US-CERT - Vulnerability Summary for the Week of September 23, 2019

Original release date: September 30, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
centreon -- centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. 2019-09-25 7.5 CVE-2019-16194
MISC
MISC
emlog -- emlog emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. 2019-09-25 7.5 CVE-2019-16868
MISC
forcepoint -- vpn_client Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. 2019-09-20 7.2 CVE-2019-6145
MISC
CONFIRM
gigastone -- smart_battery_a4_firmware A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. 2019-09-25 10.0 CVE-2019-15068
CONFIRM
CONFIRM
gigastone -- smart_battery_a4_firmware An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. 2019-09-25 7.5 CVE-2019-15069
CONFIRM
CONFIRM
inoideas -- inoerp download.php in inoERP 4.15 allows SQL injection through insecure deserialization. 2019-09-26 7.5 CVE-2019-16894
EXPLOIT-DB
integard_pro_project -- integard_pro Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. 2019-09-22 7.5 CVE-2019-16702
MISC
joinmastodon -- mastodon Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. 2019-09-22 7.5 CVE-2018-21018
MISC
MISC
MISC
MISC
joyplus_project -- joyplus joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. 2019-09-21 7.5 CVE-2019-16656
MISC
linea_project -- linea An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. 2019-09-25 7.5 CVE-2019-16880
CONFIRM
linux -- linux_kernel There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 7.2 CVE-2019-14814
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux -- linux_kernel There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 7.2 CVE-2019-14816
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux -- linux_kernel An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. 2019-09-24 7.5 CVE-2019-16746
MISC
makandra -- consul The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. 2019-09-23 7.5 CVE-2019-16377
MISC
MISC
microsoft -- internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. 2019-09-23 7.6 CVE-2019-1367
MISC
netapp -- ontap_select_deploy_administration_utility ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. 2019-09-24 7.5 CVE-2019-5504
MISC
netgate -- pfsense pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. 2019-09-25 9.0 CVE-2019-16701
MISC
MISC
MISC
pam-python_project -- pam-python pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. 2019-09-24 7.2 CVE-2019-16729
MISC
MISC
MISC
phpipam -- phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16692
MISC
phpipam -- phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16693
MISC
phpipam -- phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16694
MISC
phpipam -- phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16695
MISC
phpipam -- phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16696
MISC
portaudio-rs_project -- portaudio-rs An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. 2019-09-25 7.5 CVE-2019-16881
CONFIRM
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. 2019-09-20 7.5 CVE-2019-14914
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. 2019-09-20 7.5 CVE-2019-15088
MISC
MISC
silverstripe -- silverstripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. 2019-09-25 7.5 CVE-2019-12204
MISC
MISC
CONFIRM
smackcoders -- ultimate_exporter The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. 2019-09-20 7.5 CVE-2016-11000
MISC
MISC
supermicro -- a1sa2-2750f_firmware On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. 2019-09-20 7.5 CVE-2019-16650
MISC
MISC
MISC
suricata-ids -- suricata An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. 2019-09-24 7.5 CVE-2019-16411
MISC
MISC
tuzicms -- tuzicms App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16644
MISC
upredsun -- file_sharing_wizard File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. 2019-09-24 7.5 CVE-2019-16724
MISC
EXPLOIT-DB
vbulletin -- vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. 2019-09-24 7.5 CVE-2019-16759
MISC
MISC
MISC
MISC
wolfssl -- wolfssl In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. 2019-09-24 7.5 CVE-2019-16748
MISC
yejiao -- tuzicms App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16642
MISC
zte -- zxv10_b860a_firmware All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. 2019-09-23 10.0 CVE-2019-3416
CONFIRM
zzzcms -- zzzphp ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. 2019-09-23 7.5 CVE-2019-16722
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
5none -- nonecms NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. 2019-09-23 5.8 CVE-2019-16721
MISC
acquia -- mautic An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. 2019-09-20 4.3 CVE-2018-11200
CONFIRM
advantech -- webaccess/hmi_designer In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. 2019-09-25 5.0 CVE-2019-16899
MISC
advantech -- webaccess/hmi_designer Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. 2019-09-25 5.0 CVE-2019-16900
MISC
advantech -- webaccess/hmi_designer Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. 2019-09-25 5.0 CVE-2019-16901
MISC
agentevolution -- impress_listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. 2019-09-20 4.3 CVE-2016-11013
MISC
MISC
alo-easymail_project -- alo-easymail The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. 2019-09-25 4.3 CVE-2015-9409
