US-CERT - Vulnerability Summary for the Week of September 16, 2019
Original release date: September 23, 2019
Back to top
Back to top
Back to top
Back to top
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-266
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | 2019-09-18 | 9.0 | CVE-2019-13550 MISC |
| advantech -- webaccess | In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | 2019-09-18 | 9.0 | CVE-2019-13558 MISC |
| apache -- tapestry | Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component. | 2019-09-16 | 7.5 | CVE-2019-0195 MLIST |
| arubanetworks -- arubaos | A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. | 2019-09-13 | 9.3 | CVE-2018-7081 CONFIRM MISC |
| aspose -- aspose.pdf_for_c++ | An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | 2019-09-18 | 7.5 | CVE-2019-5066 CONFIRM |
| aspose -- aspose.pdf_for_c++ | An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | 2019-09-18 | 7.5 | CVE-2019-5067 CONFIRM |
| atlassian -- jira | The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. | 2019-09-19 | 9.0 | CVE-2019-15001 MISC |
| canonical -- ubuntu_linux | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | 2019-09-17 | 7.2 | CVE-2019-14835 REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRM FEDORA UBUNTU MISC |
| code42 -- code42 | In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution. | 2019-09-17 | 7.5 | CVE-2019-15131 CONFIRM MISC |
| dlink -- dns-320_firmware | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | 2019-09-16 | 10.0 | CVE-2019-16057 MISC MISC |
| egpp -- sistema_integrado_de_gestion_academica | In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. | 2019-09-16 | 7.5 | CVE-2019-16264 MISC |
| fasterxml -- jackson-databind | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. | 2019-09-15 | 7.5 | CVE-2019-14540 CONFIRM MISC MISC |
| fasterxml -- jackson-databind | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. | 2019-09-15 | 7.5 | CVE-2019-16335 MISC |
| flamecms_project -- flamecms | FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. | 2019-09-14 | 7.5 | CVE-2019-16309 MISC |
| gitlabhook_project -- gitlabhook | NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. | 2019-09-13 | 10.0 | CVE-2019-5485 MISC |
| haxx -- curl | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | 2019-09-16 | 7.5 | CVE-2019-5481 SUSE CONFIRM FEDORA FEDORA |
| haxx -- curl | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | 2019-09-16 | 7.5 | CVE-2019-5482 SUSE CONFIRM FEDORA FEDORA |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | 2019-09-17 | 7.8 | CVE-2019-4183 XF CONFIRM |
| indexhibit -- indexhibit | Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | 2019-09-14 | 7.5 | CVE-2019-16314 MISC |
| infradead -- openconnect | process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | 2019-09-17 | 7.5 | CVE-2019-16239 CONFIRM FEDORA FEDORA FEDORA MISC |
| jhipster -- jhipster_kotlin | A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. | 2019-09-13 | 7.5 | CVE-2019-16303 MISC MISC MISC MISC MISC |
| keeper -- k5_firmware | On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. | 2019-09-19 | 7.2 | CVE-2019-16398 MISC |
| libav -- libav | In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. | 2019-09-19 | 7.1 | CVE-2019-9717 MISC MISC |
| libav -- libav | A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. | 2019-09-19 | 7.1 | CVE-2019-9720 MISC MISC |
| linux -- linux_kernel | An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | 2019-09-19 | 7.2 | CVE-2019-14821 MLIST CONFIRM |
| linux-nfs -- nfs-utils | The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set | 2019-09-19 | 10.0 | CVE-2019-3689 CONFIRM |
| membersonic -- membersonic | The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | 2019-09-16 | 7.5 | CVE-2016-10971 MISC |
| microfocus -- data_protector | Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | 2019-09-13 | 7.2 | CVE-2019-11660 CONFIRM |
| moddable -- moddable | In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | 2019-09-16 | 7.5 | CVE-2019-16366 MISC |
| open-emr -- openemr | OpenEMR v5.0.1-6 allows code execution. | 2019-09-16 | 9.0 | CVE-2019-8371 MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. | 2019-09-20 | 7.5 | CVE-2019-15088 MISC MISC |
| publisure -- publisure | An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). | 2019-09-18 | 7.5 | CVE-2019-14254 MISC |
| rsa -- archer | RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | 2019-09-18 | 7.5 | CVE-2019-3758 MISC |
| schneider-electric -- bmxnor0200h_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. | 2019-09-17 | 7.8 | CVE-2019-6813 CONFIRM CONFIRM |
| schneider-electric -- modicon_premium_firmware | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. | 2019-09-17 | 7.8 | CVE-2019-6809 CONFIRM |
| schneider-electric -- modicon_premium_firmware | A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. | 2019-09-17 | 7.8 | CVE-2019-6828 CONFIRM |
| siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | 7.5 | CVE-2019-13918 MISC |
| smackcoders -- ultimate_exporter | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | 2019-09-20 | 7.5 | CVE-2016-11000 MISC MISC |
| tagdiv -- newspaper | The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | 2019-09-16 | 7.5 | CVE-2016-10972 MISC EXPLOIT-DB |
| tagdiv -- newspaper | The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | 2019-09-16 | 7.5 | CVE-2017-18634 MISC |
| telestar -- bobs_rock_radio_firmware | TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. | 2019-09-16 | 7.5 | CVE-2019-13474 MISC MISC |
| templatic -- telvolution | The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | 2019-09-18 | 7.5 | CVE-2016-10995 MISC |
