US-CERT - Vulnerability Summary for the Week of September 23, 2019
Original release date: September 30, 2019
Back to top
Back to top
Back to top
Back to top
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-273
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| centreon -- centreon | SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | 2019-09-25 | 7.5 | CVE-2019-16194 MISC MISC |
| emlog -- emlog | emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | 2019-09-25 | 7.5 | CVE-2019-16868 MISC |
| forcepoint -- vpn_client | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. | 2019-09-20 | 7.2 | CVE-2019-6145 MISC CONFIRM |
| gigastone -- smart_battery_a4_firmware | A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. | 2019-09-25 | 10.0 | CVE-2019-15068 CONFIRM CONFIRM |
| gigastone -- smart_battery_a4_firmware | An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. | 2019-09-25 | 7.5 | CVE-2019-15069 CONFIRM CONFIRM |
| inoideas -- inoerp | download.php in inoERP 4.15 allows SQL injection through insecure deserialization. | 2019-09-26 | 7.5 | CVE-2019-16894 EXPLOIT-DB |
| integard_pro_project -- integard_pro | Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. | 2019-09-22 | 7.5 | CVE-2019-16702 MISC |
| joinmastodon -- mastodon | Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | 2019-09-22 | 7.5 | CVE-2018-21018 MISC MISC MISC MISC |
| joyplus_project -- joyplus | joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | 2019-09-21 | 7.5 | CVE-2019-16656 MISC |
| linea_project -- linea | An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | 2019-09-25 | 7.5 | CVE-2019-16880 CONFIRM |
| linux -- linux_kernel | There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | 2019-09-20 | 7.2 | CVE-2019-14814 SUSE SUSE MLIST MISC CONFIRM MISC MLIST FEDORA FEDORA MISC |
| linux -- linux_kernel | There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | 2019-09-20 | 7.2 | CVE-2019-14816 SUSE SUSE MLIST MISC CONFIRM MISC MLIST FEDORA FEDORA MISC |
| linux -- linux_kernel | An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. | 2019-09-24 | 7.5 | CVE-2019-16746 MISC |
| makandra -- consul | The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | 2019-09-23 | 7.5 | CVE-2019-16377 MISC MISC |
| microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | 2019-09-23 | 7.6 | CVE-2019-1367 MISC |
| netapp -- ontap_select_deploy_administration_utility | ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | 2019-09-24 | 7.5 | CVE-2019-5504 MISC |
| netgate -- pfsense | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | 2019-09-25 | 9.0 | CVE-2019-16701 MISC MISC MISC |
| pam-python_project -- pam-python | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | 2019-09-24 | 7.2 | CVE-2019-16729 MISC MISC MISC |
| phpipam -- phpipam | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | 2019-09-22 | 7.5 | CVE-2019-16692 MISC |
| phpipam -- phpipam | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | 2019-09-22 | 7.5 | CVE-2019-16693 MISC |
| phpipam -- phpipam | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | 2019-09-22 | 7.5 | CVE-2019-16694 MISC |
| phpipam -- phpipam | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | 2019-09-22 | 7.5 | CVE-2019-16695 MISC |
| phpipam -- phpipam | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | 2019-09-22 | 7.5 | CVE-2019-16696 MISC |
| portaudio-rs_project -- portaudio-rs | An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | 2019-09-25 | 7.5 | CVE-2019-16881 CONFIRM |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | 2019-09-20 | 7.5 | CVE-2019-14914 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. | 2019-09-20 | 7.5 | CVE-2019-15088 MISC MISC |
| silverstripe -- silverstripe | In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | 2019-09-25 | 7.5 | CVE-2019-12204 MISC MISC CONFIRM |
| smackcoders -- ultimate_exporter | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | 2019-09-20 | 7.5 | CVE-2016-11000 MISC MISC |
| supermicro -- a1sa2-2750f_firmware | On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. | 2019-09-20 | 7.5 | CVE-2019-16650 MISC MISC MISC |
| suricata-ids -- suricata | An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. | 2019-09-24 | 7.5 | CVE-2019-16411 MISC MISC |
| tuzicms -- tuzicms | App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | 2019-09-20 | 7.5 | CVE-2019-16644 MISC |
| upredsun -- file_sharing_wizard | File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. | 2019-09-24 | 7.5 | CVE-2019-16724 MISC EXPLOIT-DB |
| vbulletin -- vbulletin | vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 2019-09-24 | 7.5 | CVE-2019-16759 MISC MISC MISC MISC |
| wolfssl -- wolfssl | In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. | 2019-09-24 | 7.5 | CVE-2019-16748 MISC |
| yejiao -- tuzicms | App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | 2019-09-20 | 7.5 | CVE-2019-16642 MISC |
| zte -- zxv10_b860a_firmware | All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. | 2019-09-23 | 10.0 | CVE-2019-3416 CONFIRM |
| zzzcms -- zzzphp | ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | 2019-09-23 | 7.5 | CVE-2019-16722 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 5none -- nonecms | NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | 2019-09-23 | 5.8 | CVE-2019-16721 MISC |
| acquia -- mautic | An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | 2019-09-20 | 4.3 | CVE-2018-11200 CONFIRM |
| advantech -- webaccess/hmi_designer | In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | 2019-09-25 | 5.0 | CVE-2019-16899 MISC |
| advantech -- webaccess/hmi_designer | Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | 2019-09-25 | 5.0 | CVE-2019-16900 MISC |
| advantech -- webaccess/hmi_designer | Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | 2019-09-25 | 5.0 | CVE-2019-16901 MISC |