MISC
MISC
MISC
altosresearch -- altos-connect The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. 2019-09-26 4.3 CVE-2015-9444
MISC
MISC
angrycreative -- bj_lazy_load The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. 2019-09-25 5.0 CVE-2015-9415
MISC
MISC
apache -- http_server In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. 2019-09-26 6.4 CVE-2019-10082
MISC
apache -- http_server In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. 2019-09-26 4.3 CVE-2019-10092
MISC
apache -- http_server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. 2019-09-25 5.8 CVE-2019-10098
MISC
apache -- jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10087
MISC
apache -- jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10089
MISC
apache -- jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10090
MISC
apache -- jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-12404
MISC
apache -- jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-12407
MISC
apache -- subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. 2019-09-26 4.0 CVE-2018-11782
MISC
apache -- subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. 2019-09-26 5.0 CVE-2019-0203
MISC
apereo -- central_authentication_service Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. 2019-09-23 5.5 CVE-2019-10754
MISC
MISC
MISC
MISC
MISC
attosoft -- auto_thickbox_plus The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. 2019-09-20 4.3 CVE-2015-9396
MISC
MISC
avenirsoft -- directdownload The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. 2019-09-26 4.3 CVE-2015-9442
MISC
MISC
bestwebsoft -- quotes_and_tips The quotes-and-tips plugin before 1.20 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9385
MISC
MISC
bestwebsoft -- relevant The relevant plugin before 1.0.8 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9384
MISC
MISC
bluestacks -- bluestacks An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read 2019-09-24 4.9 CVE-2019-14220
MISC
CONFIRM
bookmarkify_project -- bookmarkify The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. 2019-09-26 4.3 CVE-2015-9441
MISC
MISC
byonepress -- social_locker The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. 2019-09-25 4.3 CVE-2015-9425
MISC
MISC
MISC
cacti -- cacti In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. 2019-09-23 4.0 CVE-2019-16723
MISC
captain-slider_project -- captain-slider The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. 2019-09-25 4.3 CVE-2015-9419
MISC
MISC
cisco -- ios A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. 2019-09-25 5.8 CVE-2019-12665
CISCO
cloudfoundry -- cf-deployment Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. 2019-09-23 5.5 CVE-2019-11277
CONFIRM
crazy_bone_project -- crazy_bone The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. 2019-09-25 4.3 CVE-2015-9430
MISC
MISC
MISC
cure53 -- dompurify DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. 2019-09-24 4.3 CVE-2019-16728
MISC
cyberseo -- xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. 2019-09-20 4.3 CVE-2015-9407
MISC
MISC
MISC
cyberseo -- xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9408
MISC
MISC
MISC
devise_token_auth_project -- devise_token_auth An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller. 2019-09-24 4.3 CVE-2019-16751
MISC
doc4design -- multicons The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. 2019-09-25 4.3 CVE-2015-9424
MISC
MISC
MISC
draytek -- vigor2925_firmware On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware. 2019-09-20 4.3 CVE-2019-16533
MISC
MISC
draytek -- vigor2925_firmware On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware 2019-09-20 4.3 CVE-2019-16534
MISC
MISC
e2fsprogs_project -- e2fsprogs An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. 2019-09-24 4.6 CVE-2019-5094
MISC
efficientscripts -- microblog_poster The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. 2019-09-25 6.5 CVE-2015-9449
MISC
MISC
MISC
elegantthemes -- extra The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11002
MISC
MISC
elegantthemes -- monarch The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11003
MISC
MISC
elegantthemes -- monarch The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11004
MISC
MISC
elfsight -- instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. 2019-09-20 4.3 CVE-2016-11005
MISC
MISC
embedthis -- goahead An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. 2019-09-20 5.0 CVE-2019-16645
MISC
eshop_project -- eshop The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. 2019-09-25 4.3 CVE-2015-9413
MISC
MISC
MISC
f5 -- big-ip_access_policy_manager In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. 2019-09-25 5.0 CVE-2019-6651
MISC
f5 -- big-ip_access_policy_manager On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data. 2019-09-25 4.3 CVE-2019-6655
MISC
f5 -- big-ip_application_security_manager F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. 2019-09-20 5.8 CVE-2019-6650
CONFIRM
f5 -- big-iq_centralized_management In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). 2019-09-25 6.4 CVE-2019-6652
MISC
gilacms -- gila_cms Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. 2019-09-21 4.0 CVE-2019-16679
MISC
MISC
MISC