| tenda -- n301_firmware | On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | 2019-09-13 | 7.8 | CVE-2019-16288 MISC |
| tendacn -- n301_firmware | In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) | 2019-09-19 | 7.8 | CVE-2019-16412 MISC |
| terrasoft -- bpm_online_crm_system_sdk | A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. | 2019-09-18 | 7.5 | CVE-2019-15301 MISC |
| tibco -- enterprise_runtime_for_r | The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0. | 2019-09-18 | 10.0 | CVE-2019-11210 MISC CONFIRM |
| tibco -- enterprise_runtime_for_r | The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. | 2019-09-18 | 9.0 | CVE-2019-11211 MISC CONFIRM |
| trusteddomain -- opendmarc | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | 2019-09-17 | 7.5 | CVE-2019-16378 MLIST MISC MISC BUGTRAQ DEBIAN MISC |
| tuzicms -- tuzicms | App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | 2019-09-20 | 7.5 | CVE-2019-16644 MISC |
| vivotek -- camera | VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | 2019-09-18 | 7.8 | CVE-2019-14458 CONFIRM MISC |
| westerndigital -- wd_my_book_firmware | Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. | 2019-09-18 | 7.5 | CVE-2019-16399 MISC MISC |
| wireshark -- wireshark | In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | 2019-09-15 | 7.8 | CVE-2019-16319 MISC MISC MISC |
| wp-kama -- kama_click_counter | The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | 2019-09-13 | 9.3 | CVE-2017-18614 MISC MISC |
| yejiao -- tuzicms | App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | 2019-09-20 | 7.5 | CVE-2019-16642 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | 2019-09-18 | 6.5 | CVE-2019-13552 MISC |
| advantech -- webaccess | In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | 2019-09-18 | 6.5 | CVE-2019-13556 MISC |
| agentevolution -- impress_listings | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | 2019-09-20 | 4.3 | CVE-2016-11013 MISC MISC |
| akal_project -- akal | The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. | 2019-09-16 | 4.3 | CVE-2016-10957 MISC MISC |
| apache -- tapestry | Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. | 2019-09-16 | 5.0 | CVE-2019-0207 MLIST |
| apache -- tapestry | The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead. | 2019-09-16 | 6.8 | CVE-2019-10071 MLIST |
| arubanetworks -- arubaos | Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | 2019-09-13 | 4.3 | CVE-2019-5314 CONFIRM |
| aspose -- aspose.pdf_for_c++ | An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. | 2019-09-18 | 6.5 | CVE-2019-5042 CONFIRM |
| asus -- asuswrt-merlin | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. | 2019-09-17 | 5.0 | CVE-2018-20336 MISC CONFIRM |
| atlassian -- bitbucket | The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands. | 2019-09-19 | 6.8 | CVE-2019-15000 MISC |
| atlassian -- jira_service_desk_server | The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | 2019-09-19 | 4.3 | CVE-2019-14994 MISC |
| attosoft -- auto_thickbox_plus | The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. | 2019-09-20 | 4.3 | CVE-2015-9396 MISC MISC |
| axiosys -- bento4 | Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. | 2019-09-16 | 4.3 | CVE-2019-16349 MISC |
| bestwebsoft -- relevant | The relevant plugin before 1.0.8 for WordPress has XSS. | 2019-09-20 | 4.3 | CVE-2015-9384 MISC MISC |
| bower -- bower | Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | 2019-09-13 | 5.0 | CVE-2019-5484 MISC MISC MISC |
| brafton -- brafton | The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. | 2019-09-16 | 4.3 | CVE-2016-10973 MISC MISC |
| checklist -- checklist | An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. | 2019-09-19 | 4.3 | CVE-2019-16525 MISC MISC MISC MISC |
| cisco -- hyperflex_hx220c_af_m5_firmware | A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. | 2019-09-18 | 5.0 | CVE-2019-12620 CISCO |
| cisco -- hyperflex_hx220c_af_m5_firmware | A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. | 2019-09-18 | 4.3 | CVE-2019-1975 CISCO |
| codepeople -- music_store | The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | 2019-09-17 | 4.3 | CVE-2016-10992 MISC MISC MISC |
| codesys -- codesys | 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | 2019-09-17 | 6.8 | CVE-2019-13538 MISC |
| codesys -- control_for_beaglebone | An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime. | 2019-09-17 | 6.5 | CVE-2019-9008 MISC CERT |
| creativeinteractivemedia -- real3d_flipbook | The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. | 2019-09-16 | 6.4 | CVE-2016-10965 MISC MISC |
| creativeinteractivemedia -- real3d_flipbook | The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | 2019-09-16 | 5.0 | CVE-2016-10966 MISC MISC |
| creativeinteractivemedia -- real3d_flipbook | The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. | 2019-09-16 | 4.3 | CVE-2016-10967 MISC MISC |
| cyberseo -- xpinner_lite | The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | 2019-09-20 | 4.3 | CVE-2015-9407 MISC MISC MISC |
| cyberseo -- xpinner_lite | The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | 2019-09-20 | 4.3 | CVE-2015-9408 MISC MISC MISC |
| dolibarr -- dolibarr | In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | 2019-09-16 | 4.3 | CVE-2019-16197 MISC |
| eclipse -- mosquitto | If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. | 2019-09-18 | 5.5 | CVE-2019-11778 CONFIRM |
| eclipse -- mosquitto | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | 2019-09-19 | 4.0 | CVE-2019-11779 CONFIRM |
