-2019-1549 CONFIRM CONFIRM |
openssl -- openssl | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | 2019-09-10 | 4.3 | CVE-2019-1563 MISC CONFIRM CONFIRM CONFIRM BUGTRAQ CONFIRM |
opmantek -- open-audit | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | 2019-09-13 | 6.5 | CVE-2019-16293 MISC |
padrinorb -- padrino-contrib | The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. | 2019-09-09 | 4.3 | CVE-2019-16145 MISC |
pagelines -- pagelines | The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | 2019-09-13 | 6.8 | CVE-2016-10945 MISC |
panasonic -- video_insight_vms | SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2019-09-12 | 6.5 | CVE-2019-5996 MISC |
phpmyadmin -- phpmyadmin | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | 2019-09-13 | 5.8 | CVE-2019-12922 MISC MISC EXPLOIT-DB |
phpok -- oklite | framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | 2019-09-08 | 6.5 | CVE-2019-16131 MISC |
phpok -- oklite | An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | 2019-09-08 | 5.5 | CVE-2019-16132 MISC |
picoc_project -- picoc | PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | 2019-09-13 | 6.8 | CVE-2019-16277 MISC |
pinfinity_project -- pinfinity | The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. | 2019-09-10 | 4.3 | CVE-2017-18599 MISC |
piwigo -- piwigo | admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | 2019-09-13 | 6.8 | CVE-2019-13363 MISC MISC MISC MISC |
piwigo -- piwigo | admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | 2019-09-13 | 6.8 | CVE-2019-13364 MISC MISC MISC MISC |
plataformatec -- devise | An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) | 2019-09-08 | 5.0 | CVE-2019-16109 MISC MISC MISC |
podlove -- podlove_podcast_publisher | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | 2019-09-13 | 4.3 | CVE-2016-10941 MISC MISC MISC |
postman-smtp_project -- postman-smtp | The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. | 2019-09-10 | 4.3 | CVE-2017-18603 MISC MISC |
py-lmdb_project -- py-lmdb | An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. | 2019-09-11 | 5.0 | CVE-2019-16226 MISC |
py-lmdb_project -- py-lmdb | An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. | 2019-09-11 | 5.0 | CVE-2019-16228 MISC |
python -- python | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | 2019-09-06 | 5.0 | CVE-2019-16056 MISC MISC FEDORA |
sakailms -- sakai | Sakai through 12.6 allows XSS via a chat user name. | 2019-09-09 | 4.3 | CVE-2019-16148 MISC |
sap -- businessobjects_business_intelligence_platform | In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. | 2019-09-10 | 5.0 | CVE-2019-0352 MISC CONFIRM |
sap -- hana_extended_application_services | Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. | 2019-09-10 | 5.5 | CVE-2019-0363 MISC CONFIRM |
sap -- hana_extended_application_services | Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. | 2019-09-10 | 4.0 | CVE-2019-0364 MISC CONFIRM |
sap -- netweaver_application_server_java | SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | 2019-09-10 | 6.5 | CVE-2019-0355 MISC CONFIRM |
sap -- netweaver_process_integration | Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 2019-09-10 | 4.0 | CVE-2019-0356 MISC CONFIRM |
sap -- supplier_relationship_management | SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-09-10 | 4.3 | CVE-2019-0361 MISC CONFIRM |
sapplica -- sentrifugo | Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | 2019-09-06 | 6.8 | CVE-2019-16059 MISC |
search_exclude_project -- search_exclude | search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. | 2019-09-09 | 5.0 | CVE-2019-15895 MISC MISC MISC |
senecajs -- seneca | Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. | 2019-09-09 | 5.0 | CVE-2019-5483 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | 2019-09-08 | 6.8 | CVE-2019-16099 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | 2019-09-08 | 5.0 | CVE-2019-16100 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | 2019-09-08 | 5.0 | CVE-2019-16101 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | 2019-09-08 | 4.3 | CVE-2019-16104 MISC |
silver-peak -- unity_edgeconnect_sd-wan_firmware | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | 2019-09-08 | 4.0 | CVE-2019-16105 MISC |
sirv -- sirv | The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | 2019-09-13 | 6.5 | CVE-2016-10950 MISC MISC MISC |
sitebuilder_dynamic_components_project -- sitebuilder_dynamic_components | The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | 2019-09-10 | 5.0 | CVE-2017-18604 MISC MISC |
slickquiz_project -- slickquiz | The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. | 2019-09-13 | 6.5 | CVE-2019-12516 MISC MISC |