| agentevolution -- impress_listings | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | 2019-09-20 | 4.3 | CVE-2016-11013 MISC MISC |
| alo-easymail_project -- alo-easymail | The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | 2019-09-25 | 4.3 | CVE-2015-9409 MISC MISC MISC |
| altosresearch -- altos-connect | The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | 2019-09-26 | 4.3 | CVE-2015-9444 MISC MISC |
| angrycreative -- bj_lazy_load | The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | 2019-09-25 | 5.0 | CVE-2015-9415 MISC MISC |
| apache -- http_server | In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | 2019-09-26 | 6.4 | CVE-2019-10082 MISC |
| apache -- http_server | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. | 2019-09-26 | 4.3 | CVE-2019-10092 MISC |
| apache -- http_server | In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | 2019-09-25 | 5.8 | CVE-2019-10098 MISC |
| apache -- jspwiki | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 2019-09-23 | 4.3 | CVE-2019-10087 MISC |
| apache -- jspwiki | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 2019-09-23 | 4.3 | CVE-2019-10089 MISC |
| apache -- jspwiki | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 2019-09-23 | 4.3 | CVE-2019-10090 MISC |
| apache -- jspwiki | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 2019-09-23 | 4.3 | CVE-2019-12404 MISC |
| apache -- jspwiki | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 2019-09-23 | 4.3 | CVE-2019-12407 MISC |
| apache -- subversion | In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. | 2019-09-26 | 4.0 | CVE-2018-11782 MISC |
| apache -- subversion | In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. | 2019-09-26 | 5.0 | CVE-2019-0203 MISC |
| apereo -- central_authentication_service | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 2019-09-23 | 5.5 | CVE-2019-10754 MISC MISC MISC MISC MISC |
| attosoft -- auto_thickbox_plus | The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. | 2019-09-20 | 4.3 | CVE-2015-9396 MISC MISC |
| avenirsoft -- directdownload | The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | 2019-09-26 | 4.3 | CVE-2015-9442 MISC MISC |
| bestwebsoft -- quotes_and_tips | The quotes-and-tips plugin before 1.20 for WordPress has XSS. | 2019-09-20 | 4.3 | CVE-2015-9385 MISC MISC |
| bestwebsoft -- relevant | The relevant plugin before 1.0.8 for WordPress has XSS. | 2019-09-20 | 4.3 | CVE-2015-9384 MISC MISC |
| bluestacks -- bluestacks | An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read | 2019-09-24 | 4.9 | CVE-2019-14220 MISC CONFIRM |
| bookmarkify_project -- bookmarkify | The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | 2019-09-26 | 4.3 | CVE-2015-9441 MISC MISC |
| byonepress -- social_locker | The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | 2019-09-25 | 4.3 | CVE-2015-9425 MISC MISC MISC |
| cacti -- cacti | In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | 2019-09-23 | 4.0 | CVE-2019-16723 MISC |
| captain-slider_project -- captain-slider | The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. | 2019-09-25 | 4.3 | CVE-2015-9419 MISC MISC |
| cisco -- ios | A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. | 2019-09-25 | 5.8 | CVE-2019-12665 CISCO |
| cloudfoundry -- cf-deployment | Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | 2019-09-23 | 5.5 | CVE-2019-11277 CONFIRM |
| crazy_bone_project -- crazy_bone | The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | 2019-09-25 | 4.3 | CVE-2015-9430 MISC MISC MISC |
| cure53 -- dompurify | DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | 2019-09-24 | 4.3 | CVE-2019-16728 MISC |
| cyberseo -- xpinner_lite | The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | 2019-09-20 | 4.3 | CVE-2015-9407 MISC MISC MISC |
| cyberseo -- xpinner_lite | The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | 2019-09-20 | 4.3 | CVE-2015-9408 MISC MISC MISC |
| devise_token_auth_project -- devise_token_auth | An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller. | 2019-09-24 | 4.3 | CVE-2019-16751 MISC |
| doc4design -- multicons | The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | 2019-09-25 | 4.3 | CVE-2015-9424 MISC MISC MISC |
| draytek -- vigor2925_firmware | On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware. | 2019-09-20 | 4.3 | CVE-2019-16533 MISC MISC |
| draytek -- vigor2925_firmware | On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware | 2019-09-20 | 4.3 | CVE-2019-16534 MISC MISC |
| e2fsprogs_project -- e2fsprogs | An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | 2019-09-24 | 4.6 | CVE-2019-5094 MISC |
| efficientscripts -- microblog_poster | The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | 2019-09-25 | 6.5 | CVE-2015-9449 MISC MISC MISC |
| elegantthemes -- extra | The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | 2019-09-20 | 6.5 | CVE-2016-11002 MISC MISC |
| elegantthemes -- monarch | The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | 2019-09-20 | 6.5 | CVE-2016-11003 MISC MISC |
| elegantthemes -- monarch | The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | 2019-09-20 | 6.5 | CVE-2016-11004 MISC MISC |
| elfsight -- instalinker | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | 2019-09-20 | 4.3 | CVE-2016-11005 MISC MISC |
| embedthis -- goahead | An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. | 2019-09-20 | 5.0 | CVE-2019-16645 MISC |
| eshop_project -- eshop | The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | 2019-09-25 | 4.3 | CVE-2015-9413 MISC MISC MISC |
| f5 -- big-ip_access_policy_manager | In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. | 2019-09-25 | 5.0 | CVE-2019-6651 MISC |