googmonify_project -- googmonify The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. 2019-09-25 4.3 CVE-2015-9427
MISC
MISC
MISC
grafana -- grafana An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. 2019-09-23 4.0 CVE-2019-15635
MISC
MISC
hcltech -- appscan_source HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. 2019-09-25 5.8 CVE-2019-16188
CONFIRM
home-assistant -- home-assistant Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. 2019-09-23 5.0 CVE-2018-21019
MISC
MISC
hongcms_project -- hongcms HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) 2019-09-25 5.5 CVE-2019-16867
MISC
html-pdf_project -- html-pdf The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. 2019-09-20 5.0 CVE-2019-15138
MISC
hunspell_project -- hunspell Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. 2019-09-23 4.3 CVE-2019-16707
MISC
ibm -- mq IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. 2019-09-26 4.0 CVE-2019-4378
XF
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014. 2019-09-26 5.0 CVE-2019-4262
XF
CONFIRM
ibm -- security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. 2019-09-24 4.3 CVE-2019-4515
XF
CONFIRM
ibm -- security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. 2019-09-20 5.0 CVE-2019-4565
XF
CONFIRM
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. 2019-09-20 5.0 CVE-2019-4505
XF
CONFIRM
idreamsoft -- icms An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. 2019-09-21 5.8 CVE-2019-16677
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. 2019-09-23 4.3 CVE-2019-16708
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. 2019-09-23 4.3 CVE-2019-16709
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. 2019-09-23 4.3 CVE-2019-16710
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. 2019-09-23 4.3 CVE-2019-16711
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. 2019-09-23 4.3 CVE-2019-16712
MISC
imagemagick -- imagemagick ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. 2019-09-23 4.3 CVE-2019-16713
MISC
ipswitch -- moveit_transfer MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. 2019-09-24 6.4 CVE-2019-16383
CONFIRM
CONFIRM
CONFIRM
CONFIRM
irfanview -- irfanview In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. 2019-09-25 6.8 CVE-2019-16887
MISC
jenkins -- aqua_microscanner Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10427
MLIST
CONFIRM
jenkins -- aqua_security_scanner Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10428
MLIST
CONFIRM
jenkins -- azure_event_grid_notifier Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10421
MLIST
CONFIRM
jenkins -- call_remote_job Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10422
MLIST
CONFIRM
jenkins -- data_theorem_mobile_app_security Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10413
MLIST
CONFIRM
jenkins -- google_calendar Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10425
MLIST
CONFIRM
jenkins -- inedo_buildmaster Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10411
MLIST
CONFIRM
jenkins -- inedo_proget Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10412
MLIST
CONFIRM
jenkins -- inheritance-plugin Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. 2019-09-25 4.0 CVE-2019-10407
MLIST
CONFIRM
jenkins -- jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. 2019-09-25 4.0 CVE-2019-10405
MLIST
CONFIRM
jenkins -- kubernetes_pipeline Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. 2019-09-25 6.5 CVE-2019-10417
MLIST
CONFIRM
jenkins -- kubernetes_pipeline Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. 2019-09-25 6.5 CVE-2019-10418
MLIST
CONFIRM
jenkins -- project_inheritance A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. 2019-09-25 4.0 CVE-2019-10408
MLIST
CONFIRM
jenkins -- violation_comments_to_gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-25 4.0 CVE-2019-10415
MLIST
CONFIRM
jenkins -- violation_comments_to_gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10416
MLIST
CONFIRM
joomla -- joomla! In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. 2019-09-24 4.3 CVE-2019-16725
CONFIRM
joyplus_project -- joyplus joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. 2019-09-21 6.4 CVE-2019-16655
MISC
joyplus_project -- joyplus joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. 2019-09-21 6.8 CVE-2019-16660
MISC
kiwi-logo-carousel_project -- kiwi-logo-carousel The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. 2019-09-25 4.3 CVE-2015-9434
MISC
MISC
MISC
kkcms_project -- kkcms kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. 2019-09-23 6.8 CVE-2019-16706
MISC
libgcrypt20_project -- libgcrypt20 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. 2019-09-25 6.8 CVE-2019-13627
SUSE
MISC
MLIST
MISC
libming -- libming Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. 2019-09-23 6.4 CVE-2019-16705
MISC
linux -- linux_kernel In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. 2019-09-23 5.0 CVE-2019-16714
MLIST
MLIST
MISC
MISC
mediawiki -- mediawiki In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. 2019-09-25 5.0 CVE-2019-16738
MISC
microsoft -- forefront_endpoint_protection_2010 A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. 2019-09-23 5.0 CVE-2019-1255
MISC
momizat -- goodnews The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. 2019-09-20 4.3 CVE-2016-10999
MISC