slickquiz_project -- slickquiz | An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. | 2019-09-13 | 4.3 | CVE-2019-12517 MISC MISC |
spot -- spot.im_comments | The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. | 2019-09-10 | 4.3 | CVE-2017-18608 MISC MISC |
sqlite -- sqlite | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | 2019-09-09 | 5.0 | CVE-2019-16168 MISC MISC MISC |
ss-proj -- shirasagi | Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2019-09-12 | 5.8 | CVE-2019-6009 MISC MISC MISC MISC MISC |
supervisord -- supervisor | In supervisord in Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. WARNING: This issue will not be fixed by the maintainer. The ability to run an open server will not be removed because users often use it for local development, therefore no action will be taken. | 2019-09-10 | 6.4 | CVE-2019-12105 MISC MISC MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. | 2019-09-07 | 5.0 | CVE-2019-16091 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | 2019-09-07 | 5.0 | CVE-2019-16094 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. | 2019-09-07 | 5.0 | CVE-2019-16095 MISC |
sysstat_project -- sysstat | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | 2019-09-09 | 4.3 | CVE-2019-16167 MISC MISC |
teammatesolutions -- teammate+ | A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. | 2019-09-09 | 4.3 | CVE-2019-10253 MISC MISC |
telegram -- telegram | The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message). | 2019-09-11 | 5.0 | CVE-2019-16248 MISC MISC MISC |
theme-fusion -- avada | The avada theme before 5.1.5 for WordPress has stored XSS. | 2019-09-10 | 4.3 | CVE-2017-18606 MISC |
theme-fusion -- avada | The avada theme before 5.1.5 for WordPress has CSRF. | 2019-09-10 | 6.8 | CVE-2017-18607 MISC |
trendmicro -- deep_security_manager | Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). | 2019-09-11 | 4.0 | CVE-2019-9488 N/A |
tri -- event_tickets | CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | 2019-09-08 | 6.5 | CVE-2019-16120 MISC MISC MISC |
trust_form_project -- trust_form | The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. | 2019-09-13 | 4.3 | CVE-2017-18613 MISC MISC |
ultra-prod -- wordpress_ultra_simple_paypal_shopping_cart | Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2019-09-12 | 6.8 | CVE-2019-5992 MISC |
vsourz -- cf7_invisible_recaptcha | The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | 2019-09-09 | 4.3 | CVE-2018-21012 MISC MISC |
weaver -- eteams_oa | An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. | 2019-09-08 | 4.0 | CVE-2019-16133 MISC |
wordpress -- wordpress | WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | 2019-09-11 | 4.3 | CVE-2019-16217 MISC MISC |
wordpress -- wordpress | WordPress before 5.2.3 allows XSS in stored comments. | 2019-09-11 | 4.3 | CVE-2019-16218 MISC MISC |
wordpress -- wordpress | WordPress before 5.2.3 allows XSS in shortcode previews. | 2019-09-11 | 4.3 | CVE-2019-16219 MISC MISC MISC |
wordpress -- wordpress | In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. | 2019-09-11 | 5.8 | CVE-2019-16220 MISC MISC MISC MISC |
wordpress -- wordpress | WordPress before 5.2.3 allows reflected XSS in the dashboard. | 2019-09-11 | 4.3 | CVE-2019-16221 MISC MISC |
wordpress -- wordpress | WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | 2019-09-11 | 4.3 | CVE-2019-16222 MISC MISC MISC MISC |
wp-kama -- kama_click_counter | The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. | 2019-09-13 | 4.3 | CVE-2017-18615 MISC |
wpcharitable -- charitable | The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | 2019-09-09 | 5.0 | CVE-2018-21011 MISC MISC |
xtremelocator -- xtremelocator | The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | 2019-09-13 | 6.5 | CVE-2016-10939 MISC MISC |
xwiki -- cryptpad | The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. | 2019-09-11 | 5.5 | CVE-2019-15302 MISC CONFIRM |
zm-gallery_project -- zm-gallery | The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | 2019-09-13 | 6.5 | CVE-2016-10940 MISC MISC |
zx-csv-upload_project -- zx-csv-upload | The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | 2019-09-13 | 6.5 | CVE-2016-10943 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
atlassian -- jira | Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | 2019-09-11 | 3.5 | CVE-2019-8450 N/A |
buddyboss -- buddymoss_media | The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. | 2019-09-09 | 3.5 | CVE-2018-21014 MISC |
cybozu -- garoon | DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-09-12 | 3.5 | CVE-2019-5975 MISC MISC |