| f5 -- big-ip_access_policy_manager | On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data. | 2019-09-25 | 4.3 | CVE-2019-6655 MISC |
| f5 -- big-ip_application_security_manager | F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. | 2019-09-20 | 5.8 | CVE-2019-6650 CONFIRM |
| f5 -- big-iq_centralized_management | In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). | 2019-09-25 | 6.4 | CVE-2019-6652 MISC |
| gilacms -- gila_cms | Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | 2019-09-21 | 4.0 | CVE-2019-16679 MISC MISC MISC |
| googmonify_project -- googmonify | The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | 2019-09-25 | 4.3 | CVE-2015-9427 MISC MISC MISC |
| grafana -- grafana | An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. | 2019-09-23 | 4.0 | CVE-2019-15635 MISC MISC |
| hcltech -- appscan_source | HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. | 2019-09-25 | 5.8 | CVE-2019-16188 CONFIRM |
| home-assistant -- home-assistant | Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | 2019-09-23 | 5.0 | CVE-2018-21019 MISC MISC |
| hongcms_project -- hongcms | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) | 2019-09-25 | 5.5 | CVE-2019-16867 MISC |
| html-pdf_project -- html-pdf | The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | 2019-09-20 | 5.0 | CVE-2019-15138 MISC |
| hunspell_project -- hunspell | Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | 2019-09-23 | 4.3 | CVE-2019-16707 MISC |
| ibm -- mq | IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. | 2019-09-26 | 4.0 | CVE-2019-4378 XF CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014. | 2019-09-26 | 5.0 | CVE-2019-4262 XF CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | 2019-09-24 | 4.3 | CVE-2019-4515 XF CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | 2019-09-20 | 5.0 | CVE-2019-4565 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. | 2019-09-20 | 5.0 | CVE-2019-4505 XF CONFIRM |
| idreamsoft -- icms | An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | 2019-09-21 | 5.8 | CVE-2019-16677 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 2019-09-23 | 4.3 | CVE-2019-16708 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | 2019-09-23 | 4.3 | CVE-2019-16709 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 2019-09-23 | 4.3 | CVE-2019-16710 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 2019-09-23 | 4.3 | CVE-2019-16711 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | 2019-09-23 | 4.3 | CVE-2019-16712 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 2019-09-23 | 4.3 | CVE-2019-16713 MISC |
| ipswitch -- moveit_transfer | MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. | 2019-09-24 | 6.4 | CVE-2019-16383 CONFIRM CONFIRM CONFIRM CONFIRM |
| irfanview -- irfanview | In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | 2019-09-25 | 6.8 | CVE-2019-16887 MISC |
| jenkins -- aqua_microscanner | Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 2019-09-25 | 5.0 | CVE-2019-10427 MLIST CONFIRM |
| jenkins -- aqua_security_scanner | Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 2019-09-25 | 5.0 | CVE-2019-10428 MLIST CONFIRM |
| jenkins -- azure_event_grid_notifier | Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10421 MLIST CONFIRM |
| jenkins -- call_remote_job | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10422 MLIST CONFIRM |
| jenkins -- data_theorem_mobile_app_security | Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10413 MLIST CONFIRM |
| jenkins -- google_calendar | Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10425 MLIST CONFIRM |
| jenkins -- inedo_buildmaster | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 2019-09-25 | 5.0 | CVE-2019-10411 MLIST CONFIRM |
| jenkins -- inedo_proget | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 2019-09-25 | 5.0 | CVE-2019-10412 MLIST CONFIRM |
| jenkins -- inheritance-plugin | Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | 2019-09-25 | 4.0 | CVE-2019-10407 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | 2019-09-25 | 4.0 | CVE-2019-10405 MLIST CONFIRM |
| jenkins -- kubernetes_pipeline | Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 2019-09-25 | 6.5 | CVE-2019-10417 MLIST CONFIRM |
| jenkins -- kubernetes_pipeline | Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 2019-09-25 | 6.5 | CVE-2019-10418 MLIST CONFIRM |
| jenkins -- project_inheritance | A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. | 2019-09-25 | 4.0 | CVE-2019-10408 MLIST CONFIRM |
| jenkins -- violation_comments_to_gitlab | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10415 MLIST CONFIRM |
| jenkins -- violation_comments_to_gitlab | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 4.0 | CVE-2019-10416 MLIST CONFIRM |
| joomla -- joomla! | In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | 2019-09-24 | 4.3 | CVE-2019-16725 CONFIRM |
| joyplus_project -- joyplus | joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | 2019-09-21 | 6.4 | CVE-2019-16655 MISC |
| joyplus_project -- joyplus | joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | 2019-09-21 | 6.8 | CVE-2019-16660 MISC |
| kiwi-logo-carousel_project -- kiwi-logo-carousel | The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | 2019-09-25 | 4.3 | CVE-2015-9434 MISC MISC MISC |
| kkcms_project -- kkcms | kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | 2019-09-23 | 6.8 | CVE-2019-16706 MISC |
| libgcrypt20_project -- libgcrypt20 | It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | 2019-09-25 | 6.8 | CVE-2019-13627 SUSE MISC MLIST MISC |
| libming -- libming | Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | 2019-09-23 | 6.4 | CVE-2019-16705 MISC |
| linux -- linux_kernel | In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | 2019-09-23 | 5.0 | CVE-2019-16714 MLIST MLIST MISC MISC |