monetize_project -- monetize The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. 2019-09-26 4.3 CVE-2015-9440
MISC
MISC
mtouch_quiz_project -- mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. 2019-09-20 4.3 CVE-2015-9386
MISC
MISC
mtouch_quiz_project -- mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. 2019-09-20 4.3 CVE-2015-9387
MISC
MISC
mtouch_quiz_project -- mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9388
MISC
MISC
netapp -- ontap_select_deploy_administration_utility ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. 2019-09-24 5.0 CVE-2019-5505
MISC
netgate -- pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. 2019-09-26 4.3 CVE-2019-16914
MISC
MISC
MISC
neuvoo -- neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. 2019-09-20 4.3 CVE-2015-9403
MISC
MISC
neuvoo -- neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. 2019-09-20 4.3 CVE-2015-9404
MISC
MISC
novnc -- novnc An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. 2019-09-25 4.3 CVE-2017-18635
MISC
MISC
MISC
MISC
nxp -- kinetis_k8x_firmware On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. 2019-09-24 4.6 CVE-2019-14239
MISC
MISC
ocimscripts -- ocim-mp3 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. 2019-09-20 4.3 CVE-2016-10998
MISC
olevmedia -- olevmedia_shortcodes The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. 2019-09-25 4.3 CVE-2015-9421
MISC
MISC
MISC
optinmonster -- optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. 2019-09-20 5.0 CVE-2016-10996
MISC
MISC
organizedthemes -- epic The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. 2019-09-20 5.0 CVE-2014-10396
MISC
ostenta -- yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. 2019-09-20 4.3 CVE-2015-9391
MISC
MISC
pac4j -- pac4j The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml. 2019-09-23 4.0 CVE-2019-10755
MISC
pagekit -- pagekit The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. 2019-09-21 5.0 CVE-2019-16669
MISC
para -- antioch The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. 2019-09-20 5.0 CVE-2014-10397
MISC
phpmywind -- phpmywind admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. 2019-09-23 4.3 CVE-2019-16703
MISC
pivotal_software -- pivotal_application_service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. 2019-09-20 6.5 CVE-2019-11280
CONFIRM
plugin-planet -- user_submitted_posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. 2019-09-20 4.3 CVE-2016-11001
MISC
MISC
plutinosoft -- platinum Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. 2019-09-26 5.0 CVE-2019-16903
MISC
MISC
pressified -- sendpress The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. 2019-09-26 6.5 CVE-2015-9448
MISC
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. 2019-09-20 4.3 CVE-2019-14911
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. 2019-09-20 5.8 CVE-2019-14912
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. 2019-09-20 4.3 CVE-2019-14915
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. 2019-09-20 5.0 CVE-2019-15085
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. 2019-09-20 4.3 CVE-2019-15086
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. 2019-09-20 6.5 CVE-2019-15087
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. 2019-09-20 6.8 CVE-2019-15089
MISC
MISC
prospecta -- master_data_online Prospecta Master Data Online (MDO) allows CSRF. 2019-09-20 4.3 CVE-2018-17789
MISC
qemu -- qemu In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. 2019-09-24 5.0 CVE-2019-12068
MISC
MLIST
MISC
MISC
qurl -- dynamic_widgets The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. 2019-09-25 4.3 CVE-2015-9437
MISC
MISC
MISC
radare -- radare2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. 2019-09-23 6.8 CVE-2019-16718
MISC
MISC
MISC
redhat -- tectonic CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. 2019-09-24 4.3 CVE-2018-9090
MISC
MISC
redlion -- crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. 2019-09-23 6.8 CVE-2019-10978
MISC
redlion -- crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. 2019-09-23 6.8 CVE-2019-10984
MISC
redlion -- crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. 2019-09-23 4.3 CVE-2019-10990
MISC
redlion -- crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. 2019-09-23 6.8 CVE-2019-10996
MISC
riot-os -- riot RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet. 2019-09-24 5.0 CVE-2019-16754
MISC
rockwellautomation -- arena_simulation_software In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. 2019-09-24 6.8 CVE-2019-13527
MISC
sahipro -- sahi_pro Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. 2019-09-23 5.0 CVE-2019-13063
MISC
EXPLOIT-DB
sick -- fx0-gent00000_firmware SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow 2019-09-24 5.0 CVE-2019-14753
MISC
CONFIRM
silverstripe -- silverstripe SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. 2019-09-25 4.3 CVE-2019-12205
MISC
MISC
CONFIRM
silverstripe -- silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. 2019-09-25 5.0 CVE-2019-12245
MISC
MISC
CONFIRM
silverstripe -- silverstripe In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. 2019-09-26 4.0 CVE-2019-12617
MISC
MISC
MISC
CONFIRM
silverstripe -- silverstripe In SilverStripe assets 4.0, there is broken access control on files. 2019-09-26 5.0 CVE-2019-14273