dell -- rsa_identity_governance_and_lifecycle | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. | 2019-09-11 | 3.5 | CVE-2019-3761 CONFIRM |
dell -- rsa_identity_governance_and_lifecycle | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. | 2019-09-11 | 2.1 | CVE-2019-3763 CONFIRM |
esri -- arcgis_enterprise | In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. | 2019-09-11 | 3.5 | CVE-2019-16193 MISC |
getgophish -- gophish | Gophish through 0.8.0 allows XSS via a username. | 2019-09-09 | 3.5 | CVE-2019-16146 MISC |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. | 2019-09-09 | 3.5 | CVE-2019-11546 CONFIRM CONFIRM |
gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. | 2019-09-09 | 3.5 | CVE-2019-11548 CONFIRM CONFIRM |
google -- android | In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9245 MISC |
google -- android | In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9444 MISC |
google -- android | In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9445 MISC |
google -- android | In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9449 MISC |
google -- android | In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9452 MISC |
google -- android | In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9453 MISC |
google -- android | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | 2.1 | CVE-2019-9455 MISC |
ibps_online_exam_project -- ibps_online_exam | The examapp plugin 1.0 for WordPress has XSS via exam input text fields. | 2019-09-10 | 3.5 | CVE-2017-18601 EXPLOIT-DB |
jenkins -- beaker_builder | Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-09-12 | 2.1 | CVE-2019-10398 MLIST MISC |
limesurvey -- limesurvey | LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. | 2019-09-09 | 3.5 | CVE-2019-16172 MISC FULLDISC MISC BUGTRAQ MISC |
limesurvey -- limesurvey | LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | 2019-09-09 | 3.5 | CVE-2019-16173 MISC FULLDISC MISC BUGTRAQ MISC |
limesurvey -- limesurvey | A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. | 2019-09-09 | 3.5 | CVE-2019-16178 MISC MISC |
microsoft -- .net_framework | An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1142 MISC |
microsoft -- sharepoint_foundation | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 2019-09-11 | 3.5 | CVE-2019-1262 MISC |
microsoft -- team_foundation_server | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | 2019-09-11 | 3.5 | CVE-2019-1305 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1216 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1219 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. | 2019-09-11 | 2.1 | CVE-2019-1251 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1254 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. | 2019-09-11 | 3.6 | CVE-2019-1270 MISC |
microsoft -- windows_10 | A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | 2019-09-11 | 3.5 | CVE-2019-1273 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1274 MISC |
microsoft -- windows_10 | An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1282 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | 2019-09-11 | 3.6 | CVE-2019-1289 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1293 MISC |
microsoft -- windows_10 | A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1294 MISC |
microsoft -- windows_7 | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 2019-09-11 | 2.1 | CVE-2019-1283 MISC |
ncrafts -- formcraft | The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. | 2019-09-10 | 3.5 | CVE-2017-18600 MISC |
openssl -- openssl | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | 2019-09-10 | 1.9 | CVE-2019-1547 MISC MISC CONFIRM CONFIRM CONFIRM BUGTRAQ CONFIRM |
sap -- business_one_client | Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. | 2019-09-10 | 2.1 | CVE-2019-0353 MISC CONFIRM |
ttlock -- ttlock | TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. | 2019-09-10 | 3.3 | CVE-2019-12942 MISC |
ttlock -- ttlock | TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | 2019-09-10 | 2.6 | CVE-2019-12943 MISC |
w1.fi -- hostapd | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | 2019-09-12 | 3.3 | CVE-2019-16275 MLIST MISC MISC MISC |
webcraftic -- woody_ad_snippets | The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. | 2019-09-13 | 3.5 | CVE-2019-16289 MISC MISC MISC |
wordpress -- wordpress | WordPress before 5.2.3 allows XSS in post previews by authenticated users. | 2019-09-11 | 3.5 | CVE-2019-16223 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3s_smart_software_solutions -- codesys_v3_web_server | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | 2019-09-13 | not yet calculated | CVE-2019-13532 MISC |