| mediawiki -- mediawiki | In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 2019-09-25 | 5.0 | CVE-2019-16738 MISC |
| microsoft -- forefront_endpoint_protection_2010 | A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | 2019-09-23 | 5.0 | CVE-2019-1255 MISC |
| momizat -- goodnews | The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | 2019-09-20 | 4.3 | CVE-2016-10999 MISC |
| monetize_project -- monetize | The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | 2019-09-26 | 4.3 | CVE-2015-9440 MISC MISC |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. | 2019-09-20 | 4.3 | CVE-2015-9386 MISC MISC |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | 2019-09-20 | 4.3 | CVE-2015-9387 MISC MISC |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | 2019-09-20 | 4.3 | CVE-2015-9388 MISC MISC |
| netapp -- ontap_select_deploy_administration_utility | ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | 2019-09-24 | 5.0 | CVE-2019-5505 MISC |
| netgate -- pfsense | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. | 2019-09-26 | 4.3 | CVE-2019-16914 MISC MISC MISC |
| neuvoo -- neuvoo-jobroll | The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. | 2019-09-20 | 4.3 | CVE-2015-9403 MISC MISC |
| neuvoo -- neuvoo-jobroll | The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. | 2019-09-20 | 4.3 | CVE-2015-9404 MISC MISC |
| novnc -- novnc | An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | 2019-09-25 | 4.3 | CVE-2017-18635 MISC MISC MISC MISC |
| nxp -- kinetis_k8x_firmware | On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. | 2019-09-24 | 4.6 | CVE-2019-14239 MISC MISC |
| ocimscripts -- ocim-mp3 | The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | 2019-09-20 | 4.3 | CVE-2016-10998 MISC |
| olevmedia -- olevmedia_shortcodes | The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | 2019-09-25 | 4.3 | CVE-2015-9421 MISC MISC MISC |
| optinmonster -- optinmonster | The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | 2019-09-20 | 5.0 | CVE-2016-10996 MISC MISC |
| organizedthemes -- epic | The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | 2019-09-20 | 5.0 | CVE-2014-10396 MISC |
| ostenta -- yawpp | The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | 2019-09-20 | 4.3 | CVE-2015-9391 MISC MISC |
| pac4j -- pac4j | The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml. | 2019-09-23 | 4.0 | CVE-2019-10755 MISC |
| pagekit -- pagekit | The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | 2019-09-21 | 5.0 | CVE-2019-16669 MISC |
| para -- antioch | The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | 2019-09-20 | 5.0 | CVE-2014-10397 MISC |
| phpmywind -- phpmywind | admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | 2019-09-23 | 4.3 | CVE-2019-16703 MISC |
| pivotal_software -- pivotal_application_service | Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. | 2019-09-20 | 6.5 | CVE-2019-11280 CONFIRM |
| plugin-planet -- user_submitted_posts | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | 2019-09-20 | 4.3 | CVE-2016-11001 MISC MISC |
| plutinosoft -- platinum | Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. | 2019-09-26 | 5.0 | CVE-2019-16903 MISC MISC |
| pressified -- sendpress | The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | 2019-09-26 | 6.5 | CVE-2015-9448 MISC MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. | 2019-09-20 | 4.3 | CVE-2019-14911 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | 2019-09-20 | 5.8 | CVE-2019-14912 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. | 2019-09-20 | 4.3 | CVE-2019-14915 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. | 2019-09-20 | 5.0 | CVE-2019-15085 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | 2019-09-20 | 4.3 | CVE-2019-15086 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. | 2019-09-20 | 6.5 | CVE-2019-15087 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | 2019-09-20 | 6.8 | CVE-2019-15089 MISC MISC |
| prospecta -- master_data_online | Prospecta Master Data Online (MDO) allows CSRF. | 2019-09-20 | 4.3 | CVE-2018-17789 MISC |
| qemu -- qemu | In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | 2019-09-24 | 5.0 | CVE-2019-12068 MISC MLIST MISC MISC |
| qurl -- dynamic_widgets | The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | 2019-09-25 | 4.3 | CVE-2015-9437 MISC MISC MISC |
| radare -- radare2 | In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. | 2019-09-23 | 6.8 | CVE-2019-16718 MISC MISC MISC |
| redhat -- tectonic | CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. | 2019-09-24 | 4.3 | CVE-2018-9090 MISC MISC |
| redlion -- crimson | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | 2019-09-23 | 6.8 | CVE-2019-10978 MISC |
| redlion -- crimson | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | 2019-09-23 | 6.8 | CVE-2019-10984 MISC |
| redlion -- crimson | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | 2019-09-23 | 4.3 | CVE-2019-10990 MISC |
| redlion -- crimson | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | 2019-09-23 | 6.8 | CVE-2019-10996 MISC |
| riot-os -- riot | RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet. | 2019-09-24 | 5.0 | CVE-2019-16754 MISC |
| rockwellautomation -- arena_simulation_software | In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. | 2019-09-24 | 6.8 | CVE-2019-13527 MISC |
| sahipro -- sahi_pro | Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. | 2019-09-23 | 5.0 | CVE-2019-13063 MISC EXPLOIT-DB |
| sick -- fx0-gent00000_firmware | SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | 2019-09-24 | 5.0 | CVE-2019-14753 MISC CONFIRM |
| silverstripe -- silverstripe | SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | 2019-09-25 | 4.3 | CVE-2019-12205 MISC MISC CONFIRM |