| elfsight -- instalinker | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | 2019-09-20 | 4.3 | CVE-2016-11005 MISC MISC |
| estatik -- estatik | The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | 2019-09-16 | 5.0 | CVE-2016-10958 MISC MISC MISC |
| estatik -- estatik | The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | 2019-09-16 | 4.0 | CVE-2016-10959 MISC MISC |
| firestormplugins -- fs-shopping-cart | The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | 2019-09-13 | 6.5 | CVE-2016-10951 MISC MISC MISC |
| fossura -- tag_miner | The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. | 2019-09-17 | 6.8 | CVE-2016-10978 MISC MISC |
| fossura -- tag_miner | The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. | 2019-09-17 | 4.3 | CVE-2016-10979 MISC |
| fulixerox -- docushare | A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). | 2019-09-14 | 4.3 | CVE-2019-16307 MISC |
| geautomation -- proficy | Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | 2019-09-16 | 5.0 | CVE-2019-16353 MISC |
| ghost -- ghost | The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. | 2019-09-17 | 4.0 | CVE-2016-10983 MISC MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. | 2019-09-16 | 5.5 | CVE-2019-15721 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | 2019-09-16 | 5.0 | CVE-2019-15722 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. | 2019-09-16 | 5.0 | CVE-2019-15723 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. | 2019-09-16 | 4.3 | CVE-2019-15724 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | 2019-09-16 | 5.0 | CVE-2019-15725 MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | 2019-09-16 | 5.0 | CVE-2019-15726 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | 2019-09-16 | 5.0 | CVE-2019-15727 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. | 2019-09-16 | 5.0 | CVE-2019-15728 MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. | 2019-09-17 | 5.0 | CVE-2019-15729 MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. | 2019-09-16 | 5.0 | CVE-2019-15730 MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. | 2019-09-16 | 5.0 | CVE-2019-15731 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | 2019-09-16 | 5.0 | CVE-2019-15732 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | 2019-09-16 | 4.0 | CVE-2019-15733 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | 2019-09-16 | 4.0 | CVE-2019-15734 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | 2019-09-16 | 5.0 | CVE-2019-15736 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | 2019-09-16 | 6.4 | CVE-2019-15737 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | 2019-09-16 | 5.0 | CVE-2019-15738 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | 2019-09-16 | 4.3 | CVE-2019-15739 CONFIRM |
| gitlab -- gitlab | An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | 2019-09-16 | 5.0 | CVE-2019-15740 MISC |
| gitlab -- gitlab | An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | 2019-09-16 | 5.5 | CVE-2019-16170 MISC |
| gnucobol_project -- gnucobol | GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. | 2019-09-17 | 6.8 | CVE-2019-16395 MISC |
| gnucobol_project -- gnucobol | GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. | 2019-09-17 | 6.8 | CVE-2019-16396 MISC |
| gpac -- gpac | AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. | 2019-09-16 | 4.3 | CVE-2018-21015 MISC |
| gpac -- gpac | audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2019-09-16 | 4.3 | CVE-2018-21016 MISC |
| gpac -- gpac | GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. | 2019-09-16 | 4.3 | CVE-2018-21017 MISC MISC |
| gradle -- gradle | The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | 2019-09-16 | 4.3 | CVE-2019-16370 MISC MISC |
| hrworks -- hrworks | A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. | 2019-09-17 | 4.3 | CVE-2019-11559 FULLDISC MISC |
| ibm -- application_performance_management | IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | 2019-09-17 | 4.3 | CVE-2019-4086 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. | 2019-09-17 | 4.3 | CVE-2019-4171 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. | 2019-09-17 | 5.0 | CVE-2019-4175 XF CONFIRM |
| ibm -- financial_transaction_manager_for_multiplatform | IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946. | 2019-09-18 | 4.0 | CVE-2018-1847 XF CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | 2019-09-20 | 5.0 | CVE-2019-4565 XF CONFIRM |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | 2019-09-16 | 6.5 | CVE-2019-4147 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. | 2019-09-17 | 5.0 | CVE-2019-4268 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. | 2019-09-17 | 4.0 | CVE-2019-4442 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. | 2019-09-17 | 4.0 | CVE-2019-4477 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. | 2019-09-20 | 5.0 | CVE-2019-4505 XF CONFIRM |
| icegram -- icegram | The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. | 2019-09-16 | 4.3 | CVE-2016-10962 MISC MISC |
| icegram -- icegram | The icegram plugin before 1.9.19 for WordPress has XSS. | 2019-09-16 | 4.3 | CVE-2016-10963 MISC |
| ifw8 -- fr5-e_firmware | ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | 2019-09-14 | 5.0 | CVE-2019-16313 MISC |
| imdb-widget_project -- imdb-widget | The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. | 2019-09-17 | 5.0 | CVE-2016-10991 MISC MISC |
| intel -- easy_streaming_wizard | Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. | 2019-09-16 | 4.6 | CVE-2019-11166 CONFIRM |
| intenogroup -- eg200_firmware | Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. | 2019-09-16 | 4.3 | CVE-2019-13140 MISC MISC MISC EXPLOIT-DB |