3s_smart_software_solutions -- codesys_v3_web_server | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. | 2019-09-13 | not yet calculated | CVE-2019-13548 MISC |
arubanetworks -- arubaos | A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. | 2019-09-13 | not yet calculated | CVE-2019-5315 CONFIRM |
arubanetworks -- arubaos | A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. | 2019-09-13 | not yet calculated | CVE-2018-7081 CONFIRM MISC |
bosch -- access_professional_edition | Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | 2019-09-12 | not yet calculated | CVE-2019-11898 CONFIRM |
dino -- dino | Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | 2019-09-11 | not yet calculated | CVE-2019-16235 MLIST MISC MISC |
dino -- dino | Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | 2019-09-11 | not yet calculated | CVE-2019-16236 MLIST MISC MISC |
dino -- dino |
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | 2019-09-11 | not yet calculated | CVE-2019-16237 MLIST MISC MISC |
ec-cube -- amazon_pay_plugin | Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-09-12 | not yet calculated | CVE-2019-6003 MISC MISC |
eclipse_foundation -- eclipse_omr | Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. | 2019-09-12 | not yet calculated | CVE-2019-11774 CONFIRM |
flamenet -- flamecms | FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. | 2019-09-14 | not yet calculated | CVE-2019-16309 MISC |
fuji_xerox -- apeosware_management_suite_and_apeosware_management_suite_2 | Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2019-09-12 | not yet calculated | CVE-2019-6004 MISC MISC |
fuji_xerox -- docushare | A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). | 2019-09-14 | not yet calculated | CVE-2019-16307 MISC |
gitlab -- community_and_enterprise_edition | An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. | 2019-09-09 | not yet calculated | CVE-2019-5471 MISC CONFIRM MISC |
gitlab -- community_and_enterprise_edition | An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | 2019-09-09 | not yet calculated | CVE-2019-5461 MISC CONFIRM MISC |
gitlab -- community_and_enterprise_edition | An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | 2019-09-09 | not yet calculated | CVE-2019-5463 CONFIRM MISC |
gitlab -- community_and_enterprise_edition | An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | 2019-09-09 | not yet calculated | CVE-2019-5467 CONFIRM MISC |
harbor -- harbor | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1. | 2019-09-08 | not yet calculated | CVE-2019-16097 MISC MISC |
hikari_denwa -- router_operating_system |
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-09-12 | not yet calculated | CVE-2019-5985 MISC CONFIRM |
ifw8 -- router_rom | ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | 2019-09-14 | not yet calculated | CVE-2019-16313 MISC |
indexhibit -- indexhibit | Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | 2019-09-14 | not yet calculated | CVE-2019-16314 MISC |
integard -- integard_home_and_integard_pro_2 | The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. | 2019-09-13 | not yet calculated | CVE-2010-5333 MISC MISC MISC |
jenkins -- jenkins | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-09-12 | not yet calculated | CVE-2019-10393 MLIST MISC |
jenkins -- jenkins | Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 2019-09-12 | not yet calculated | CVE-2019-10395 MLIST MISC |
jenkins -- jenkins | Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 2019-09-12 | not yet calculated | CVE-2019-10396 MLIST MISC |
jenkins -- jenkins | Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 2019-09-12 | not yet calculated | CVE-2019-10397 MLIST MISC |
jenkins -- jenkins | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-09-12 | not yet calculated | CVE-2019-10394 MLIST MISC |
jenkins -- jenkins | Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 2019-09-12 | not yet calculated | CVE-2019-10392 MLIST MISC |
jhipster -- jhipster_and_jhipster_kotlin | A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. | 2019-09-13 | not yet calculated | CVE-2019-16303 MISC MISC MISC MISC MISC |
kddi_corporation -- smart_tv_box | Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. | 2019-09-12 | not yet calculated | CVE-2019-6005 MISC |
libra -- libra | Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. | 2019-09-11 | not yet calculated | CVE-2019-16214 MISC MISC MISC |
line_corporation -- apng-drawable | Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. | 2019-09-12 | not yet calculated | CVE-2019-6007 MISC |
linux -- linux_kernel | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | 2019-09-13 | not yet calculated | CVE-2019-15031 MISC MISC |