| silverstripe -- silverstripe | SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. | 2019-09-25 | 5.0 | CVE-2019-12245 MISC MISC CONFIRM |
| silverstripe -- silverstripe | In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | 2019-09-26 | 4.0 | CVE-2019-12617 MISC MISC MISC CONFIRM |
| silverstripe -- silverstripe | In SilverStripe assets 4.0, there is broken access control on files. | 2019-09-26 | 5.0 | CVE-2019-14273 MISC MISC MISC CONFIRM |
| slidervilla -- testimonial_slider | The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | 2019-09-25 | 4.3 | CVE-2015-9417 MISC MISC |
| st -- stm32f4_firmware | On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 2019-09-24 | 4.6 | CVE-2019-14238 MISC MISC |
| string-interner_project -- string-interner | An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | 2019-09-25 | 5.0 | CVE-2019-16882 CONFIRM |
| supermicro -- a1sa2-2750f_firmware | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | 2019-09-20 | 5.0 | CVE-2019-16649 MISC MISC MISC |
| suricata-ids -- suricata | An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. | 2019-09-24 | 6.4 | CVE-2019-15699 MISC MISC |
| suricata-ids -- suricata | An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. | 2019-09-24 | 6.4 | CVE-2019-16410 MISC MISC |
| thinksaas -- thinksaas | An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | 2019-09-21 | 4.3 | CVE-2019-16665 MISC |
| topcon -- net-g5_firmware | An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. | 2019-09-20 | 6.5 | CVE-2019-11326 MISC |
| topcon -- net-g5_firmware | An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. | 2019-09-20 | 4.0 | CVE-2019-11327 MISC |
| totaldefense -- anti-virus | In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | 2019-09-24 | 4.6 | CVE-2019-13355 MISC MISC |
| totaldefense -- anti-virus | In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | 2019-09-24 | 4.6 | CVE-2019-13356 MISC MISC |
| totaldefense -- anti-virus | In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. | 2019-09-24 | 4.6 | CVE-2019-13357 MISC MISC |
| trivetechnology -- wp-stats-dashboard | The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9399 MISC MISC MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | 2019-09-21 | 4.3 | CVE-2019-16657 MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | 2019-09-21 | 6.8 | CVE-2019-16658 MISC |
| tuzicms -- tuzicms | TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | 2019-09-21 | 6.8 | CVE-2019-16659 MISC |
| typomedia -- wordpress_meta_robots | The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9400 MISC MISC MISC |
| unitegallery -- unite_gallery_lite | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | 2019-09-26 | 6.8 | CVE-2015-9445 MISC MISC MISC |
| unitegallery -- unite_gallery_lite | The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | 2019-09-26 | 6.5 | CVE-2015-9446 MISC MISC MISC |
| unitegallery -- unite_gallery_lite | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | 2019-09-26 | 4.3 | CVE-2015-9447 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | 2019-09-20 | 5.0 | CVE-2016-11006 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | 2019-09-20 | 5.0 | CVE-2016-11007 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | 2019-09-20 | 5.0 | CVE-2016-11008 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | 2019-09-20 | 5.0 | CVE-2016-11009 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | 2019-09-20 | 5.0 | CVE-2016-11010 MISC MISC MISC |
| usabilitydynamics -- wp-invoice | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | 2019-09-20 | 4.0 | CVE-2016-11011 MISC MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | 2019-09-20 | 6.8 | CVE-2015-9394 MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | 2019-09-20 | 6.5 | CVE-2015-9395 MISC MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | 2019-09-20 | 6.8 | CVE-2015-9402 MISC MISC MISC |
| vmware -- fusion | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | 2019-09-20 | 5.5 | CVE-2019-5521 MISC CONFIRM |
| webmaster-source -- gocodes | The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | 2019-09-20 | 6.5 | CVE-2015-9398 MISC MISC MISC |
| wp-piwik_project -- wp-piwik | The wp-piwik plugin before 1.0.5 for WordPress has XSS. | 2019-09-20 | 4.3 | CVE-2015-9405 MISC MISC MISC |
| wp_accurate_form_data_project -- wp_accurate_form_data | The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | 2019-09-26 | 4.3 | CVE-2015-9443 MISC MISC |
| wplegalpages -- wp_legal_pages | The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | 2019-09-25 | 4.3 | CVE-2015-9428 MISC MISC MISC |
| wpsymposiumpro -- wp-symposium | The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. | 2019-09-25 | 4.3 | CVE-2015-9414 MISC MISC |
| wtcms_project -- wtcms | WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | 2019-09-23 | 4.3 | CVE-2019-16719 MISC |
| yourinspirationweb -- beauty-premium | The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. | 2019-09-20 | 4.3 | CVE-2016-10997 MISC EXPLOIT-DB |
| yzmcms -- yzmcms | admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | 2019-09-21 | 4.3 | CVE-2019-16678 MISC |
| zzzcms -- zzzphp | ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | 2019-09-23 | 5.0 | CVE-2019-16720 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| addthis -- addthis | The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | 2019-09-25 | 3.5 | CVE-2015-9439 MISC MISC MISC |
| blubrry -- powerpress_podcasting | The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. | 2019-09-25 | 3.5 | CVE-2015-9410 MISC MISC |
| digimute -- ogma_cms | Ogma CMS 0.5 has XSS via creation of a new blog. | 2019-09-21 | 3.5 | CVE-2019-16661 MISC |
| display-widgets_project -- display-widgets | The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | 2019-09-25 | 3.5 | CVE-2015-9438 MISC MISC MISC |