| kentothemes -- kento-post-view-counter | The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. | 2019-09-17 | 4.3 | CVE-2016-10980 MISC MISC |
| kentothemes -- kento-post-view-counter | The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. | 2019-09-17 | 4.3 | CVE-2016-10981 MISC MISC |
| kentothemes -- kento-post-view-counter | The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. | 2019-09-17 | 6.8 | CVE-2016-10982 MISC MISC |
| kodebyraaet -- safe_editor | The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | 2019-09-17 | 4.3 | CVE-2016-10976 MISC MISC |
| layerbb -- layerbb | LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | 2019-09-19 | 6.8 | CVE-2019-16531 MISC MISC MISC MISC |
| leenk -- leenk.me | The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. | 2019-09-17 | 4.3 | CVE-2016-10988 MISC MISC MISC |
| leenk -- leenk.me | The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. | 2019-09-17 | 6.8 | CVE-2016-10989 MISC MISC MISC |
| libav -- libav | A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. | 2019-09-19 | 6.8 | CVE-2019-9719 MISC MISC MISC MISC |
| libwav_project -- libwav | marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c. | 2019-09-16 | 4.3 | CVE-2019-16348 MISC |
| linecorp -- line | Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image. | 2019-09-19 | 6.8 | CVE-2019-6010 MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | 2019-09-18 | 5.0 | CVE-2019-16413 MISC MISC MISC |
| logmein -- lastpass | LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. | 2019-09-16 | 5.8 | CVE-2019-16371 MISC |
| mail-masta_project -- mail-masta | The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | 2019-09-16 | 5.0 | CVE-2016-10956 MISC MISC MISC |
| mcafee -- total_protection | DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. | 2019-09-13 | 6.0 | CVE-2019-3646 CONFIRM |
| mi -- xiaomi_millet_firmware | A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. | 2019-09-18 | 5.8 | CVE-2019-15843 CONFIRM |
| microfocus -- service_manager | Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. | 2019-09-18 | 6.5 | CVE-2019-11661 CONFIRM |
| microfocus -- service_manager | Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | 2019-09-18 | 4.0 | CVE-2019-11662 CONFIRM |
| microfocus -- service_manager | Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | 2019-09-18 | 4.0 | CVE-2019-11663 CONFIRM |
| microfocus -- service_manager | Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | 2019-09-18 | 4.0 | CVE-2019-11664 CONFIRM |
| microfocus -- service_manager | Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | 2019-09-17 | 5.0 | CVE-2019-11665 CONFIRM |
| microfocus -- service_manager | Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | 2019-09-17 | 6.8 | CVE-2019-11666 CONFIRM |
| microfocus -- service_manager | Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data. | 2019-09-17 | 5.0 | CVE-2019-11667 CONFIRM |
| mobatek -- mobaxterm | In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. | 2019-09-14 | 6.8 | CVE-2019-16305 MISC |
| momizat -- goodnews | The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | 2019-09-20 | 4.3 | CVE-2016-10999 MISC |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. | 2019-09-20 | 4.3 | CVE-2015-9386 MISC MISC |
| mz-automation -- libiec61850 | libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. | 2019-09-19 | 5.0 | CVE-2019-16510 MISC |
| neliosoftware -- nelio_ab_testing | The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. | 2019-09-17 | 4.0 | CVE-2016-10977 MISC MISC MISC |
| nerdcow -- tweet_wheel | The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. | 2019-09-17 | 4.3 | CVE-2016-10986 MISC MISC MISC |
| netattingo -- wp-whois-domain | The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. | 2019-09-13 | 4.3 | CVE-2017-18612 MISC MISC |
| neuvoo -- neuvoo-jobroll | The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. | 2019-09-20 | 4.3 | CVE-2015-9404 MISC MISC |
| neuvoo -- neuvoo_jobs | The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. | 2019-09-20 | 4.3 | CVE-2015-9403 MISC MISC |
| ngiflib_project -- ngiflib | ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | 2019-09-16 | 6.8 | CVE-2019-16346 MISC MISC |
| ngiflib_project -- ngiflib | ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | 2019-09-16 | 6.8 | CVE-2019-16347 MISC MISC |
| niushop -- niushop | NIUSHOP V1.11 has CSRF via search_info to index.php. | 2019-09-14 | 6.8 | CVE-2019-16311 MISC |
| notepad_plus_plus -- notepad++ | SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | 2019-09-14 | 6.8 | CVE-2019-16294 MISC MISC MISC |
| ocimscripts -- ocim-mp3 | The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | 2019-09-20 | 4.3 | CVE-2016-10998 MISC |
| open-emr -- openemr | OpenEMR v5.0.1-6 allows XSS. | 2019-09-16 | 4.3 | CVE-2019-8368 MISC |
| optinmonster -- optinmonster | The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | 2019-09-20 | 5.0 | CVE-2016-10996 MISC MISC |
| ostenta -- yawpp | The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | 2019-09-20 | 4.3 | CVE-2015-9391 MISC MISC |
| pagelines -- pagelines | The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | 2019-09-13 | 6.8 | CVE-2016-10945 MISC |
| peepso -- peepso | The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | 2019-09-16 | 6.5 | CVE-2016-10968 MISC MISC |
| picoc_project -- picoc | PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | 2019-09-13 | 6.8 | CVE-2019-16277 MISC |
| pimcore -- pimcore | In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | 2019-09-14 | 6.5 | CVE-2019-16317 MISC MISC |