MISC
MISC
MISC
CONFIRM
slidervilla -- testimonial_slider The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. 2019-09-25 4.3 CVE-2015-9417
MISC
MISC
st -- stm32f4_firmware On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. 2019-09-24 4.6 CVE-2019-14238
MISC
MISC
string-interner_project -- string-interner An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. 2019-09-25 5.0 CVE-2019-16882
CONFIRM
supermicro -- a1sa2-2750f_firmware On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. 2019-09-20 5.0 CVE-2019-16649
MISC
MISC
MISC
suricata-ids -- suricata An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. 2019-09-24 6.4 CVE-2019-15699
MISC
MISC
suricata-ids -- suricata An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. 2019-09-24 6.4 CVE-2019-16410
MISC
MISC
thinksaas -- thinksaas An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. 2019-09-21 4.3 CVE-2019-16665
MISC
topcon -- net-g5_firmware An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. 2019-09-20 6.5 CVE-2019-11326
MISC
topcon -- net-g5_firmware An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. 2019-09-20 4.0 CVE-2019-11327
MISC
totaldefense -- anti-virus In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. 2019-09-24 4.6 CVE-2019-13355
MISC
MISC
totaldefense -- anti-virus In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. 2019-09-24 4.6 CVE-2019-13356
MISC
MISC
totaldefense -- anti-virus In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. 2019-09-24 4.6 CVE-2019-13357
MISC
MISC
trivetechnology -- wp-stats-dashboard The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. 2019-09-20 6.5 CVE-2015-9399
MISC
MISC
MISC
tuzicms -- tuzicms TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. 2019-09-21 4.3 CVE-2019-16657
MISC
tuzicms -- tuzicms TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. 2019-09-21 6.8 CVE-2019-16658
MISC
tuzicms -- tuzicms TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. 2019-09-21 6.8 CVE-2019-16659
MISC
typomedia -- wordpress_meta_robots The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. 2019-09-20 6.5 CVE-2015-9400
MISC
MISC
MISC
unitegallery -- unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. 2019-09-26 6.8 CVE-2015-9445
MISC
MISC
MISC
unitegallery -- unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. 2019-09-26 6.5 CVE-2015-9446
MISC
MISC
MISC
unitegallery -- unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. 2019-09-26 4.3 CVE-2015-9447
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. 2019-09-20 5.0 CVE-2016-11006
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. 2019-09-20 5.0 CVE-2016-11007
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. 2019-09-20 5.0 CVE-2016-11008
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. 2019-09-20 5.0 CVE-2016-11009
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. 2019-09-20 5.0 CVE-2016-11010
MISC
MISC
MISC
usabilitydynamics -- wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. 2019-09-20 4.0 CVE-2016-11011
MISC
MISC
MISC
usersultra -- users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. 2019-09-20 6.8 CVE-2015-9394
MISC
MISC
usersultra -- users_ultra_membership The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. 2019-09-20 6.5 CVE-2015-9395
MISC
MISC
MISC
usersultra -- users_ultra_membership The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. 2019-09-20 6.8 CVE-2015-9402
MISC
MISC
MISC
vmware -- fusion VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. 2019-09-20 5.5 CVE-2019-5521
MISC
CONFIRM
webmaster-source -- gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. 2019-09-20 6.5 CVE-2015-9398
MISC
MISC
MISC
wp-piwik_project -- wp-piwik The wp-piwik plugin before 1.0.5 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9405
MISC
MISC
MISC
wp_accurate_form_data_project -- wp_accurate_form_data The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. 2019-09-26 4.3 CVE-2015-9443
MISC
MISC
wplegalpages -- wp_legal_pages The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. 2019-09-25 4.3 CVE-2015-9428
MISC
MISC
MISC
wpsymposiumpro -- wp-symposium The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. 2019-09-25 4.3 CVE-2015-9414
MISC
MISC
wtcms_project -- wtcms WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. 2019-09-23 4.3 CVE-2019-16719
MISC
yourinspirationweb -- beauty-premium The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. 2019-09-20 4.3 CVE-2016-10997
MISC
EXPLOIT-DB
yzmcms -- yzmcms admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. 2019-09-21 4.3 CVE-2019-16678
MISC
zzzcms -- zzzphp ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. 2019-09-23 5.0 CVE-2019-16720
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
addthis -- addthis The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. 2019-09-25 3.5 CVE-2015-9439
MISC
MISC
MISC
blubrry -- powerpress_podcasting The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. 2019-09-25 3.5 CVE-2015-9410
MISC
MISC
digimute -- ogma_cms Ogma CMS 0.5 has XSS via creation of a new blog. 2019-09-21 3.5 CVE-2019-16661
MISC
display-widgets_project -- display-widgets The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. 2019-09-25 3.5 CVE-2015-9438
MISC
MISC
MISC
f5 -- big-ip_access_policy_manager On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. 2019-09-25 3.3 CVE-2019-6654