| f5 -- big-ip_access_policy_manager | On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | 2019-09-25 | 3.3 | CVE-2019-6654 MISC |
| f5 -- big-iq_centralized_management | There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles. | 2019-09-25 | 3.5 | CVE-2019-6653 MISC |
| halo -- halo | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 2019-09-25 | 3.5 | CVE-2019-16890 MISC |
| ibm -- content_navigator | IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. | 2019-09-25 | 3.5 | CVE-2019-4571 XF CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | 2019-09-24 | 2.1 | CVE-2019-4566 XF CONFIRM |
| jenkins -- assembla | Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10420 MLIST CONFIRM |
| jenkins -- codescan | Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10423 MLIST CONFIRM |
| jenkins -- eloyente | Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10424 MLIST CONFIRM |
| jenkins -- gem_publisher | Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10426 MLIST CONFIRM |
| jenkins -- git_changelog | Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 2019-09-25 | 3.5 | CVE-2019-10414 MLIST CONFIRM |
| jenkins -- gitlab_logo | Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10429 MLIST CONFIRM |
| jenkins -- jenkins | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | 2019-09-25 | 3.5 | CVE-2019-10401 MLIST CONFIRM |
| jenkins -- jenkins | In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | 2019-09-25 | 3.5 | CVE-2019-10402 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | 2019-09-25 | 3.5 | CVE-2019-10403 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | 2019-09-25 | 3.5 | CVE-2019-10404 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 2019-09-25 | 3.5 | CVE-2019-10406 MLIST CONFIRM |
| jenkins -- neuvector_vulnerability_scanner | Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10430 MLIST CONFIRM |
| jenkins -- vfabric_application_director | Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-09-25 | 2.1 | CVE-2019-10419 MLIST CONFIRM |
| manual_image_crop_project -- manual_image_crop | The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | 2019-09-25 | 3.5 | CVE-2015-9426 MISC MISC MISC |
| mtouch_quiz_project -- mtouch_quiz | The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. | 2019-09-20 | 3.5 | CVE-2015-9389 MISC MISC |
| phpmywind -- phpmywind | admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | 2019-09-23 | 3.5 | CVE-2019-16704 MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. | 2019-09-20 | 3.5 | CVE-2019-14913 MISC MISC |
| qurl -- dynamic_widgets | The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. | 2019-09-25 | 3.5 | CVE-2015-9436 MISC MISC MISC |
| silverstripe -- silverstripe | SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 2019-09-25 | 3.7 | CVE-2019-12203 MISC MISC CONFIRM |
| silverstripe -- silverstripe | In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | 2019-09-26 | 3.5 | CVE-2019-14272 MISC MISC MISC CONFIRM |
| solaplugins -- sola_support_tickets | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | 2019-09-20 | 3.5 | CVE-2016-11012 MISC MISC |
| teampass -- teampass | TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.) | 2019-09-26 | 3.5 | CVE-2019-16904 MISC |
| thinksaas -- thinksaas | An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | 2019-09-21 | 3.5 | CVE-2019-16664 MISC |
| traveloka -- traveloka | The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. | 2019-09-21 | 2.6 | CVE-2019-16681 MISC MISC |
| tridium -- niagara4 | A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). | 2019-09-24 | 2.1 | CVE-2019-13528 MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | 2019-09-20 | 3.5 | CVE-2015-9392 MISC MISC MISC |
| usersultra -- users_ultra_membership | The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | 2019-09-20 | 3.5 | CVE-2015-9393 MISC MISC |
| vandyvape -- swell_kit_mod_firmware | An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values. | 2019-09-23 | 3.3 | CVE-2019-16518 MISC |
| webmaster-source -- gocodes | The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. | 2019-09-20 | 3.5 | CVE-2015-9397 MISC MISC MISC |
| websimon-tables_project -- websimon-tables | The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. | 2019-09-20 | 3.5 | CVE-2015-9401 MISC MISC MISC |
| zrlog -- zrlog | An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | 2019-09-20 | 3.5 | CVE-2019-16643 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- coldfusion | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | 2019-09-27 | not yet calculated | CVE-2019-8074 CONFIRM |
| adobe -- coldfusion | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | 2019-09-27 | not yet calculated | CVE-2019-8072 CONFIRM |
| adobe -- coldfusion | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. | 2019-09-27 | not yet calculated | CVE-2019-8073 CONFIRM |
| adobe -- flash_player | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | 2019-09-27 | not yet calculated | CVE-2019-8075 CONFIRM |
| apache -- http_server | In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | 2019-09-26 | not yet calculated | CVE-2019-10097 MISC |
| arm -- mbed_tls_and_mbed_crypto | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | 2019-09-26 | not yet calculated | CVE-2019-16910 MISC |
| bmc_software -- myit_digital_workplace_dwp | A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI. | 2019-09-26 | not yet calculated | CVE-2019-16755 CONFIRM |
| cisco -- 4000_series_service_routers | A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails. | 2019-09-25 | not yet calculated | CVE-2019-12664 CISCO |
| cisco -- asr_9000_series_aggregation_services_routers | A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise. | 2019-09-25 | not yet calculated | CVE-2019-12709 CISCO |