| pimcore -- pimcore | In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | 2019-09-14 | 6.5 | CVE-2019-16318 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. | 2019-09-20 | 5.0 | CVE-2019-15085 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | 2019-09-20 | 4.3 | CVE-2019-15086 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. | 2019-09-20 | 6.5 | CVE-2019-15087 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | 2019-09-20 | 6.8 | CVE-2019-15089 MISC MISC |
| publisure -- publisure | An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). | 2019-09-18 | 6.5 | CVE-2019-14252 MISC |
| publisure -- publisure | An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted. | 2019-09-18 | 6.4 | CVE-2019-14253 MISC |
| pydio -- pydio | Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. | 2019-09-19 | 5.0 | CVE-2019-15032 MISC MISC MISC |
| pydio -- pydio | Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. | 2019-09-19 | 4.0 | CVE-2019-15033 MISC MISC MISC |
| redmineup -- crm | The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. | 2019-09-16 | 4.3 | CVE-2019-15950 MISC MISC |
| rsa -- archer | RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | 2019-09-18 | 4.0 | CVE-2019-3756 MISC |
| rsa -- bsafe_cert-j | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. | 2019-09-18 | 4.3 | CVE-2019-3738 MISC |
| rsa -- bsafe_cert-j | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. | 2019-09-18 | 4.3 | CVE-2019-3739 MISC |
| rsa -- bsafe_cert-j | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. | 2019-09-18 | 4.3 | CVE-2019-3740 MISC |
| s-cms -- s-cms | s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | 2019-09-14 | 4.3 | CVE-2019-16312 MISC |
| scadabr -- scadabr | ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. | 2019-09-15 | 4.3 | CVE-2019-16321 MISC |
| schneider-electric -- bmxnor0200h_firmware | CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | 2019-09-17 | 6.5 | CVE-2019-6810 CONFIRM |
| schneider-electric -- bmxnor0200h_firmware | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | 2019-09-17 | 5.0 | CVE-2019-6831 CONFIRM |
| schneider-electric -- hmigtu_firmware | A CWE-754 ? Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. | 2019-09-17 | 4.3 | CVE-2019-6833 CONFIRM |
| schneider-electric -- modicon_quantum_140noe77101_firmware | An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover. | 2019-09-17 | 5.0 | CVE-2019-6811 CONFIRM |
| schneider-electric -- somachine_hvac | A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product. | 2019-09-17 | 6.8 | CVE-2019-6826 CONFIRM |
| siemens -- ie/wsn-pa_link_wirelesshart_gateway_firmware | A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | 2019-09-13 | 4.3 | CVE-2019-13923 MISC |
| siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | 4.0 | CVE-2019-13919 MISC |
| siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | 4.3 | CVE-2019-13920 MISC |
| siemens -- sinema_remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | 4.0 | CVE-2019-13922 MISC |
| sirv -- sirv | The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | 2019-09-13 | 6.5 | CVE-2016-10950 MISC MISC MISC |
| slickquiz_project -- slickquiz | An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. | 2019-09-13 | 4.3 | CVE-2019-12517 MISC MISC |
| smackcoders -- echo_sign | The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | 2019-09-17 | 4.3 | CVE-2016-10984 MISC MISC MISC |
| smackcoders -- echo_sign | The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | 2019-09-17 | 4.3 | CVE-2016-10985 MISC MISC MISC |
| spip -- spip | SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. | 2019-09-17 | 4.0 | CVE-2019-16391 MISC MISC MISC |
| spip -- spip | SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | 2019-09-17 | 4.3 | CVE-2019-16392 MISC MISC |
| spip -- spip | SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | 2019-09-17 | 5.8 | CVE-2019-16393 MISC MISC MISC |
| spip -- spip | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 2019-09-17 | 5.0 | CVE-2019-16394 MISC MISC MISC MISC |
| supportflow_project -- supportflow | The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. | 2019-09-16 | 4.3 | CVE-2016-10969 MISC MISC |
| supportflow_project -- supportflow | The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. | 2019-09-16 | 4.3 | CVE-2016-10970 MISC MISC |
| tonjoostudio -- fluid-responsive-slideshow | The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. | 2019-09-17 | 6.8 | CVE-2016-10974 MISC MISC |
| tonjoostudio -- fluid-responsive-slideshow | The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. | 2019-09-17 | 4.3 | CVE-2016-10975 MISC MISC |
| trivetechnology -- wp-stats-dashboard | The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9399 MISC MISC MISC |
| truemag_theme_project -- truemag_theme | The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. | 2019-09-18 | 4.3 | CVE-2016-10994 MISC |
| trust_form_project -- trust_form | The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. | 2019-09-13 | 4.3 | CVE-2017-18613 MISC MISC |
| typomedia -- wordpress_meta_robots | The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9400 MISC MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | 2019-09-20 | 6.8 | CVE-2015-9394 MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | 2019-09-20 | 6.5 | CVE-2015-9395 MISC MISC MISC |
| vmware -- vcenter_server | VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user?s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out. | 2019-09-18 | 5.8 | CVE-2019-5531 CONFIRM |
| vmware -- vcenter_server | VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | 2019-09-18 | 4.0 | CVE-2019-5532 MISC CONFIRM |