MISC
f5 -- big-iq_centralized_management There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles. 2019-09-25 3.5 CVE-2019-6653
MISC
halo -- halo Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. 2019-09-25 3.5 CVE-2019-16890
MISC
ibm -- content_navigator IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. 2019-09-25 3.5 CVE-2019-4571
XF
CONFIRM
ibm -- security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. 2019-09-24 2.1 CVE-2019-4566
XF
CONFIRM
jenkins -- assembla Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10420
MLIST
CONFIRM
jenkins -- codescan Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10423
MLIST
CONFIRM
jenkins -- eloyente Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10424
MLIST
CONFIRM
jenkins -- gem_publisher Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10426
MLIST
CONFIRM
jenkins -- git_changelog Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 3.5 CVE-2019-10414
MLIST
CONFIRM
jenkins -- gitlab_logo Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10429
MLIST
CONFIRM
jenkins -- jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). 2019-09-25 3.5 CVE-2019-10401
MLIST
CONFIRM
jenkins -- jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. 2019-09-25 3.5 CVE-2019-10402
MLIST
CONFIRM
jenkins -- jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. 2019-09-25 3.5 CVE-2019-10403
MLIST
CONFIRM
jenkins -- jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. 2019-09-25 3.5 CVE-2019-10404
MLIST
CONFIRM
jenkins -- jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. 2019-09-25 3.5 CVE-2019-10406
MLIST
CONFIRM
jenkins -- neuvector_vulnerability_scanner Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10430
MLIST
CONFIRM
jenkins -- vfabric_application_director Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10419
MLIST
CONFIRM
manual_image_crop_project -- manual_image_crop The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. 2019-09-25 3.5 CVE-2015-9426
MISC
MISC
MISC
mtouch_quiz_project -- mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. 2019-09-20 3.5 CVE-2015-9389
MISC
MISC
phpmywind -- phpmywind admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. 2019-09-23 3.5 CVE-2019-16704
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. 2019-09-20 3.5 CVE-2019-14913
MISC
MISC
qurl -- dynamic_widgets The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. 2019-09-25 3.5 CVE-2015-9436
MISC
MISC
MISC
silverstripe -- silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. 2019-09-25 3.7 CVE-2019-12203
MISC
MISC
CONFIRM
silverstripe -- silverstripe In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. 2019-09-26 3.5 CVE-2019-14272
MISC
MISC
MISC
CONFIRM
solaplugins -- sola_support_tickets The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. 2019-09-20 3.5 CVE-2016-11012
MISC
MISC
teampass -- teampass TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.) 2019-09-26 3.5 CVE-2019-16904
MISC
thinksaas -- thinksaas An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. 2019-09-21 3.5 CVE-2019-16664
MISC
traveloka -- traveloka The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. 2019-09-21 2.6 CVE-2019-16681
MISC
MISC
tridium -- niagara4 A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). 2019-09-24 2.1 CVE-2019-13528
MISC
usersultra -- users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. 2019-09-20 3.5 CVE-2015-9392
MISC
MISC
MISC
usersultra -- users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. 2019-09-20 3.5 CVE-2015-9393
MISC
MISC
vandyvape -- swell_kit_mod_firmware An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values. 2019-09-23 3.3 CVE-2019-16518
MISC
webmaster-source -- gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. 2019-09-20 3.5 CVE-2015-9397
MISC
MISC
MISC
websimon-tables_project -- websimon-tables The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. 2019-09-20 3.5 CVE-2015-9401
MISC
MISC
MISC
zrlog -- zrlog An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. 2019-09-20 3.5 CVE-2019-16643
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8074
CONFIRM
adobe -- coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8072
CONFIRM
adobe -- coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8073
CONFIRM
adobe -- flash_player Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8075
CONFIRM
apache -- http_server In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. 2019-09-26 not yet calculated CVE-2019-10097
MISC
arm -- mbed_tls_and_mbed_crypto Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) 2019-09-26 not yet calculated CVE-2019-16910
MISC
bmc_software -- myit_digital_workplace_dwp A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI. 2019-09-26 not yet calculated CVE-2019-16755
CONFIRM
cisco -- 4000_series_service_routers A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails. 2019-09-25 not yet calculated CVE-2019-12664
CISCO
cisco -- asr_9000_series_aggregation_services_routers A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise. 2019-09-25 not yet calculated CVE-2019-12709
CISCO
cisco -- catalyst_4000_series_switches A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. 2019-09-25 not yet calculated CVE-2019-12652
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12647