| cisco -- catalyst_4000_series_switches | A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. | 2019-09-25 | not yet calculated | CVE-2019-12652 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2019-09-25 | not yet calculated | CVE-2019-12647 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. | 2019-09-25 | not yet calculated | CVE-2019-12654 CISCO |
| cisco -- ios_and_ios_xe_software | A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. | 2019-09-25 | not yet calculated | CVE-2019-12668 CISCO |
| cisco -- ios_software | A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. | 2019-09-25 | not yet calculated | CVE-2019-12648 CISCO |
| cisco -- ios_xe_software | A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2019-09-25 | not yet calculated | CVE-2019-12669 CISCO |
| cisco -- ios_xe_software | A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload. | 2019-09-25 | not yet calculated | CVE-2019-12655 CISCO |
| cisco -- ios_xe_software | A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2019-09-25 | not yet calculated | CVE-2019-12657 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. | 2019-09-25 | not yet calculated | CVE-2019-12663 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. | 2019-09-25 | not yet calculated | CVE-2019-12653 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. | 2019-09-25 | not yet calculated | CVE-2019-12666 CISCO |
| cisco -- ios_xe_software | A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. | 2019-09-25 | not yet calculated | CVE-2019-12659 CISCO |
| cisco -- ios_xe_software | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. | 2019-09-25 | not yet calculated | CVE-2019-12660 CISCO |
| cisco -- ios_xe_software | A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. | 2019-09-25 | not yet calculated | CVE-2019-12658 CISCO |
| cisco -- ios_xe_software | Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-09-25 | not yet calculated | CVE-2019-12651 CISCO |
| cisco -- ios_xe_software | A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. | 2019-09-25 | not yet calculated | CVE-2019-12661 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. | 2019-09-25 | not yet calculated | CVE-2019-12649 CISCO |
| cisco -- ios_xe_software | Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-09-25 | not yet calculated | CVE-2019-12650 CISCO |
| cisco -- ios_xe_software | A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. | 2019-09-25 | not yet calculated | CVE-2019-12667 CISCO |
| cisco -- ios_xe_software | A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2019-09-25 | not yet calculated | CVE-2019-12646 CISCO |
| cisco -- ios_xe_software | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. | 2019-09-25 | not yet calculated | CVE-2019-12671 CISCO |
| cisco -- ios_xe_software | A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. | 2019-09-25 | not yet calculated | CVE-2019-12672 CISCO |
| cisco -- ios_xe_software | A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. | 2019-09-25 | not yet calculated | CVE-2019-12670 CISCO |
| cisco -- multiple_cisco_platforms | A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. | 2019-09-25 | not yet calculated | CVE-2019-12656 CISCO |
| cisco -- nx-os_software | A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability. | 2019-09-25 | not yet calculated | CVE-2019-12717 CISCO |
| cisco -- nx-os_software_and_ios_xe_software | A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. | 2019-09-25 | not yet calculated | CVE-2019-12662 CISCO |
| ckeditor -- ckfinder | An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. | 2019-09-26 | not yet calculated | CVE-2019-15891 MISC |
| ckeditor -- ckfinder | An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | 2019-09-26 | not yet calculated | CVE-2019-15862 MISC |
| cloud_foundry -- uaa | CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | 2019-09-26 | not yet calculated | CVE-2019-11278 CONFIRM |
| cloud_foundry -- uaa | CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | 2019-09-26 | not yet calculated | CVE-2019-11279 CONFIRM |
| corsair -- link | The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. | 2019-09-27 | not yet calculated | CVE-2018-19592 MISC MISC |
| d-link -- multiple_products | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. | 2019-09-27 | not yet calculated | CVE-2019-16920 MISC |
| dell -- update_package_and_emc_servers | An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. | 2019-09-24 | not yet calculated | CVE-2019-3726 CONFIRM |
| dnn_software -- dotnetnuke | Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | 2019-09-26 | not yet calculated | CVE-2019-12562 MISC |
| f5 -- big-ip_and_enterprise_manager | F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. | 2019-09-20 | not yet calculated | CVE-2019-6649 CONFIRM |
| f5 -- big-ip_apm_edge_client | BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. | 2019-09-25 | not yet calculated | CVE-2019-6656 MISC |
| gigastone -- smart_battery_a2-25de | An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. | 2019-09-25 | not yet calculated | CVE-2019-15067 CONFIRM CONFIRM |
| glpi_project -- glpi | GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. | 2019-09-25 | not yet calculated | CVE-2019-14666 MISC MISC |
| gnome -- file-roller | An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | 2019-09-21 | not yet calculated | CVE-2019-16680 MISC MISC MISC UBUNTU |
| honeywell -- performance_ip_cameras_and_performance_nvrs | In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. | 2019-09-26 | not yet calculated | CVE-2019-13523 MISC |