| vmware -- vcenter_server | VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | 2019-09-18 | 4.0 | CVE-2019-5534 MISC CONFIRM |
| webkul -- bagisto | In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | 2019-09-18 | 6.5 | CVE-2019-16403 MISC |
| webmaster-source -- gocodes | The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9398 MISC MISC MISC |
| woocommerce -- persian_woocommerce_sms | The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | 2019-09-17 | 4.3 | CVE-2016-10987 MISC MISC MISC |
| wp-kama -- kama_click_counter | The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. | 2019-09-13 | 4.3 | CVE-2017-18615 MISC |
| wp-piwik_project -- wp-piwik | The wp-piwik plugin before 1.0.5 for WordPress has XSS. | 2019-09-20 | 4.3 | CVE-2015-9405 MISC MISC MISC |
| wpcerber -- cerber_security_antispam_&_malware_scan | The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. | 2019-09-17 | 4.3 | CVE-2016-10990 MISC MISC |
| yourinspirationweb -- beauty-premium | The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. | 2019-09-20 | 4.3 | CVE-2016-10997 MISC EXPLOIT-DB |
| zulip -- zulip_server | The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages. | 2019-09-18 | 4.0 | CVE-2019-16215 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| beego -- beego | The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | 2019-09-16 | 1.9 | CVE-2019-16354 MISC |
| beego -- beego | The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | 2019-09-16 | 2.1 | CVE-2019-16355 MISC |
| bludit -- bludit | In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | 2019-09-15 | 3.5 | CVE-2019-16334 MISC |
| freeipa -- freeipa | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. | 2019-09-17 | 2.1 | CVE-2019-14826 CONFIRM |
| get-simple -- getsimple_cms | GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | 2019-09-15 | 3.5 | CVE-2019-16333 MISC |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | 2019-09-17 | 3.5 | CVE-2019-4342 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. | 2019-09-17 | 3.5 | CVE-2019-4270 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | 2019-09-17 | 3.5 | CVE-2019-4271 XF CONFIRM |
| intel -- 3106_firmware | A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. | 2019-09-16 | 2.9 | CVE-2019-11184 MISC CONFIRM CONFIRM |
| linux -- linux_kernel | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. | 2019-09-13 | 3.6 | CVE-2019-15030 MISC MISC UBUNTU |
| linux -- linux_kernel | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | 2019-09-13 | 3.6 | CVE-2019-15031 MISC MISC UBUNTU |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. | 2019-09-20 | 3.5 | CVE-2015-9389 MISC MISC |
| niushop -- niushop | NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. | 2019-09-14 | 3.5 | CVE-2019-16310 MISC |
| scoreme_project -- scoreme | The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. | 2019-09-17 | 3.5 | CVE-2016-10993 MISC |
| solaplugins -- sola_support_tickets | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | 2019-09-20 | 3.5 | CVE-2016-11012 MISC MISC |
| symantec -- norton_password_manager | Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | 2019-09-17 | 2.1 | CVE-2019-12755 CONFIRM |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | 2019-09-20 | 3.5 | CVE-2015-9392 MISC MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | 2019-09-20 | 3.5 | CVE-2015-9393 MISC MISC |
| webcraftic -- woody_ad_snippets | The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. | 2019-09-13 | 3.5 | CVE-2019-16289 MISC MISC MISC |
| webmaster-source -- gocodes | The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. | 2019-09-20 | 3.5 | CVE-2015-9397 MISC MISC MISC |
| websimon-tables_project -- websimon-tables | The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. | 2019-09-20 | 3.5 | CVE-2015-9401 MISC MISC MISC |
| zrlog -- zrlog | An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | 2019-09-20 | 3.5 | CVE-2019-16643 MISC |
| zulip -- zulip_server | Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. | 2019-09-18 | 3.5 | CVE-2019-16216 CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_web_server | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | 2019-09-13 | not yet calculated | CVE-2019-13532 MISC |
| 3s-smart_software_solutions -- codesys_web_server | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. | 2019-09-13 | not yet calculated | CVE-2019-13548 MISC |
| 3s-smart_sofware_solutions -- codesys_opc_ua_server | 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. | 2019-09-17 | not yet calculated | CVE-2019-13542 MISC |
| 3s-smart_sofware_solutions -- codesys_products | An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. | 2019-09-17 | not yet calculated | CVE-2019-9009 MISC |
| arubanetworks -- arubaos | A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. | 2019-09-13 | not yet calculated | CVE-2019-5315 CONFIRM |
| cobham -- sea_tel_devices | Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. | 2019-09-15 | not yet calculated | CVE-2019-16320 MISC |
| draytek -- vigor2925_devices | On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. | 2019-09-20 | not yet calculated | CVE-2019-16533 MISC |
| draytek -- vigor2925_devices | On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. | 2019-09-20 | not yet calculated | CVE-2019-16534 MISC |
| embedthis -- goahead | An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. | 2019-09-20 | not yet calculated | CVE-2019-16645 MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process. | 2019-09-17 | not yet calculated | CVE-2019-16199 MISC |
| f5 -- big-ip | F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. | 2019-09-20 | not yet calculated | CVE-2019-6649 CONFIRM |