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. 2019-09-25 not yet calculated CVE-2019-12654
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. 2019-09-25 not yet calculated CVE-2019-12668
CISCO
cisco -- ios_software A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. 2019-09-25 not yet calculated CVE-2019-12648
CISCO
cisco -- ios_xe_software A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2019-09-25 not yet calculated CVE-2019-12669
CISCO
cisco -- ios_xe_software A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload. 2019-09-25 not yet calculated CVE-2019-12655
CISCO
cisco -- ios_xe_software A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12657
CISCO
cisco -- ios_xe_software A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. 2019-09-25 not yet calculated CVE-2019-12663
CISCO
cisco -- ios_xe_software A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. 2019-09-25 not yet calculated CVE-2019-12653
CISCO
cisco -- ios_xe_software A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. 2019-09-25 not yet calculated CVE-2019-12666
CISCO
cisco -- ios_xe_software A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. 2019-09-25 not yet calculated CVE-2019-12659
CISCO
cisco -- ios_xe_software A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. 2019-09-25 not yet calculated CVE-2019-12660
CISCO
cisco -- ios_xe_software A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. 2019-09-25 not yet calculated CVE-2019-12658
CISCO
cisco -- ios_xe_software Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-09-25 not yet calculated CVE-2019-12651
CISCO
cisco -- ios_xe_software A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. 2019-09-25 not yet calculated CVE-2019-12661
CISCO
cisco -- ios_xe_software A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. 2019-09-25 not yet calculated CVE-2019-12649
CISCO
cisco -- ios_xe_software Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-09-25 not yet calculated CVE-2019-12650
CISCO
cisco -- ios_xe_software A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. 2019-09-25 not yet calculated CVE-2019-12667
CISCO
cisco -- ios_xe_software A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12646
CISCO
cisco -- ios_xe_software A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. 2019-09-25 not yet calculated CVE-2019-12671
CISCO
cisco -- ios_xe_software A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. 2019-09-25 not yet calculated CVE-2019-12672
CISCO
cisco -- ios_xe_software A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. 2019-09-25 not yet calculated CVE-2019-12670
CISCO
cisco -- multiple_cisco_platforms A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. 2019-09-25 not yet calculated CVE-2019-12656
CISCO
cisco -- nx-os_software A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-09-25 not yet calculated CVE-2019-12717
CISCO
cisco -- nx-os_software_and_ios_xe_software A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. 2019-09-25 not yet calculated CVE-2019-12662
CISCO
ckeditor -- ckfinder An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. 2019-09-26 not yet calculated CVE-2019-15891
MISC
ckeditor -- ckfinder An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. 2019-09-26 not yet calculated CVE-2019-15862
MISC
cloud_foundry -- uaa CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. 2019-09-26 not yet calculated CVE-2019-11278
CONFIRM
cloud_foundry -- uaa CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. 2019-09-26 not yet calculated CVE-2019-11279
CONFIRM
corsair -- link The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. 2019-09-27 not yet calculated CVE-2018-19592
MISC
MISC
d-link -- multiple_products Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. 2019-09-27 not yet calculated CVE-2019-16920
MISC
dell -- update_package_and_emc_servers An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. 2019-09-24 not yet calculated CVE-2019-3726
CONFIRM
dnn_software -- dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. 2019-09-26 not yet calculated CVE-2019-12562
MISC
f5 -- big-ip_and_enterprise_manager F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. 2019-09-20 not yet calculated CVE-2019-6649
CONFIRM
f5 -- big-ip_apm_edge_client BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. 2019-09-25 not yet calculated CVE-2019-6656
MISC
gigastone -- smart_battery_a2-25de An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. 2019-09-25 not yet calculated CVE-2019-15067
CONFIRM
CONFIRM
glpi_project -- glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. 2019-09-25 not yet calculated CVE-2019-14666
MISC
MISC
gnome -- file-roller An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. 2019-09-21 not yet calculated CVE-2019-16680
MISC
MISC
MISC
UBUNTU
honeywell -- performance_ip_cameras_and_performance_nvrs In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. 2019-09-26 not yet calculated CVE-2019-13523
MISC
ibm -- mq IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. 2019-09-27 not yet calculated CVE-2019-4141
XF
CONFIRM
jenkins -- jenkins A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. 2019-09-25 not yet calculated CVE-2019-10409
MLIST
CONFIRM
jenkins -- jenkins Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. 2019-09-25 not yet calculated CVE-2019-10410