linux -- linux_kernel | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. | 2019-09-13 | not yet calculated | CVE-2019-15030 MISC MISC |
mcafee -- total_protection_free_antivirus_trial | DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | 2019-09-13 | not yet calculated | CVE-2019-3646 CONFIRM |
mobatech -- mobaxterm | In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. | 2019-09-14 | not yet calculated | CVE-2019-16305 MISC |
motorola -- motorola_devices | Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | 2019-09-12 | not yet calculated | CVE-2019-16257 MISC |
niushop -- niushop | NIUSHOP V1.11 has CSRF via search_info to index.php. | 2019-09-14 | not yet calculated | CVE-2019-16311 MISC |
niushop -- niushop | NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. | 2019-09-14 | not yet calculated | CVE-2019-16310 MISC |
notepad++ -- notepad++ | SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | 2019-09-14 | not yet calculated | CVE-2019-16294 MISC MISC MISC |
nxp_semiconductors -- kinetis_kv1x_and_kinetis_kv3x_and_kinetis_k8x_devices | On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. | 2019-09-12 | not yet calculated | CVE-2019-14237 MISC |
philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors | Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. | 2019-09-12 | not yet calculated | CVE-2019-13530 MISC |
philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors | Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. | 2019-09-12 | not yet calculated | CVE-2019-13534 MISC |
pimcore -- pimcore | In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | 2019-09-14 | not yet calculated | CVE-2019-16318 MISC MISC |
pimcore -- pimcore | In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | 2019-09-14 | not yet calculated | CVE-2019-16317 MISC MISC |
s-cms -- s-cms | s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | 2019-09-14 | not yet calculated | CVE-2019-16312 MISC |
samsung -- samsung_devices | Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | 2019-09-12 | not yet calculated | CVE-2019-16256 MISC |
siemens -- ei/wsn-pa_link_wirelesshart_gateway | A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | 2019-09-13 | not yet calculated | CVE-2019-13923 MISC |
siemens -- simatic_tdc_cp51m1_module | A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-10937 MISC |
siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-13919 MISC |
siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-13918 MISC |
siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-13920 MISC |
siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-13922 MISC |
stmicroelectronics -- stm32l_family_devices | On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | 2019-09-12 | not yet calculated | CVE-2019-14236 MISC |
vivotek -- ipcam_firmware | An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. | 2019-09-10 | not yet calculated | CVE-2019-10256 CONFIRM MISC |
vivotek -- ipcam_firmware | VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | 2019-09-10 | not yet calculated | CVE-2019-14457 CONFIRM |
wordpress -- wordpress | The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | 2019-09-13 | not yet calculated | CVE-2016-10951 MISC MISC MISC |
wordpress -- wordpress | The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | 2019-09-13 | not yet calculated | CVE-2016-10947 MISC |
wordpress -- wordpress | The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | 2019-09-13 | not yet calculated | CVE-2016-10948 MISC |
wordpress -- wordpress | The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | 2019-09-13 | not yet calculated | CVE-2016-10949 MISC |
wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2019-09-12 | not yet calculated | CVE-2019-5993 MISC |
wordpress -- wordpress | The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. | 2019-09-13 | not yet calculated | CVE-2016-10952 MISC MISC MISC |
wordpress -- wordpress | The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | 2019-09-13 | not yet calculated | CVE-2016-10954 MISC |
wordpress -- wordpress | The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | 2019-09-13 | not yet calculated | CVE-2016-10955 MISC MISC |
wordpress -- wordpress | The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. | 2019-09-09 | not yet calculated | CVE-2018-21013 MISC |
wordpress -- wordpress | The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | 2019-09-13 | not yet calculated | CVE-2016-10944 MISC MISC |
wordpress -- wordpress | The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | 2019-09-13 | not yet calculated | CVE-2016-10946 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-259
Comments
Post a Comment