| f5 -- big-ip | F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. | 2019-09-20 | not yet calculated | CVE-2019-6650 CONFIRM |
| ffjpeg -- ffjpeg | ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. | 2019-09-16 | not yet calculated | CVE-2019-16351 MISC |
| ffjpeg -- ffjpeg | ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. | 2019-09-16 | not yet calculated | CVE-2019-16350 MISC |
| ffjpeg -- ffjpeg | ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. | 2019-09-16 | not yet calculated | CVE-2019-16352 MISC |
| firegiant -- wix_toolset | An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path. | 2019-09-19 | not yet calculated | CVE-2019-16511 MISC MISC MISC |
| forcepoint -- vpn_client_for_windows | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. | 2019-09-20 | not yet calculated | CVE-2019-6145 CONFIRM |
| gila_cms -- gila_cms | Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | 2019-09-21 | not yet calculated | CVE-2019-16679 MISC MISC |
| gitlab -- omnibus | An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | 2019-09-16 | not yet calculated | CVE-2019-15741 MISC |
| gnome -- file-roller | An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | 2019-09-21 | not yet calculated | CVE-2019-16680 MISC MISC MISC |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | 2019-09-21 | not yet calculated | CVE-2019-16677 MISC |
| joyplus -- joyplus-cms | joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | 2019-09-21 | not yet calculated | CVE-2019-16655 MISC |
| joyplus -- joyplus-cms | joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | 2019-09-21 | not yet calculated | CVE-2019-16660 MISC |
| joyplus -- joyplus-cms | joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | 2019-09-21 | not yet calculated | CVE-2019-16656 MISC |
| linux -- linux_kernel | There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | 2019-09-20 | not yet calculated | CVE-2019-14814 MLIST MISC CONFIRM MISC FEDORA FEDORA MISC |
| linux -- linux_kernel | There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | 2019-09-20 | not yet calculated | CVE-2019-14816 MLIST MISC CONFIRM MISC FEDORA FEDORA MISC |
| mautic -- mautic | An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | 2019-09-20 | not yet calculated | CVE-2018-11200 CONFIRM |
| node.js -- node.js | The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | 2019-09-20 | not yet calculated | CVE-2019-15138 MISC |
| ogma_cms -- ogma_cms | Ogma CMS 0.5 has XSS via creation of a new blog. | 2019-09-21 | not yet calculated | CVE-2019-16661 MISC |
| pagekit -- pagekit | The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | 2019-09-21 | not yet calculated | CVE-2019-16669 MISC |
| pivotal -- application_service | Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. | 2019-09-20 | not yet calculated | CVE-2019-11280 CONFIRM |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | 2019-09-20 | not yet calculated | CVE-2019-14914 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. | 2019-09-20 | not yet calculated | CVE-2019-14915 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload. | 2019-09-20 | not yet calculated | CVE-2019-14916 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. | 2019-09-20 | not yet calculated | CVE-2019-14911 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. | 2019-09-20 | not yet calculated | CVE-2019-14913 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | 2019-09-20 | not yet calculated | CVE-2019-14912 MISC MISC |
| prospecta -- master_data_online | Prospecta Master Data Online (MDO) allows CSRF. | 2019-09-20 | not yet calculated | CVE-2018-17789 MISC |
| schneider_electric -- apc_ups_network_management_card_2 | A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | 2019-09-17 | not yet calculated | CVE-2018-7820 CONFIRM |
| schneider_electric -- modicon_m580_and_m340_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. | 2019-09-17 | not yet calculated | CVE-2019-6829 CONFIRM |
| schneider_electric -- modicon_m580_controllers | A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. | 2019-09-17 | not yet calculated | CVE-2019-6830 CONFIRM |
| schneider_electric -- spacelynk_and_wiser_for_knx | A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | 2019-09-17 | not yet calculated | CVE-2019-6832 CONFIRM |
| schneider_electric -- u.motion_server | A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. | 2019-09-17 | not yet calculated | CVE-2019-6840 CONFIRM |
| schneider_electric -- u.motion_server | A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page. | 2019-09-17 | not yet calculated | CVE-2019-6835 CONFIRM |
| schneider_electric -- u.motion_server | A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. | 2019-09-17 | not yet calculated | CVE-2019-6837 CONFIRM |
| schneider_electric -- u.motion_server | An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file. | 2019-09-17 | not yet calculated | CVE-2019-6836 CONFIRM |
| schneider_electric -- u.motion_server | An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file. | 2019-09-17 | not yet calculated | CVE-2019-6838 CONFIRM |
| schneider_electric -- u.motion_server | An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file. | 2019-09-17 | not yet calculated | CVE-2019-6839 CONFIRM |
| siemens -- simatic_tdc_cp51m1 | A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-09-13 | not yet calculated | CVE-2019-10937 MISC |
| supermicro -- multiple_products | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | 2019-09-20 | not yet calculated | CVE-2019-16649 MISC MISC MISC |
| supermicro -- x10_and_x11_products | On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. | 2019-09-20 | not yet calculated | CVE-2019-16650 MISC MISC MISC |