| ibm -- mq | IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. | 2019-09-27 | not yet calculated | CVE-2019-4141 XF CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | 2019-09-25 | not yet calculated | CVE-2019-10409 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. | 2019-09-25 | not yet calculated | CVE-2019-10410 MLIST CONFIRM |
| kkcms_project -- kkcms | kkcms 1.3 has jx.php?url= XSS. | 2019-09-27 | not yet calculated | CVE-2019-16923 MISC |
| lemonldap-ng -- lemonldap-ng | OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. | 2019-09-25 | not yet calculated | CVE-2019-15941 MISC MISC BUGTRAQ DEBIAN |
| lenovo -- system_update | A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 2019-09-26 | not yet calculated | CVE-2019-6175 MISC |
| lenovo -- thinkagile_cloud_platform-storage_block_bmc | An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. | 2019-09-26 | not yet calculated | CVE-2019-6161 MISC |
| libreoffice -- libreoffice | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. | 2019-09-27 | not yet calculated | CVE-2019-9853 CONFIRM |
| linux -- linux_kernel | In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. | 2019-09-27 | not yet calculated | CVE-2019-16921 MISC MISC |
| mit_kerberos -- krb5 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. | 2019-09-26 | not yet calculated | CVE-2019-14844 CONFIRM MISC |
| netgate -- pfsense | diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | 2019-09-26 | not yet calculated | CVE-2019-16667 MISC |
| netgate -- pfsense | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. | 2019-09-26 | not yet calculated | CVE-2019-16915 MISC MISC MISC |
| netskope -- netskope_client_service | The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. | 2019-09-26 | not yet calculated | CVE-2019-12091 MISC CONFIRM CONFIRM |
| netskope -- netskope_client_service | The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. | 2019-09-26 | not yet calculated | CVE-2019-10882 MISC CONFIRM CONFIRM |
| netty -- netty | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | 2019-09-26 | not yet calculated | CVE-2019-16869 MISC MISC |
| phpbb -- phpbb | phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS | 2019-09-27 | not yet calculated | CVE-2019-13376 MISC MISC |
| prise -- adas | An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload. | 2019-09-20 | not yet calculated | CVE-2019-14916 MISC MISC |
| rubyzip_gem_for_ruby_on_rails -- rubyzip_gem_for_ruby_on_rails | In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). | 2019-09-25 | not yet calculated | CVE-2019-16892 MISC |
| runc -- runc | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 2019-09-25 | not yet calculated | CVE-2019-16884 MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | 2019-09-27 | not yet calculated | CVE-2019-16922 MISC |
| samsung -- samsungtts_for_android | The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | 2019-09-25 | not yet calculated | CVE-2019-16253 MISC |
| silverstripe -- silverstripe | In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) | 2019-09-26 | not yet calculated | CVE-2019-16409 MISC MISC CONFIRM |
| ubiquiti -- edgemax_devices | Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | 2019-09-25 | not yet calculated | CVE-2019-16889 MISC MISC MISC |
| wordpress -- wordpress | The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. | 2019-09-25 | not yet calculated | CVE-2015-9433 MISC MISC MISC |
| wordpress -- wordpress | The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 2019-09-25 | not yet calculated | CVE-2015-9429 MISC MISC MISC |
| wordpress -- wordpress | The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. | 2019-09-25 | not yet calculated | CVE-2015-9423 MISC MISC MISC |
| wordpress -- wordpress | The Postmatic plugin before 1.4.6 for WordPress has XSS. | 2019-09-25 | not yet calculated | CVE-2015-9411 MISC MISC |
| wordpress -- wordpress | The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | 2019-09-25 | not yet calculated | CVE-2015-9416 MISC MISC |
| wordpress -- wordpress | The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | 2019-09-25 | not yet calculated | CVE-2015-9418 MISC MISC MISC |
| wordpress -- wordpress | The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | 2019-09-25 | not yet calculated | CVE-2015-9422 MISC MISC MISC |
| wordpress -- wordpress | Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | 2019-09-20 | not yet calculated | CVE-2015-9406 MISC MISC |
| wordpress -- wordpress | The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | 2019-09-25 | not yet calculated | CVE-2015-9432 MISC MISC MISC |
| wordpress -- wordpress | The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | 2019-09-25 | not yet calculated | CVE-2015-9435 MISC MISC |
| wordpress -- wordpress | The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. | 2019-09-26 | not yet calculated | CVE-2019-16524 MISC CONFIRM MISC |
| wordpress -- wordpress | In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. | 2019-09-27 | not yet calculated | CVE-2019-16902 MISC MISC |
| wordpress -- wordpress | The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | 2019-09-20 | not yet calculated | CVE-2015-9390 MISC MISC |
| wordpress -- wordpress | The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | 2019-09-25 | not yet calculated | CVE-2015-9431 MISC MISC MISC |
| wordpress -- wordpress | The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | 2019-09-25 | not yet calculated | CVE-2015-9420 MISC MISC MISC |
| wordpress -- wordpress | The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. | 2019-09-25 | not yet calculated | CVE-2015-9412 MISC MISC |
| yzmcms -- yzmcms | An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | 2019-09-26 | not yet calculated | CVE-2019-16532 MISC EXPLOIT-DB |
This product is provided subject to this Notification and this Privacy & Use policy.
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-273
Comments
Post a Comment