MLIST
CONFIRM
kkcms_project -- kkcms kkcms 1.3 has jx.php?url= XSS. 2019-09-27 not yet calculated CVE-2019-16923
MISC
lemonldap-ng -- lemonldap-ng OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. 2019-09-25 not yet calculated CVE-2019-15941
MISC
MISC
BUGTRAQ
DEBIAN
lenovo -- system_update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. 2019-09-26 not yet calculated CVE-2019-6175
MISC
lenovo -- thinkagile_cloud_platform-storage_block_bmc An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. 2019-09-26 not yet calculated CVE-2019-6161
MISC
libreoffice -- libreoffice LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. 2019-09-27 not yet calculated CVE-2019-9853
CONFIRM
linux -- linux_kernel In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. 2019-09-27 not yet calculated CVE-2019-16921
MISC
MISC
mit_kerberos -- krb5 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. 2019-09-26 not yet calculated CVE-2019-14844
CONFIRM
MISC
netgate -- pfsense diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. 2019-09-26 not yet calculated CVE-2019-16667
MISC
netgate -- pfsense An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. 2019-09-26 not yet calculated CVE-2019-16915
MISC
MISC
MISC
netskope -- netskope_client_service The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. 2019-09-26 not yet calculated CVE-2019-12091
MISC
CONFIRM
CONFIRM
netskope -- netskope_client_service The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. 2019-09-26 not yet calculated CVE-2019-10882
MISC
CONFIRM
CONFIRM
netty -- netty Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. 2019-09-26 not yet calculated CVE-2019-16869
MISC
MISC
phpbb -- phpbb phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS 2019-09-27 not yet calculated CVE-2019-13376
MISC
MISC
prise -- adas An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload. 2019-09-20 not yet calculated CVE-2019-14916
MISC
MISC
rubyzip_gem_for_ruby_on_rails -- rubyzip_gem_for_ruby_on_rails In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). 2019-09-25 not yet calculated CVE-2019-16892
MISC
runc -- runc runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. 2019-09-25 not yet calculated CVE-2019-16884
MISC
salesagility -- suitecrm SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. 2019-09-27 not yet calculated CVE-2019-16922
MISC
samsung -- samsungtts_for_android The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. 2019-09-25 not yet calculated CVE-2019-16253
MISC
silverstripe -- silverstripe In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) 2019-09-26 not yet calculated CVE-2019-16409
MISC
MISC
CONFIRM
ubiquiti -- edgemax_devices Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. 2019-09-25 not yet calculated CVE-2019-16889
MISC
MISC
MISC
wordpress -- wordpress The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. 2019-09-25 not yet calculated CVE-2015-9433
MISC
MISC
MISC
wordpress -- wordpress The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. 2019-09-25 not yet calculated CVE-2015-9429
MISC
MISC
MISC
wordpress -- wordpress The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. 2019-09-25 not yet calculated CVE-2015-9423
MISC
MISC
MISC
wordpress -- wordpress The Postmatic plugin before 1.4.6 for WordPress has XSS. 2019-09-25 not yet calculated CVE-2015-9411
MISC
MISC
wordpress -- wordpress The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. 2019-09-25 not yet calculated CVE-2015-9416
MISC
MISC
wordpress -- wordpress The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. 2019-09-25 not yet calculated CVE-2015-9418
MISC
MISC
MISC
wordpress -- wordpress The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. 2019-09-25 not yet calculated CVE-2015-9422
MISC
MISC
MISC
wordpress -- wordpress Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. 2019-09-20 not yet calculated CVE-2015-9406
MISC
MISC
wordpress -- wordpress The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. 2019-09-25 not yet calculated CVE-2015-9432
MISC
MISC
MISC
wordpress -- wordpress The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. 2019-09-25 not yet calculated CVE-2015-9435
MISC
MISC
wordpress -- wordpress The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. 2019-09-26 not yet calculated CVE-2019-16524
MISC
CONFIRM
MISC
wordpress -- wordpress In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. 2019-09-27 not yet calculated CVE-2019-16902
MISC
MISC
wordpress -- wordpress The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. 2019-09-20 not yet calculated CVE-2015-9390
MISC
MISC
wordpress -- wordpress The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. 2019-09-25 not yet calculated CVE-2015-9431
MISC
MISC
MISC
wordpress -- wordpress The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. 2019-09-25 not yet calculated CVE-2015-9420
MISC
MISC
MISC
wordpress --  wordpress The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. 2019-09-25 not yet calculated CVE-2015-9412
MISC
MISC
yzmcms -- yzmcms An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. 2019-09-26 not yet calculated CVE-2019-16532
MISC
EXPLOIT-DB
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.



from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-273

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"