| thinksaas -- thinksaas | An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | 2019-09-21 | not yet calculated | CVE-2019-16665 MISC |
|
thinksaas -- thinksaas |
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | 2019-09-21 | not yet calculated | CVE-2019-16664 MISC |
| topcon_positioning -- net-g5_gnss_receiver_devices | An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. | 2019-09-20 | not yet calculated | CVE-2019-11326 MISC |
| topcon_positioning -- net-g5_gnss_receiver_devices | An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. | 2019-09-20 | not yet calculated | CVE-2019-11327 MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | 2019-09-21 | not yet calculated | CVE-2019-16658 MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | 2019-09-21 | not yet calculated | CVE-2019-16657 MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | 2019-09-21 | not yet calculated | CVE-2019-16659 MISC |
| valve -- counter-strike:global_offensive | vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. | 2019-09-19 | not yet calculated | CVE-2019-15943 MISC CONFIRM |
| vmware -- esxi_and_workstation_and_fusion | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | 2019-09-20 | not yet calculated | CVE-2019-5521 MISC CONFIRM |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | 2019-09-20 | not yet calculated | CVE-2016-11008 MISC MISC MISC |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | 2019-09-20 | not yet calculated | CVE-2016-11010 MISC MISC MISC |
| wordpress -- wordpress | The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | 2019-09-20 | not yet calculated | CVE-2016-11004 MISC MISC |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | 2019-09-20 | not yet calculated | CVE-2016-11009 MISC MISC MISC |
| wordpress -- wordpress | The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | 2019-09-20 | not yet calculated | CVE-2014-10397 MISC |
| wordpress -- wordpress | The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | 2019-09-20 | not yet calculated | CVE-2016-11002 MISC MISC |
| wordpress -- wordpress | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 2019-09-20 | not yet calculated | CVE-2016-11001 MISC MISC |
| wordpress -- wordpress | The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. | 2019-09-16 | not yet calculated | CVE-2016-10964 MISC MISC |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | 2019-09-20 | not yet calculated | CVE-2016-11007 MISC MISC MISC |
| wordpress -- wordpress | The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | 2019-09-20 | not yet calculated | CVE-2016-11003 MISC MISC |
| wordpress -- wordpress | The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. | 2019-09-13 | not yet calculated | CVE-2016-10952 MISC MISC MISC |
| wordpress -- wordpress | The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | 2019-09-20 | not yet calculated | CVE-2015-9402 MISC MISC MISC |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | 2019-09-20 | not yet calculated | CVE-2016-11006 MISC MISC MISC |
| wordpress -- wordpress | The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | 2019-09-20 | not yet calculated | CVE-2015-9387 MISC MISC |
| wordpress -- wordpress | The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. | 2019-09-16 | not yet calculated | CVE-2016-10960 MISC MISC |
| wordpress -- wordpress | In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. | 2019-09-15 | not yet calculated | CVE-2019-16332 MISC MISC MISC MISC |
| wordpress -- wordpress | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | 2019-09-20 | not yet calculated | CVE-2016-11011 MISC MISC MISC |
| wordpress -- wordpress | The quotes-and-tips plugin before 1.20 for WordPress has XSS. | 2019-09-20 | not yet calculated | CVE-2015-9385 MISC MISC |
| wordpress -- wordpress | The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. | 2019-09-16 | not yet calculated | CVE-2016-10961 MISC |
| wordpress -- wordpress | The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | 2019-09-20 | not yet calculated | CVE-2015-9388 MISC MISC |
| wordpress -- wordpress | The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | 2019-09-20 | not yet calculated | CVE-2015-9390 MISC MISC |
| wordpress -- wordpress | Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | 2019-09-20 | not yet calculated | CVE-2015-9406 MISC |
| wordpress -- wordpress | The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | 2019-09-13 | not yet calculated | CVE-2016-10949 MISC |
| wordpress -- wordpress | The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | 2019-09-20 | not yet calculated | CVE-2014-10396 MISC |
| yzmcms -- yzmcms | admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | 2019-09-21 | not yet calculated | CVE-2019-16678 MISC |
| zhejiang_dahua_technology -- ip_camera_devices | The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. | 2019-09-18 | not yet calculated | CVE-2019-9677 CONFIRM |
| zhejiang_dahua_technology -- ip_camera_devices | Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. | 2019-09-18 | not yet calculated | CVE-2019-9678 CONFIRM |
| zhejiang_dahua_technology -- ip_camera_devices | Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | 2019-09-18 | not yet calculated | CVE-2019-9679 CONFIRM |
| zhejiang_dahua_technology -- ip_camera_devices | Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. | 2019-09-18 | not yet calculated | CVE-2019-9680 CONFIRM |
| zhejiang_dahua_technology -- ip_camera_devices | Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | 2019-09-17 | not yet calculated | CVE-2019-9681 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-266
Comments
Post a Comment